Introduction

The digital asset market is surging. BlackRock's spot Bitcoin ETF recently recorded $5 billion in volume in one day. Fidelity, Franklin Templeton, Invesco, and State Street are diving in. JPMorgan is tokenizing money market funds, while KKR and Apollo are putting real-world assets on chain.

But there's a hidden problem that isn’t often talked about: Only 1-3% of digital assets are insured.

This matters because insurance isn't optional for institutions. It's a core part of risk management - required by regulators, boards, and basic business prudence. Without comprehensive coverage, many institutions simply won’t be able to enter the market, regardless of opportunity.

But it goes even further. There is no mature market in the world that became that way without a liquid insurance market. Insurance helps people ship goods, sell services, fly planes and construct buildings. It’s a key part of any economy to allow companies to do business, providing important risk transfer to help the world function. Yet nearly 16 years on, crypto still remains the most excluded asset class in the world, stunting growth and leaving entrepreneurs self-insuring their risk more often than not.

This means getting digital asset insurance right is hard. Traditional insurers struggle with novel technical risks. Crypto-native solutions to date have lacked capacity and aren’t regulated. And unfortunately, even when coverage exists, it often has critical gaps.

Take 2023’s $1.7B in crypto hacks¹. Most victims had zero coverage. Those with insurance often discovered - too late - that their policy didn't cover the actual attack vector used. Like a homeowner discovering their policy doesn't cover floods only after the storm hits, crypto companies keep finding holes in their coverage the hard way.

The bigger problem? Digital asset insurance is a black box. There's no comprehensive resource explaining what coverage is available, what it actually protects against, how to get it or what it costs. Every week we speak with industry leaders facing the same challenge: they know they need insurance, but can't find clear information about their options. Ask five different brokers and you'll get five different answers about what's possible.

This piece is Part 1 of our guide to digital asset insurance. We'll explore:

• How the industry evolved from both traditional specie insurance and cyberinsurance
• The history of the digital asset insurance market

By the end, you'll understand the critical intersection of traditional insurance and cyber insurance that makes digital asset coverage unique. You'll know what questions to ask about different coverage types. And you'll have a clear map of who can actually help protect your assets.

Let's dive in.

‍

How Insurance Evolved

Digital asset insurance emerged from a unique intersection: centuries-old traditional  insurance colliding with modern cyber coverage. Understanding today's landscape requires understanding both parents.

Insurance Evolution

Origins

Insurance began with merchants protecting trade. The first risk-sharing agreements were born in Ancient Babylon - if one trader's shipment was lost, the group would help cover the loss. Medieval Italian merchants formalized this further, creating contracts to spread the risk of maritime ventures across multiple investors.

Modern insurance took shape in London's coffeehouses. In 1688², Edward Lloyd's coffeehouse became the meeting point where merchants and shipowners connected with wealthy individuals willing to take on a portion of their risk. The principle was simple: instead of one person bearing the full risk of a voyage, many people would each take a small share. This coffee house evolved into Lloyd's of London - still one of the world's largest insurance markets and a key player in digital asset insurance today.

Global Growth

In the 1800s, the world grew increasingly connected. Steamships began crisscrossing the globe, trade expanded, and banks grew larger to finance it all. These growing financial institutions needed specialized coverage to match their scale and complexity. This gave rise to specie insurance - originally meant for "money in specie" (physical coins), but eventually expanding to cover all kinds of valuable physical assets. Today, specie insurance protects everything from gold bullion to fine art, anywhere these assets are stored or moved. This broad coverage of physical valuables is particularly relevant for digital asset custody, where cold storage still means protecting physical devices.

Modern Times

By the 1960s, financial institutions had developed sophisticated coverage frameworks, many of which still form the backbone of asset protection today.

These frameworks started with custody chains. Every asset needed clear documentation of who controlled it, when, and where responsibility transferred. Like passing a baton in a relay race, each handoff had to be precise and recorded. This created a clear trail of liability - critical for when things went wrong.

