The world of cryptocurrencies or digital currencies is growing rapidly as digitisation continues to disrupt the financial services industry.
Mining these cryptocurrencies usually requires expensive computers, servers and other equipment. It is important for people to note many insurers do not insure this equipment due to the unregulated nature of crypto mining.
Old Mutual Insure has opted out of insuring computer equipment used for cryptocurrency mining due to the unregulated nature of the industry, which is often associated with cybercrime, and its penchant for using modified electronic infrastructure that operates on a 24/7 basis, making it highly prone to overheating and other malfunctions.
The insurer has begun advising its branches not to insure any businesses involved in cryptocurrency mining following extensive industry research as well as an in-depth review of claims from clients that have already incurred losses to equipment used for cryptocurrency mining.
Cryptocurrencies are a form of digital asset designed to work as a medium of exchange, which use cryptography to secure financial transactions and control the creation of additional cryptocurrency units created in the “mining” process. Old Mutual estimates that there are at least 1 565 cryptocurrencies being used globally with Bitcoin being the most popular and a host of others such as Ethereum, Litecoin, Ripple, Dash and Monero vying for attention from speculative investors.
"We have chosen not to provide cover for this type of risk as it is quite tricky to conduct a proper risk analysis of an unregulated fledgling industry that is already on the radar of financial authorities due to the unfortunate association with money laundering and cybercrime. It is also a highly volatile industry that attracts a lot of speculators so there is no proper risk rating structure in the local market for this type of risk," said Old Mutual’s Insurance Expert Christelle Colman.
Colman added, "Even doing a comprehensive inventory of the insured equipment is difficult because the value of the highly modified computer equipment is typically inflated and almost impossible to verify as it is usually imported from obscure suppliers in the Far East".
Cryptocurrency mining operations are typically constructed of heftier application specific integrated circuit (ASIC) devices that are not only expensive but can overload the CPU (computer central processing) or GPU (graphic processing units) as they are usually run at 100 percent capacity.
There is also the added complication that cryptocurrency mining is often associated with highly speculative trading activities, meaning the businesses involved can be prone to going bust.
"Old Mutual is currently conducting a comprehensive risk analysis of all clients involved in computer heavy business activities as well as third party service providers such as software developers and web designers to ensure that they are not involved in cryptocurrency mining," concluded Colman.
RETIREMENT FUNDS 'EXTREMELY VULNERABLE'
The chief executive for corporate sales and marketing at Sanlam, Viresh Maharaj, warns that retirement funds are extremely vulnerable to cyber crime and that if funds do not take significant measures to boost protection, an attack on a major retirement fund within the next five to 10 years is almost inevitable.
At a media presentation ahead of the launch of Sanlam’s annual Benchmark Survey of retirement funds, Maharaj quoted David Gluckman, the head of research at Sanlam Employee Benefits, who predicted the likelihood of such an attack in which a fund could have the bulk or even all of its investments wiped out.
But there is confusion around who should be responsible for the protection of assets from a cyber attack. Should it be the trustees of a fund or its administrators?
The Pension Funds Act is clear on where responsibility ultimately lies. The Act says it is the fiduciary duty of the trustees of a fund to exercise their powers to the benefit of the fund and in such a manner as to always act in the best interest of the fund and its members. They must:
• Ensure that the fund employs proper control systems;
• Obtain expert advice on matters where they lack sufficient expertise; and
• Ensure that the rules, operation and administration of the fund comply with the relevant legislation.
Maharaj says collective action is needed in the industry, with all stakeholders, from trustees and administrators to consultants and advisers, playing a role in protecting members. He says awareness among trustees and consultants is extremely low, with cybersecurity far down on their priorities.
Signs that an email may be a scam include:
• The sender’s display name and email address don’t match;
• The domain of the sender isn’t the same as the brand;
• It invites you to click on links to documents you weren’t expecting - for example, a SARS tax rebate or an invoice from an online retailer;
• Any email asking for a change of banking details should be treated with extreme caution.