In Part 2, we mapped the digital asset insurance landscape and examined how providers assess risk. Now we’ll explore two crucial questions: what happens when things go wrong and what does protection really cost?

Today’s market has stark contrasts: cold storage coverage can reach hundreds of millions at reasonable rates, while smart contract coverage remains scarce even at premium prices. Understanding these dynamics and how claims actually work is essential for institutions managing digital asset risk.

This article breaks down two critical areas: the claims process and market economics.

You'll learn:

• How digital asset claims unfold, from detection to recovery
• What different types of coverage actually cost
• Why capacity varies from millions to billions by risk type
• Where gaps remain and opportunities in today's market

‍

The Claims Journey

To help to take a deep dive into the claims journey and process, we looped in one of the world’s foremost experts in adjusting digital asset claims. Will Gow, Director and Head of Cyber and Technology Risks UK at Crawford & Company.

Digital asset claims combine traditional insurance processes with the more nuanced risks associated with blockchain capabilities. While physical insurance relies on tangible evidence of loss and cyber insurance on system/network logs, digital asset claims benefit from something unique; an immutable transaction record that can be crucial for both investigation and recovery.

The majority of claims in the digital assets industry presently fall into five broad categories of loss:

1. External compromise to the insured’s systems via threat actor hacking, which can cause system interruption, data compromise and restoration issues (very similar to a traditional cyber loss).

2. Theft of digital assets as a result of system compromise or compromise of physical security systems (including kidnap and ransom).

3. Suits arising from trading in crypto, issuing a token or providing services in the digital asset industry where a third party allegedly suffered a financial loss.

4. Collusion, private key backup loss or other cold storage loss.

5. Property damage to digital asset mining businesses.

As the field matures, this will expand and there are claim sub-categories that may fall within each of these broader categories. Some claims may also involve multiple loss issues or attack vectors. One area that has been drawing more attention due to recent press is kidnap and ransom in the industry, a growing problem within digital assets where transactions and holdings are in public domain.

‍

Understanding the Process

A digital asset insurance claim typically follows these key steps:

1. Preparation/Mitigation: Before any incident occurs, having proper documentation, response plans, and risk mitigation tools in place. It is essential to regularly test and scenario plan, for example via table-top exercises.
2. Detection: Discovering the incident through monitoring systems, alerts, or observed anomalies. This must be proactive and include staff training, awareness raising, along with set key responsibilities for individuals.
3. Initial Response: The critical first 48 hours - containment, notification, and evidence preservation. It’s necessary to get the experts in fast and to have a coordination strategy, including the appointment of an Incident Response Manager to manage the various different vendors and parties.
4. Investigation: Piecing together what happened through system logs, blockchain analysis, and security audits. This takes specific expertise, as it’s necessary to understand the type of crypto asset involved, the systems concerned, and how the business operates. It differs from traditional cyber claims, in that often the ‘thing of value’ is what has been stolen (i.e., the intangible asset), whereas in mainstream cyber it largely concerns compromised data.
5. Verification: Proving the claim's validity to insurers through documented evidence. This includes understanding the more nuanced policy terminology when assessing not only whether there is coverage but also to what extent and over which period.
6. Recovery Attempts: Efforts to trace and potentially recover lost assets. To increase the chance of a potential recovery, this should be built into the coordination strategy from the initial investigation, otherwise it will be too late- funds become moved, mixed and placed out of jurisdiction very quickly. Early intervention is required, utilising the unique nature of blockchain public records to track origin and prove the movement of assets to obtain the relevant freezing orders/applications to the Court to the concerned financial institution (receiving account) or intervention via law enforcement.
7. Settlement: Final claim documentation, loss calculation, and payment. Understanding quantum is key and how to calculate in accordance with the policy terms, due to the sometimes volatile nature of particular crypto assets. Any settlement must be reached having managed the expectations of the parties and assessed as a reasonable outcome that is fair and in line with the policy wording.

Each step requires different expertise and tools, but all must work together for successful claim resolution.

Now let's examine each step in detail, we’ve used the example of a cyber breach that resulted in either compromised data or theft of digital assets. Each of the above steps have been broken down into bullet points that touch on the most important parts.