Physical security evolved from simple locked doors to comprehensive systems. Banks developed detailed standards for everything from vault construction to guard protocols. More importantly, they created systematic ways to verify these standards were being followed through regular audits and inspections. Claims processes became equally systematic. When losses occurred, institutions knew exactly what to do - from initial incident reports to final settlement.

Regulators codified much of this into requirements. They set minimum coverage levels, spelled out reporting requirements, and specified what types of coverage different activities needed. This standardization helped the industry scale - insurers knew exactly what they were covering, and institutions knew exactly what protection they had. Because of this clarity, insurers were able to cover larger limits at cheaper prices. Specie insurers can cover limits in the $50m+ range and form consortia to insure losses in the hundreds of millions, if not billions.

These frameworks were so effective at protecting physical assets that they're still largely in use. They're also why traditional insurers initially approached digital assets through a physical security lens - focusing first on cold storage coverage using existing specie frameworks. But as digital assets have evolved, protecting physical vaults isn’t enough. Securing purely digital value would require an entirely new kind of insurance - one that was evolving alongside the rise of computers.

‍

Cyber Insurance Evolution

While financial insurance evolved over centuries, cyber insurance has evolved in a flash over the last few decades. As computers transformed from novelties to critical infrastructure, entirely new risks emerged - risks that traditional insurance never contemplated. As businesses went online, criminals didn't need guns or vault-cracking skills - just a keyboard and an internet connection.

Cyber insurance emerged in the late 1990s as businesses grappled with emerging risks from digital transformation. The coverage initially evolved from professional liability and errors & omissions policies, primarily serving technology firms that provided infrastructure and personal computing solutions to businesses.

As the internet transformed commerce during the dot-com boom, cyber insurance shifted its focus toward media liability coverage, particularly addressing concerns about intellectual property infringement through multimedia content on websites. This was driven by fears that unauthorised use of images and content could lead to expensive lawsuits, amplified by the unprecedented global reach of the internet.

Some early policies also addressed speculative risks that proved less impactful than feared, such as the Y2K bug, which helped shape underwriters' understanding of how to assess and price digital risks.

Open access to the internet changed everything, creating entirely new challenges for innovative insurers. Pioneers were building entire businesses online. Software started eating the world, and a single hack could now destroy a multi-national empire..

To address these evolving threats, insurers had to rethink their approach:

• Technical security audits replaced physical inspections
• Network monitoring became as important as guard patrols
• Digital forensics became critical for claims
• Policy wordings had to be invented to address the new nature of how companies could now suffer losses. New terminology was created and a standard underwriting framework started being developed.

By 2010, cyber insurance was its own distinct market. The scale and sophistication of attacks exploded. A single breach could now cost hundreds of millions. Insurers had to adapt again, focusing more on prevention and incident response. Those that didn’t had to either close their doors, lay-off their cyber teams or restructure their book to try to regain profitability.

During the 2010s, numerous insurers tried their luck at underwriting cyber in a profitable way.. Companies like CFC Underwriting which started out as a cyber insurance player has one of the largest teams of cyber underwriters in the world, some 20 years from when they first started. Unfortunately, this wasn’t the case with all insurers, with some large names having to shut down their books entirely because of the increase in ransomware claims and the interconnected nature of cyber business interruption with managed service providers.

When COVID hit, everything accelerated. As the world shifted online practically overnight, attack surfaces exploded. Companies that had never worried about cyber risk suddenly found their entire business operating remotely. This forced digitization drove unprecedented demand for cyber insurance. Premiums soared and the market matured rapidly.

The impact was dramatic. In just a few decades, cyber insurance had grown from a niche offering to a $14 billion market, expected to reach $29 billion by 2027³. While traditional insurance took centuries to mature, cyber insurance had to evolve at the speed of technology - creating crucial foundations for what was coming next: digital assets.

‍

Digital Asset Insurance

The story of digital asset insurance mirrors crypto itself: from stigma to institutional adoption.

Early Days

In crypto's early days, most insurers wouldn't touch it. The market was retail-focused, and Bitcoin was widely seen as a tool for illicit activity. Few legitimate businesses needed coverage, and fewer insurers were willing to provide it.

