As cryptocurrencies continue to become more popular and accepted in the mainstream business climate, the framework which supports and services these assets continues to grow. The total market capitalization of crypto assets has reached $270 billion, and ICO launches are becoming more and more frequent. This expanding framework combined with crypto price volatility has led to a significant increase in risk and the need for devoted risk management solutions for Bitcoin and other crypto businesses.
The Unique Risks Crypto Businesses Face
Even though crypto businesses share a fair amount of risk with more traditional technology businesses, their reliance on unique technology and nascent legal regulation makes risk management a more complicated and quickly-evolving issue.
Security Risks and Crime: The largest crypto exchanges are home to vast quantities of digital currency and represent a very tempting target for cybercriminals. Top exchanges lost over $1 billion to theft in the past year, compared to $266 million lost in 2017. These losses are affecting the entire industry, decreasing overall trust and emerging as a serious obstacle for the mainstream acceptance of crypto.
Class Action Lawsuits: Class action lawsuits against ICOs have reached a new high and are rapidly increasing in both frequency and severity. Allegations of fraud and misrepresentation mainly stem from discrepancies in what was represented in White Papers during the product offerings and the actual state of product development at the time of the lawsuit.
Increased Oversight and Legislative Pressures: The rapid growth of the crypto industry has been greatly boosted by the lack of government regulation, however questions about the level of oversight and internal control are coming to the forefront. The Securities and Exchange Commission (SEC) is increasingly monitoring and regulating ICOs and digital currency trading, and FINRA’s 2018 Regulatory and Examination Priorities Letter highlights ICOs and cryptocurrencies among several practice risks they will focus on.
While the ICO coins or tokens aren’t strictly classified as securities, they may entitle owners to certain advantages connected to the issuer’s venture such as rights to profits, shares of assets, or access to exclusive services in addition to the coins being listed on crypto exchanges. Due to these considerations, there’s considerable apprehension regarding how to precisely classify ICOs and other crypto assets and their potential use for money-laundering and terrorism mean that the legal picture remains murky and a swift resolution to these issues appears to be unlikely.
With these risks in mind, insurance carriers have been slowly expanding their offers to provide specialized coverage for crypto exposures. However, this increase has been too slow to properly respond to the quickly emerging needs of the industry, and demand still far outpaces supply. Today, the price of crypto coverage remains steep and policy terms and conditions are often overly restrictive. One additional factor that complicates matters for crypto businesses is the hesitancy of compliance experts to work within the industry.
Picking the Right Insurer
In light of these challenges, partnering with the right insurer is key to establishing an adequate risk management program. Since the insurance market for cryptocurrency coverage is limited and relatively underdeveloped still, it’s important to work with an insurer that understands the underlying technology as well as all specific crypto-related risks.
When considering potential insurers, premiums shouldn’t be the deciding factor, however, insurers that have a deeper understanding of the industry are more likely to offer reasonable pricing for more complete coverage.
Insurance Needs for Crypto Businesses
Let’s cover the most important insurance policies that crypto businesses should have in order to protect themselves from the wide variety of risks they’re facing. Obviously, if you have an office and employees, then you are going to need more standard policies such as general liability, workers’ compensation, and EPLI to provide coverage for the more traditional risks that come with running any type of business.
However, for the more specific risks related to running a cryptocurrency operation, these are the coverages that you are going to have to pay special attention to if:
Cybersecurity/Technology E&O: In the crypto industry, large asset disappearances, extortion and ransomware demands, and botnet attacks are a daily reality. Similar to the effect of cyberattacks in other industries, cybercriminals are relying on human error and the vulnerability of the servicing and storage functions to bypass the inherent security provided by cryptocurrencies. This is why having both cyber and technology E&O insurance coverage is absolutely necessary for crypto and blockchain startups.
A proper cyber insurance policy is required to protect the business from losses related to these attacks and security breaches. The right cyber policy should offer both first-party and third-party coverage. First-party coverage protects from the losses that the insured suffers as a result of a cyberattack or data breach and third-party coverage would respond if you are being held liable for the financial losses of a client or separate entity. Proper third-party coverage would cover the costs of notifying the victims, defense costs, and class action lawsuits, pay for computer forensics experts, and serve to cover the insurance policies of those affected.
Additionally, disputes with clients, delays, or contract breach allegations are a distinct possibility in the quickly evolving industry of crypto. Technology errors & omissions insurance would respond to provide indemnity for losses you are legally liable for in cases where your technology suffers a failure.
Commercial Crime Insurance: Cryptocurrencies, like any more conventional assets, can be at risk from hackers, insider theft, and fraudulent transfers. However, given the nature of crypto, most conventional crime policies won’t respond to cover these losses, or may not cover loss up to the market value of the crypto assets, since these policies were designed to cover losses of assets that don’t have wild value swings, ie: money, precious metals, and securities.
Furthermore, a common misconception is that a cyber liability insurance policy would respond if assets are stolen as a result of a cyberattack. The reality is that most cyber policies exclude coverage for the loss or transfer of funds. As such, a stand-alone cyber policy would be insufficient to protect the actual value of your cryptocurrency and investing in a good crime policy is encouraged.
Additionally, crime coverage is crucial for companies that custody crypto, as cold storage coverage would respond to protect them from financial losses that they could incur from dealing with theft or loss of cold-stored crypto assets.
Directors & Officers Insurance: A Directors & Officers insurance policy is designed to protect the directors and officers, as well as the company, from claims arising from their professional service. Historically, securing the right D&O coverage has been a serious challenge for crypto businesses.
In the current environment, insurers are concerned that an ICO may be scrutinized by disgruntled coin purchasers or regulators as an unregistered offering of securities, which may expose the issuing company to federal, state, or foreign securities law liability. In cases of a regulatory investigation, the D&O policy would respond, helping you navigate litigation, covering all defense costs and settlements.