1. Preparation - Success starts long before any incident. Well prepared businesses maintain:

• Detailed documentation of security controls/internal procedures
• Clear incident response plans (stored offline and only accessed via limited staff)
• Business continuity procedures, to minimise the impact of Business Interruption
• Communication protocols/PR management strategy both internally and externally
• Recovery tools, risk mitigation software and partnerships, strategically managed and reviewed periodically

Like a fire drill, every stakeholder needs to know their role and have the right tools ready before an incident occurs.

2. Detection - Claims require rapid identification through multiple channels:

• System/network logs and alerts
• On-chain transaction monitoring
• Blockchain analytics
• Behavioral analysis
• Staff observations
• Customer reports
• Dark web monitoring
• Threat Intelligence assessments

3. Initial Response - The first 48 hours are crucial:

• Immediate containment of affected systems
• Urgent patching
• Notification of key stakeholders
• Preservation of evidence
• Engagement with insurers
• Activation of response teams and Incident Response Plan
• Threat actor engagement/negotiation
• Initial asset tracing / sanction checking
• Mitigation of Business Interruption

4. Investigation - Once immediate response measures are in place, detailed investigation begins:

• Analysis of system logs, audit trails, processes and procedures
• Blockchain transaction tracing
• Review of security footage and access logs
• Staff interviews
• IT Forensics Root Cause Analysis Report
• Legal assessment of any potential breach/regulatory issues
• Consultation with PR on comms strategy
• Determination of quantum and early policy assessment
• Timeline reconstruction/chronology of events
• Engaging with law enforcement, NCSC, where appropriate

5. Verification - Insurers need clear evidence to validate claims:

• Proof of security controls in place, in line with the Statement of Fact or application form
• Documentation of procedures followed
• Evidence of breach method/causation
• Quantification of losses and adjustment
• Compliance with policy conditions
• Expert analysis reports / supporting documentation

6. Recovery Attempts - Multiple paths to potential asset recovery:

• Asset tracing through blockchain analysis
• Law enforcement cooperation
• Legal proceedings if perpetrators identified
• Negotiation with threat actors (in some cases)
• Technical recovery solutions (blocking on-chain transfers/freezing funds)
• Emergency response and recovery services

7. Settlement - The final phase involves:

• Complete claim documentation/ final reporting
• Loss amount verification
• Coverage confirmation
• Payment/Indemnity processing
• Lesson implementation/security improvement plan
• Risk Consultancy
• Policy adjustments

While no institution wants to file a claim, understanding and being prepared for this journey is crucial for any serious digital asset operation. It's also useful to understand that most insurers and their appointed adjusters are there to support you and try to mitigate further risk or exposure. The key is having the right expert in place to coordinate the initial efforts within that first 48-hour window.

As the market matures and more claims are processed, these procedures will standardise and uniformity increases along with knowledge of best practices. For now, the best protection comes from thorough preparation and working with experienced partners who understand both traditional insurance and digital asset complexities. A joint-up approach is pivotal to a successful response and for the organisation to return to business as usual as quickly as possible.

And remember, when in doubt, notify! It’s much better to notify your broker of the circumstance than try to sort it out yourself and use insurance retroactively. This is key as the policy could deny coverage for late/no notification.

‍

Market Analysis: Understanding Coverage Economics

With the claims process mapped, let's examine what this protection actually costs and why capacity varies so dramatically by risk type.

We'll focus on four core coverage types that highlight the market's evolution:

• Cold storage/specie coverage (the traditional approach)
• Hot wallet protection (where cyber meets crypto)
• Smart contract coverage (the new frontier)
• Cyber insurance coverage (cyber without crypto loss)

For each, we'll examine available capacity, premium ranges, and what drives these economics.

1. Cold Storage/Specie Coverage

‍

Specie coverage, traditionally used for protecting physical valuables like gold and cash in vaults, has been adapted for digital assets held in cold storage - essentially, private keys stored in secure, offline facilities (this is covered in detail in Part 1). This segment represents the most mature segment of digital asset insurance.

Traditional insurers understand it - protecting private keys in secure facilities isn't fundamentally different from protecting gold bars in those same facilities.

Some wordings are written on a Named Perils basis, this means that only the risks that are specifically named in the policy are covered, rather than being written on an All Perils basis and then excluding the risks that the insurer doesn’t want covered. Whichever way the policy is written the same principle applies, the definition of what is covered is narrow (as compared to a crime policy) which allows the rate to be less expensive than a crime policy with limits many multiples higher.

