Blockchain, or distributed ledger technology (“DLT”), is already proving to be a game-changer for businesses globally and across sectors. But is it secure? And can insurance help protect against risks and, thus, help advance the development of this technology?
Security of Blockchain?
Because changes to a blockchain are displayed in real time and no central user controls the record, blockchain is said to be much less susceptible to hacking than a traditional database. However, given the value and potential of high-profile transactions that may take place using blockchain technology, hackers will have incentive to invent new ways to infiltrate and use the technology for malicious purposes.
Thus, blockchain technology, like the Internet before it, will likely lead to unforeseen risks and exposures, particularly if the amount of commerce conducted using DLT continues to increase. Examples already exist. In 2013, for instance, Mt. Gox, a Bitcoin exchange handling 70 percent of all Bitcoin transactions at the time, suffered a technical glitch resulting in Bitcoin’s temporarily shedding a quarter of its value. In 2015, Interpol identified an opening in blockchain used for cryptocurrencies that hackers could exploit to transfer malware to computers. In addition, blockchain is only as secure as its entry points. If the access systems used for blockchain are vulnerable to attack, the security of DLT may be undermined. In sum, blockchain is not risk-free and may not be hacker-proof.
Insuring the Blockchain
Because blockchain technology is not risk-free, companies should consider how insurance, especially cyber insurance policies, will respond to risks arising out of the use of blockchain technology. For instance, one insurer’s cyber insurance policy form insures against disclosure of personally identifying information that results from unauthorized access into a system owned by either (1) an insured, or (2) “an organization that is authorized by an Insured through a written agreement to process, hold or store Records for an Insured.” Because blockchain is peer-to-peer, the insurer may argue it is not owned by any insured or any other “organization.” Thus, a policyholder experiencing losses due to the disclosure of personally identifying information arising out of the use of blockchain technology may face a coverage dispute with its insurer.
Another cyber insurance policy form protects against the “failure or violation of the security of a Computer System,” and defines “Computer System” to include “cloud computing” and “other hosted resources operated by a third-party service provider.” Would the insurer consider blockchain technology to fall within this definition? These provisions lack clarity, particularly because blockchains are peer-to-peer networks not operated by a central administrator. Policyholders using DLT should review their policies carefully, including those for accessing unsecure websites, self-inflicted losses, terrorism and others, to ensure they will respond as expected.
Finally, policyholders should consider the applicability of their traditional insurance policies for blockchain-related risks. Will technology professional liability policies, commercial crime policies and specialty coverage forms cover claims involving blockchain or DLT? Policyholders are well-advised to give close scrutiny to cyber, computer or technology, and data-related exclusions.
The complexity of the technology, the lack of understanding of how it works, and the scarcity of data about its use may impede the development of the market for insurance covering operations or transactions involving blockchain. Nonetheless, as insurers increasingly follow developments in blockchain and related technologies and improve their own understanding and analysis of blockchain’s risks, they will offer new policies covering such risks. In the meantime, policyholders looking to use DLT should consider consulting experienced coverage counsel and carefully reviewing policy forms to ensure that the policies they buy provide the insurance protection they need, and expect, for this game-changing technology.