The past few years have witnessed increased adoption of the blockchain technology across a myriad of business sectors. Business owners are tempted by the blockchain’s high security levels, competitive efficiency and low risk. However, it goes without saying that any new technology comes with new risks. An organization’s risk management team should analyze, assess and design mitigation plans for risks expected to emerge from implementation of blockchain based frameworks.

A paper that has been recently published in an academic journal; “Risk Management” pinpointed three main risks that will usually emerge from implementation of blockchain based solutions:

1- Vendor risks:

Practically speaking, most present organizations, looking to deploy blockchain based applications, lack the required technical skills and expertise to design and deploy a blockchain based system and implement smart contracts completely in-house, i.e. without reaching out for vendors of blockchain applications. The value of these applications is only as strong as the credibility of the vendors providing them. Given the fact that the blockchain-as-a-service market is still a developing market, a business should meticulously select a vendor that can perfectly sculpture applications that appropriately address the risks that are associated with the blockchain.

A large proportion of such vendors are recent startups, so in most cases, they lack necessary assets to address possible losses secondary to blockchain deployment. Accordingly, the risk management team has to verify their organization’s insurance coverage with regards to the vendor’s insurance policy. The team should not just settle for merely an insurance certificate, as it is not obligatory binding with regards to the insurance carrier and does not represent a proof of insurance coverage. Along with shifting of possible risks to the vendor’s insurance policy, the binding contracts should highlight this shifting of risks when creating terms to mitigate pitfalls of added insurance coverage.

2- Credential security:

Even though the blockchain is known for its high security levels, a blockchain based system is only as secure as the system’s access point. When considering a public blockchain based system, any individual has access to the private key of a given user, which enables him/her to “sign” transactions on the public ledger, will effectively become that user, because most current systems do not provide multi-factor authentication. Also, loss of an account’s private keys can lead to complete loss of funds, or data, controlled by this account; this risk should be thoroughly assessed.

For example, when considering bitcoin, anyone who has access to the private keys of a group of bitcoins, can send those coins, even if he/she is not their owner. The same is true for any blockchain based application; access to the blockchain is fully controlled via the private keys of an account, which permits sending funds or modifying the records of the blockchain.

3- Insurance Coverage Gaps:

With any newly emerging technology, current insurance policies usually include definitions and exclusions that can eliminate coverage for certain losses, because the losses are secondary to the operation of implementation of the blockchain system.

For example, money is defined as “government backed currencies” under some crime policies. When considering this definition, bitcoin would not be considered money and thus, would not be covered by insurance if a hacker gains access to the private keys and transfers bitcoins to his/her account. Accordingly, it is pivotal for the risk management team to thoroughly review their organization’s insurance package to make sure that changes, caused by implementation of blockchain based solutions, would not undercut insurance coverage secondary to improper wording of insurance documents.

Image source: Blockchain.info