Capacity

This segment has the deepest capacity in digital asset insurance. Individual policies can reach $1bn, with multiple traditional insurers actively participating. Lloyd's syndicates typically lead these programs. Because traditional insurers are more comfortable with these risks, capacity is larger than other areas - and this competition helps keep prices lower.

Premium Economics

Rates will start close to 1% of insured values and then drop as the limit increases. We typically see rates between the 0.5-0.8% range for custodians with good security and proper duty segmentation in place. While physical security might keep external threats at bay, the biggest risk remains “trusted” employees working together to compromise assets. This "insider threat" challenge remains one of the problems that is hard to completely mitigate away from custodians.

2. Crime Coverage

Crime coverage is similar to cold storage in that it covers a company for the loss or theft of a digital asset, but it differs greatly in the coverage offered. While cold storage or specie coverage has a narrow policy language but can offer large insurance limits, crime coverage does the opposite. It offers lower limits (typically between $2m-$10m) but a much broader policy wording to cover more attack vectors to the company. For example, a typical ‘hacking’ style attack where an attacker compromises an API co-signer or manipulates an internal system to allow for a fraudulent transfer of assets is covered under a standard crime policy but excluded in a cold storage policy.

Capacity

This area can fluctuate more than cold storage but total/ maximum capacity for any one risk would be in the area of $100m with markets typically taking max lines of $5-10m per risk.

Premium Economics

Rates will be between 1%-2% depending on security of the system, duty segregation, cyber security and how much value is sitting in the wallets. We also closely analyse Transaction Authorisation Protocols (TAP) to understand who has access to the assets, under what circumstances and what each user’s role is for any given transaction or function.

3. Smart Contract Coverage

Smart Contracts are open source programs which run on blockchains. Digital assets can be held in these contracts, allowing them to be used for financial functions like lending, borrowing etc. This coverage covers companies for theft or loss of digital assets being held in a smart contract.

Unfortunately, smart contract coverage in the regulated insurance market has been incredibly limited with only one or two markets offering affirmative coverage for them. This is due to the following:

• More education needed by insurers to understand smart contracts, attack vectors and adequate pricing
• High premium relative to limit
• Low capacity relative to Total Value Locked (TVL)

Although the first point is important, it’s really the last two that have constrained the industry. Smart contract developers who want insurance face rates upwards of 5% (i.e. $50k per $1m in cover) and can only buy a small amount of the cover they need. To really understand this, we’ve put together the following scenario:

Smart Contract Company Ltd (SCC) has developed a smart contract and has amassed $50m of value locked to the protocol. SCC has paid for 2 independent third-party auditors to review the code, which has been completed and any recommendations have been implemented. SCC now wants to buy an insurance policy for the full value of the TVL ($50m) and so turns to the regulated insurance market. SCC contacts their broker who finds them a $20m policy (with all options exhausted) that costs $1m in premium. The premium has to be payable in USD and in order for the policy to pay out SCC needs to be sued by a third-party that has suffered a financial loss (standard Technology Errors & Omissions language).

It is now a business decision for SCC to either put the policy in place or not. They need to weigh up the benefits against the costs and sign off on a large premium cheque. If you were on the board of directors, what would you do?

Capacity

Total capacity is hard to put a figure on as companies can access discretionary cover for smart contract risks via Nexus Mutual and potentially layer on traditional cover over top of the discretionary cover or use it as a primary policy for Nexus to write excess. Although it’s hard to put a total cap on available coverage, this is in the area of $50m for any one risk using a mix of regulated insurance and discretionary cover.

Premium Economics

Businesses looking for coverage for their own smart contracts should be prepared to pay at least a 5% rate for their risk via regulated insurance. If discretionary cover is chosen the premium paid can be less than regulated insurance but will rely on the mutual participants (or the company’s own wallet) for the amount of capacity that can be granted.