First Steps

Miners were among the first to need coverage. Companies like Marathon and Riot were running hundreds of millions in equipment, facing tangible risks like equipment damage and power failures. Insurers could understand these exposures - they looked similar to other industrial operations.

The Custody Evolution

Then came digital asset custodians. These looked more like traditional financial institutions, with similar security needs and business models. Insurers found their comfort zone: treat a hardware wallet like a gold bar in a vault, and suddenly digital asset custody became insurable using traditional specie coverage frameworks.

However, looking at custody this way works for offline storage of digital assets, but what about assets locked in smart contracts? Well the traditional insurance market still doesn’t have a good response to this. To solve it, the crypto community created its own way of insuring itself.

Discretionary Cover aka Decentralized (or DeFi) Insurance

DeFi insurance is a decentralized alternative to traditional insurance that operates on blockchain networks, primarily designed to protect users against risks specific to decentralized finance protocols. It allows users to purchase coverage against various crypto-related risks such as smart contract failures, exchange hacks, or stablecoin depegging events.

When users buy DeFi insurance, they pay premiums in cryptocurrency or stablecoins, and if a covered event occurs (like a protocol hack), they can submit a claim that's typically assessed by a community of token holders rather than a traditional insurance company. The entire process — from purchasing coverage to filing claims and receiving payouts — is automated through smart contracts, making it transparent and largely eliminating the need for traditional intermediaries.

Although it’s called DeFi insurance, it actually isn’t ‘insurance’ as insurance can only be provided by a regulated insurance company. DeFi insurance should go by the phrase ‘discretionary cover’ and just like how insurance started out by having many individuals pooling their money together to protect against risks, discretionary cover is bringing it back. From hereon out, we’ll refer to DeFi insurance by its correct terminology - discretionary cover.

In a very poetic way, blockchain technology is breaking new ground by rewinding the clock and returning to the roots of insurance. So, how should you think about when to use discretionary cover or traditional insurance? We’ve created a handy table to help:

Insurance companies and discretionary cover have different strengths and can co-exist side by side providing complementary coverage. It’s essential to understand the strengths of each in order to navigate the different risk transfer mechanisms at your disposal.

New Frontiers, New Challenges

Even with the advent of discretionary cover, today's digital asset landscape creates unique challenges. Unlike traditional cyber assets, crypto is a bearer instrument - possession equals ownership. A single breach can mean permanently lost assets. The 2022 Ronin bridge hack showed how devastating this can be - $620M gone in minutes, with virtually no chance of recovery.

The risks are also more complex:

• Smart contracts with open, exploitable code
• Hot wallets connected to the internet
• Cross-chain bridges creating new vulnerabilities
• DeFi protocols with interconnected risks

Like the risk and fall of cyber insurers, discretionary cover protocols have also gone bust. During the Terra Luna incident, several protocols were providing coverage for algorithmic stablecoin fluctuations. Once USDT lost it’s peg, the protocols effectively got liquidated. It’s not just traditional insurance that struggles with predicting new exposures and loss trends!

Current State and Future

Today, capacity remains limited outside traditional custody and mining. A typical specie policy might offer $250M in cold storage coverage with coverage that can go up to $1bn, but hot wallet limits rarely exceed $100M - a huge gap for institutions managing billions in assets. Smart contract coverage is even scarcer.

But change is coming. Major regulators are mandating coverage - Singapore requires digital asset firms to maintain specific coverage levels and Hong Kong's licensing regime includes mandatory insurance requirements. Major insurers are taking notice - Munich Re has been expanding their digital asset team.

2025 looks set to be a breakthrough year. As institutional capital flows in and regulatory requirements firm up, insurers will have to adapt. The question isn't if digital asset insurance will scale, but how quickly.

Looking Ahead

Understanding this history will help in navigating today's digital asset insurance landscape.

In Part 2, we'll examine the current market landscape: what coverage exists, who provides it, and how to think about protecting your digital assets. We'll map out the key players and break down the actual coverage types available today.