John Lewis has become the first major insurance affinity brand to sell personal cyber insurance against the threat of hacking and identity theft as part of its home insurance offering.
The product targets internet scams such as customers being tricked into authorising a payment to the wrong account through a fake invoice. It also offers push-payment fraud protection and ransom payments in the event that a hacker gains access to pictures or videos and is demanding money to stop their release.
Incumbent insurers have generally been quite cautious when it comes to cyber, with the level of risk multiplied by the fact that all of their customers could in theory be hit by the same attack.
This is different from home, for example, where the insurer can select how many at-risk homes it wants to take on. It has also been suggested that there is not a clear understanding of the threat within the industry, which has led to cyber specialists such as Bewica entering the market.
With this in mind, it is surprising that the first policy of this kind has been launched by an affinity insurer. Affinities are traditionally slow moving and show little innovation, largely because they have such strong and easy access to customers that they are under less pressure to stand out.
The types of phishing scams where consumers actively send money, but not to where they intended, often fall in a grey area in terms of whether their bank will reimburse them or not. The John Lewis policy states that customers must try their bank first, but uncertainty in this area could see the rise of similar policies if banks regularly reject such claims. This is rare innovation from a well-known insurer in an area that the industry is yet to fully figure out.