4. Cyber insurance Coverage

Cyber insurance covers the insured companies for a number of potential loss scenarios:

• The loss or compromise of client data
• Restoration costs if an attacker is able to encrypt their systems and ransom payment
• System business interruption costs for the downtime and lost revenue a company faces if a cyber event does occur
• Liability (coverage for lawsuits) for any breach of duty that the company owes their clients

It’s a misnomer that cyber coverage includes coverage for the loss or theft of digital assets by hacking, this isn’t the case as this risk is covered off by the Crime markets. Cyber insurance is therefore only for the pure cyber risk the company faces outside their on-chain operations (data privacy, legal support, PR, ransomware, business interruption etc..). Although cyber liability doesn’t cover theft of digital assets, it does cover some very important threat vectors that attackers can exploit to damage the company. For example, a white label exchange operator who developed the backend exchange stack for third-party companies to use and white label to run their own exchanges was hit with ransomware. Not only did the ransomware encrypt all the company’s systems but also meant that their clients could no longer operate their exchanges as well, leading to very high business interruption costs and lawsuits from their clients.

Another prominent case involved a cold storage hardware wallet manufacturer who had a data breach of one of their suppliers. The supplier to the company leaked client lists including name and email addresses to the dark web. This information was bought and harassment then ensued from the attackers to the individuals on the client list in the form of scam emails and calls. The attackers knew these individuals had digital assets they were custodying and so tried various means to scam them into exposing their private key information.

Capacity

Cyber capacity is limited by the type of risk and domicile of the companies that are looking for this coverage. For example, London markets would have limited appetite for a crypto exchange operator with poor cyber controls located in the USA than they would a custodian with strong cyber controls domiciled in Singapore. Most of the capacity largely comes down to how robust their cyber security is, the impact a hack could have and the jurisdiction the insured company operates in.

In London, there are approximately a handful of companies offering cyber coverage. But if we had to imagine the perfect risk with the most robust cyber security controls in the centre of the insurer’s appetite, total capacity could get to around $25m-$35m.

Premium Economics

Premium for small companies can be in the 2%-3% range ($20k-$30k) with larger companies rarely below 5% ($50k).

Coverage Limitations

Coverage limitations will change and vary depending on your policy wording so it’s best to have a thorough read and understanding of it to understand what you’re covered for and your obligations in the event of a potential claim.

Here are some common coverage limitations for the covers we highlighted above:

Cold Storage:

Cover is limited to the private key material of the company, this means that there needs to be a transaction signed by the private key of the company for there to be coverage in place. This means that there would have to be theft or collusion in order for a valid claim to be made. Another limitation to this coverage is that each cold storage policy has an associated Risk Management Protocol (RMP) for the particular client which outlines exactly how a transaction is signed and the people required in the signing process. If there is a deviation or a change of the RMP and it’s not notified to the insurer and there’s a loss as a result of it, there could be no coverage.

Crime Coverage:

Crime policies do not cover risks related to kidnap and ransom of the insured or the insured’s employees and family. Kidnap and ransom risks are particularly important for companies in the digital asset space due to the price appreciation of the underlying asset. It is important to know about this limitation and seek specialist kidnap and ransom cover for your company.

Smart Contract Coverage:

It’s important to understand how the policy gets triggered when a company buys a smart contract policy. For example, if your coverage is written on a ‘Claims Made’ basis, a lawsuit needs to be levied against the company in order for the coverage to trigger. That means even if a loss of assets occurs during the policy period as a result of a hack (or other covered claim) coverage doesn’t yet apply until the company has been named in a lawsuit. This is called ‘third-party liability’ cover which comes to the rescue once a lawsuit (or threat of a lawsuit) is made against the company. This is different to ‘first-party’ coverage which is what discretionary coverage is written on, this means that once a hack has been verified a claim can be paid out, regardless if there has been a lawsuit or not.

Cyber Insurance:

For coverage to apply to a company buying cyber insurance the claim has to be brought against the company and not have been excluded by the policy conditions. The exclusions will typically exclude coverage for theft of digital assets as well as the fluctuation of the currency which means if there is a theft of the assets there won’t be any coverage under the cyber policy for the restoration of the assets or the lost revenue as a result of the hack.

‍

Conclusion

The world of digital asset insurance is complex and even professionals who have spent their entire careers in the insurance industry struggle to understand the nuance that digital assets bring to coverage. By exhibiting characteristics of many different asset types and also exhibiting some only reserved for itself, digital assets are both redefining policy coverage and enabling forward thinking insurers to capitalize on an incredible opportunity. Companies in the digital asset economy are pushing the world forward by their innovations in value transfer, accounting and accrual and only by a liquid insurance market can they realise the extent of their ambitions.

In our final instalment we’re going to be looking at some of the current challenges in the market and what the future holds for this incredibly important space of insuring the new economy.