The NetDiligence Cyber Risk Summit is one of the most influential gatherings for cyber insurance professionals, bringing together underwriters, brokers, legal experts, and cybersecurity leaders. Held annually across several US cities, the event serves as a critical forum for addressing emerging cyber threats, regulatory trends, and the insurance solutions that respond to them. For carriers operating in complex, fast-moving spaces like DeFi, it’s a valuable pulse check on how the market is adapting.
At this year’s conference in San Diego, Relm’s Vice President of Cyber, Andrew Podgorny, joined a panel of industry leaders to discuss the evolution of insurance for decentralized finance (DeFi) solutions. He was joined by Meredith Challender (Kissel Straton & Wilmer LLP), Charlotte Goldman (Proof Insurance), and Oren Wortman (Sygnia).
For those who couldn’t attend, we’ve collated four takeaways brokers and insurance professionals need to be across.
1. DeFi Is Changing the Cyber Risk Landscape
Traditional centralized finance (CeFi) institutions like banks are subject to clear regulatory frameworks, established business practices, and relatively well-defined risks. In contrast, DeFi fintechs operate with no central control, open-source protocols, and permissionless access. This creates a very different and more complex risk profile.
“DeFi isn’t subject to the same extensive regulations as centralized finance, so it doesn’t carry that regulatory risk. It’s completely transparent — transactions on the public blockchain can be viewed by anyone,” said Podgorny.
This transparency means vulnerabilities and exploits are also publicly visible and can be rapidly exploited. Unlike centralized institutions where there’s an underlying business to recover from, with decentralized protocols, “sometimes you don’t even know who the entity is, sometimes you don’t even know if there’s a protocol owner or maintainer,” noted Wortman.
Why It Matters
For brokers insuring DeFi fintechs this shift toward decentralization means more bespoke policies. It requires deeper technical understanding and closer collaboration with underwriters and legal advisors.
2. Smart Contracts Are Powerful — and Vulnerable
Unlike traditional cyber incidents, breaches involving crypto businesses often center around the exploitation of smart contracts. These attacks don’t follow the typical “kill chain” of ransomware or phishing. Instead, the industry sees “smart contract exploits… governance attacks… [and] economic manipulation attacks.” In a high-profile case involving Bybit, a manipulated smart contract rerouted funds in seconds, despite appearing legitimate to front-end users.
Wortman explained: “Unlike a traditional incident investigation where we’ll look into traditional IT log sources and cloud log sources, with crypto — especially with DeFi — there’s a need to have expertise in actually understanding and looking at the code of the smart contracts. For example, what went wrong? Were the smart contracts manipulated?”
Podgorny further emphasized, “how many security audits have you done? What does your internal development lifecycle look like? Do you have security built into that?”
Why It Matters
Smart contract breaches are unlike traditional cyber. Brokers need a solid grasp of DeFi risks and code-level vulnerabilities to ensure coverage is fit for purpose.
3. Underwriting Crypto Starts with the Right Question
Relm’s underwriting approach begins with a simple but essential question: “What exactly do you want to insure?” This question is fundamental; it directs attention to the specific risks that need to be addressed.
“Once you know what they want to insure, you know what transactions to focus on,” said Podgorny. Goldman of Proof Insurance added a crucial clarification for underwriters: “What is the actual loss that you’re insuring?” She noted that, “If the protocol has a treasury, then you’re insuring a treasury. If the actual users are experiencing the loss, that’s not something that we’re going to touch”.
Why It Matters
Asking the right questions at the start of the underwriting process is key for ensuring the right risks are identified and covered. Helping clients clearly define what they want to insure and what constitutes an insurable loss (e.g., protocol treasuries vs. individual user losses) means brokers can focus on the most relevant risks and transactions.
4. Regulation Is a Moving Target
The legal status of tokens, stablecoins, and DeFi platforms remains unsettled. “There’s a lot of uncertainty in the legal industry regarding whether certain types of tokens are considered securities or commodities,” said Challender.
She highlighted the ongoing debate around the “Howey test” and the fact that “we still don’t have legislation specifically tailored to cryptocurrency … Unfortunately, there’s been little to no regulation in this area, even since the inception of the technology after the financial crisis. The current SEC appears to be taking a more proactive approach, and while there are bills pending in Congress to address these issues, it remains to be seen whether they’ll gain traction.”
Why It Matters
Regulatory uncertainty increases risk exposure for brokers by complicating compliance assessments, claims handling and client advisories. Staying informed and encouraging clients to document their compliance efforts isn’t just good practice. It’s essential risk management.
