With the frequent occurrence of cyber-attacks, having insurance coverage against these attacks has become increasingly crucial, and many insurance companies have started to provide cybersecurity insurance services.
Like cryptocurrencies, NFTs which are digital assets with a specific value, are based on blockchain technology and stored in the blockchain. The blockchain is a database containing records that, once added, are almost impossible to change and is a digital ledger where any information can be recorded and accessible by anyone.
With the purchase of NFTs for millions of dollars, the popularity of NFTs, and the increasing number of counterfeit NFTs, cybersecurity breaches and the need to ensure NFTs have become hot topics in this sector.
As a result of the purchase of NFTs for millions of dollars and the increase in popularity of NFTs and the number of counterfeit NFTs; cybersecurity breaches and the need to insure NFTs have become hot topics in this sector.
Cyber insurance is a type of insurance protecting against various potential threats in the digital world, such as data breaches and damaging cyber-attacks on computer systems. In this sense, NFT insurance can be categorized as cyber insurance. Under Turkish legislation, the legal status of NFTs has not been determined yet, and it is debatable whether they can be insured as movable property. Nevertheless, although there is no legal obstacle to insure NFTs, it is evident that public intervention is required to determine the legal status of NFTs and how they will be protected within the scope of cyber insurance.
It is mentioned that one out of every three people in Turkey has faced cyber-attacks, and the rate of those affected by malware has increased to 38.5% in the last 9 months. In Turkey, which is reported to be one of the countries with the highest increase in cyber-attacks, the insurance industry offers new products regarding cyber-attacks under the names of identity protection insurance, digital protection insurance, or personal and commercial cyber security insurance to cover the losses incurred due to attacks targeting digital platforms.
Although the need for insurance coverage has increased with the increasing number of cyber-attacks, due to both the diversity of cyber-attacks and the uncertainty of the risk that will arise as a result of the cyber-attack, developments in this sector have remained slow and insurance policies that cover the risks related to cyber-attacks have not been preferred to be subject to reinsurance transactions. Such that, as is practiced globally, Türk Reasürans A.Ş. and Milli Reasürans A.Ş. excluded cyber threats from insurance coverage for almost all branches due to the introduction of remote working into our lives and the start of social life online, especially during the pandemic period which increased the cyber risks considerably.
Following the creation of the first example in 2014, it is seen that cyber-attacks against NFTs have also increased intending to profit from NFTs, created by Mike Winkelmann in 2021 and sold for $69.3 million, through fraud and money laundering. Indeed, in February 2022, one of the most recent attacks on OpenSea, an NFT trading platform, resulted in the theft of $1.7 million, and during the period of July 2021 - July 2022, NFTs worth at least $100 million were reported to have been stolen.
With attacks on NFTs on the rise, the need for insurance policies and regulation in the cybersecurity sector is also increasing. As with all digital assets, NFTs, which can represent both physical and digital assets, including artworks, real estate, music, and videos, involve risks such as theft and the creation of counterfeit digital assets and should therefore be insured. Indeed, as well as the theft of NFTs, there has been an increase in replicas and counterfeit digital assets that appear genuine; therefore, insurance coverage is needed to combat such counterfeit NFTs.
Once an NFT is created, it contains general and private keys. The general key provides access to the blockchain ledger, while the private key indicates ownership. If the private key is lost, insurance will be able to pay for the loss. It is proposed that NFTs can be insured in two different ways: against crime and loss. "Insurance against crime" provides coverage against crimes such as theft and fraudulent activities, whereas "insurance against loss" protects against damage caused by interference with the blockchain.
Although it does not bring any regulation on cyber insurance, a National Cyber Security Strategy and Action Plan was created for the measures to be taken in the field of cyber security and to be implemented between 2020 and 2023. Again, Article 33/A of the Insurance Law No. 5684 introduced in 2021 stipulates that (i) Special Risks Management Center is established to provide coverage for risks for which insurance coverage is not available or for which it is challenging to provide insurance coverage, and (ii) the risks to be managed within the scope of the Special Risks Management Center will be determined by the Ministry of Treasury and Finance upon the proposal of the Insurance and Private Pension Regulation and Supervision Agency. Considering the purpose of this regulation, it is stated that the Special Risks Management Center may also work on insurance coverage for cyber risks. New insurance initiatives are also being worked on to provide coverage in such areas with a coverage gap.
Although insurers and insurtech provide coverage for some digital assets in also developed countries, these products have only been launched for fungible tokens such as cryptocurrencies, not for NFTs. Most of the extensive cryptocurrency policies today are backed by several Lloyd's of London syndicates rather than a single insurer since insurers are hesitant to insure digital assets due to the difficulty of fully understanding and pricing risk. For example, BitGo, a cryptocurrency wallet, and CoinCover, an insurtech founded in 2018, offer insurance with various security features with the support of Lloyd's of London to insure cryptocurrencies against theft and attacks. Again, solutions outside the insurance industry are being offered to protect NFTs. Examples of companies in this area include Nexus Mutual, Cover Protocol, Insured Finance, and Tidal Finance. These companies provide protection for smart contracts used to trade NFTs. Most recently, last March, IMA Financial announced an investment in an R&D study on risk coverage for NFTs. Also, in Japan, the NFT platform HARTI and the insurance group Mitsui Sumitomo provide NFT insurance for all digital artifacts displayed on the HARTI application. However, while it is clear that all these developments are necessary steps toward eliminating the deficiency in NFT insurance, there is currently no public regulation in this area yet.
Insurance companies are hesitant to provide insurance coverage for new-generation insurance types such as cyber security and NFT insurance due to the uncertainty of the risk posed by cyber-attacks and the diversity of cyber-attacks as in NFTs. Considering that cyber-attacks are a reality of today and their importance will increase, and the need for cyber security insurance will increase in parallel with this, in order to adapt to the new types of insurance emerging with the development of technology and to keep up with the developments in the world; for cyber security and NFT insurance, it is necessary to eliminate the uncertainty, draw a general framework, determine the scope of the said insurance, and introduce public intervention and legal regulation to encourage insurance companies.