The digital revolution has given us a broader conception of an individual, to which we can now associate all of their virtual activity and the traces they leave on the Net. This comes with a broad range of new risks. To regain control of our digital existence, why not insure it as we would our health or our home?
Will the distinction between our “real” life and our digital existence still have any meaning in the future? With the hyper-digitisation of society and the multiplication of the amount of data, our virtual activity – from social networks to online purchases or administrative formalities — increasingly appears as an extension of our physical identity in real life (IRL). If proof were needed, personal data (i.e. any information related to a physical person likely to be directly or indirectly identified), put online throughout our life, will survive us, and sometimes even precede us. “ Today, according to a study conducted by the Gece polling institute, 30% of babies already have an online footprint before they are born, by means of an ultrasound scan or the declaration of pregnancy on social media. At the same time, the time we spend on our smartphones is increasing constantly: according to a study carried out by Hootsuite, in 2019, the world average was 3 hours 14 minutes per day, up from 3 hours 6 minutes in 2018.
We don’t always think about it when we post on Instagram, but life online is often beyond our control and leaves us vulnerable. In 2016, according to the Breach Level Index (BLI) annual report, published by Gemalto, 1.4 billion identities have been stolen: names or usernames, IP addresses, even passwords... This can have major consequences such as identity theft, fraud or even cyber-harassment. The threat exceeds by far what we intentionally share or not on the social networks, and is all the more worrying as the sensitive data is destined to be digitised. In the years to come, it is not impossible that our ID papers are used in a 100% digital form: in France, two pilot regions are already testing a dematerialised version of the Vitale social security card.
An increase of cyber-risks
The risk is now global and generalised, and concerns individuals as much as it does companies. For Laurent Heslault, Symantec director of security strategies, “we must become cyber-resilient. The question is not if we will be attacked, but rather when.” The figures in Symantec’s latest annual report in 2019 indicate that there will be an obvious increase in cyber-crime: +33% of mobile ransoms, +25% of groups of hackers using malware (short for malicious software), +78% of attacks targeting logistics chains … Connected objects are particularly affected: in 2018, over 70 million files were stolen or divulged.
Hacking techniques, meanwhile, are constantly becoming more sophisticated, from cryptojacking (a malicious software using a computer or mobile resources to mine crypto-currencies) to “false applications” (like “Setup for Amazon Alexa”, which stole data from unsuspecting users), or pirating a supply chain, which consists in cyber-criminals directly attacking software production companies, such as recently the CCleaner cleaning tool.
Will we all be cyber-insured tomorrow?
All of these risks feed into a very real feeling of concern: Acsel’s latest barometer of French people’s trust in anything digital, which dates from early 2020, indicates that only 40% of French people trust anything digital. To help them regain control of their digital existence, certain insurers are already dreaming up cyber-insurance offers adapted to the new situation. These policies, which emerged in the banking sector in the 1990s and spread throughout the corporate world, are now beginning to attract private individuals, keen to ward off the unknowns of their digital existence. In France, 67% of companies declare that they were subjected to at least one cyber-attack in 2019, costing an average of €100,000, according to the Hiscox report on managing cyber-risks.
According to a study published in March by Optimind, the French market for cyber insurance for private individuals is booming, with around ten companies offering contracts that include guarantees protecting against the effect on one’s e-reputation, identity theft and the delivery of purchases made online. For several years now, BNP Paribas Cardif has been offering private individuals legal protection against identity theft and in favour of protecting means of payment. In this offer launched in various European countries (e.g. Germany and Austria), the insurer also provides assistance to observe and understand the attack in order to stop it more easily, and ultimately compensation for the damage suffered.
Completing the legal arsenal
In the future, this type of offer could provide a complementary legal response protecting Internet surfers from this type of attack. In France, the law — reinforced by the GDPR (General Regulation on Data Protection) which came into effect in 2018 and insists on the importance of the Internet user’s “free, specific, enlightened and unequivocal consent” — ensures that private individuals enjoy a certain level of protection, since they can now file a complaint with the CNIL, France’s National Commission for IT and Freedoms, if their personal data are violated, and with the police in the case of a cyber-attack. Nonetheless, these systems are limited: “The CNIL is overwhelmed with complaints, and has relatively limited means. If the GDPR and the CNIL do not become more efficient, we will perhaps reach a point when people take out individual policies for risks on the Internet,” says lawyer Lionel Maurel, a member of the Quadrature du Net, a French NGO which defends the rights of Internet users.
Meanwhile, despite this legal arsenal, the relationship between Internet users and the big platforms (GAFA) that collect their data remains mostly asymmetrical, and the processing of their data often opaque, Lionel Maurel points out. To find a better balance in this relationship, the lawyer defends setting up a “social protection” of personal data. Inspired by certain mechanisms of labour law, and notably union law, he is thinking of “a collective organisation, which would act as the intermediary with more powerful players through negotiations, and not merely legal initiatives.”
Others would like to see a law on the property of personal data opening the way to monetisation. For the liberal think tank Génération Libre, “It is by introducing a price system, a subtle balance between market and regulation, that we will be able to protect Internet users’ confidentiality, while promoting competition in a real market.” A controversial application, launched in early 2020, called TaData, suggests paying 15-25 year olds for their personal data. It allows its “data killers” to choose the personal information they want to entrust it with, and promises to work only with virtuous announcers. This example echoes all the questions we have dealt with here and calls for others, such as: Why not submit your data to help research or innovation advance?
Is your digital life really secure? Data loss, identity theft, fraudulent use of personal data, scams, defamation… there are many possible invasions of customer privacy.What is the role of insurance in this context? How can we prevent a risk this polymorphic, iterative, unpredictable and potentially massive?People often become helpless in these situations, and do not know what to do or who to call.To protect people, including the most vulnerable among us (children, seniors), the BNP Paribas Cardif offer provides Legal and IT assistance and prevention services but above all reimburses the inherent costs if necessary.
The goal is to provide day-to-day support in all areas of digital life, to provide clients and their families with peace of mind, whether they are navigating, storing, posting, or purchasing online.
Social media, connected devices, online purchases, visits to websites, email address, we all leave our trace on the Internet. What is the best way to protect our digital identity ? An answer by Sonia Coudoux, global product manager BNP Paribas Cardif.