Bitcoin’s security risk will “never be reduced to zero”, according to a report released by insurance market Lloyd’s today.
The 31-page document, commissioned to assess the risks involved in insuring bitcoin operations, warns that companies will continue to face a “dynamic threat”, regardless of their security practices.
Garrick Hileman, an economic historian at London School of Economics (LSE) and one of the report’s authors, told CoinDesk that while security in the industry is tightening, systemic issues remain:
“The improvements we’re seeing in many bitcoin risk areas, particularly at the firm level with the incorporation of multisig and other industry best practices, have been well documented. What has been covered less is how many old risks remain (eg 51% attacks) and new risks that are emerging.”
He cited the fact that the majority of mining takes place inside ‘The Great Firewall of China’ as one of his concerns. The report mentions several others: bitcoin’s volatility, its lack of liquidity and an uncertain regulatory climate.
Though these global issues are important in shaping the “overall risk profile” of bitcoin, the report says they are unlikely to be transferred directly in a policy.
For the growing number of bitcoin businesses applying for insurance, there are other risk factors in play. Coin Center‘s Jerry Brito and Peter Van Valkenburgh outline the ‘local’ threats faced by companies (ie insider attacks) and the kinds of solutions that may help prevent them: server-side security, multisig or hybrid wallets and cold storage.
The duo also address the poor track record of exchanges in guarding bitcoins to date, citing early research that 45% of the exchanges tracked failed.
“Rather than quantifying risk from past performance, Coin Center advises that insurers and industry observers keep tabs on whether a business is employing these new controls,” the authors write.
On the whole, the takeaway from Bitcoin: Risk Factors for Insurance is mixed. While bitcoin crime is shown to be an order of magnitude larger than credit card fraud, the authors point to signs the ecosystem is maturing.
While it might run against the decentralised ethos of the bitcoin network, the establishment of recognised security standards for enterprises may help bitcoin in the long-term, it says.
“As with any system of security, measures must evolve with the threat, and their effectiveness will rely on routine and robust application […] with responsible and innovative risk management, insurance can be a key component of the future of bitcoin.”
Reporting profits of £3.2bn in 2014, Lloyd’s market, one of the oldest of its kind, houses 96 syndicates who underwrite risk. It specialises in “unusual risk”, including celebrity body parts and space tourism.
Its report, Bitcoin: Risk Factors for Insurance, part of its research series on emerging risks, coincides with the expansion of its cyber division. Currently, Lloyd’s holds around 15% of the world’s insurance against cyber attacks.
Since then, bitcoin companies including Circle, Coinbase and Xapo have gone public with details of their insurance policies. However, they are anomalies in a market still lacking in consumer protection.
The tides could be turning however, as more insurers engage with digital currency technology. The Lloyd’s report was commissioned, Hileman said, following growing interest expressed by the bitcoin ecosystem in Lloyd’s insurance coverage.
The report’s launch and panel discussion at One Lime Street yesterday, was very well attended, he said, adding:
“The underwriters asked very specific, savvy questions, the type you’d expect from people who are actively examining the suitability of insurance for various aspects of the bitcoin value chain.”
Correction: An earlier version of this report misspelled Jerry Brito’s last name.