[ISN] Anti-Hacking premiums 25% higher for Win NT

From: InfoSec News (isnat_private)
Date: Tue Apr 17 2001 - 22:54:26 PDT

  • Next message: InfoSec News: "[ISN] New Malaysian law to curb hacking"

    http://www.theregister.co.uk/content/8/18324.html
    
    By: John Leyden
    Posted: 17/04/2001 at 16:30 GMT
    
    An insurance policy against hacker-inflicted damage costs 25 per cent
    more for companies using Windows NT.
    
    This is because "there are so many security holes in Microsoft
    products", John Wurzler, of Wurzler underwriting managers, told us
    today.
    
    Wurzler's stance could be a little unfair - security is far more
    dependent on how well the infrastructure is designed and set up rather
    than the products used to build it, we argued.
    
    Wurzler concedes this point but says his company has to charge
    premiums based on an insured organisation's turnover, the probability
    of an attack and the chances of success of an attack.
    
    And the interesting thing is that such policies are available in the
    first place. Wurzler has sold insurance policies of between
    $5,000-$25,000 and, so far, the highest pay-out has been $200,000
    
    Firms are being encouraged to guard themselves against the effects of
    a hacking attack on their business by taking out insurance.
    
    Managed security service firms and insurance brokers are developing
    forms of cyber-insurance that cover Web site security breaches and
    virus attacks, which are not covered by general insurance business
    policies.
    
    With the cost of hacking and security breaches put at $378 million in
    2000 (according to a recent FBI-backed survey) it seems to make sense
    to use insurance as a way of managing risk.
    
    Insurance policies, which are available through security firms like
    Counterpane Internet Security and insurance brokers Wurzler, are
    generally offered in tandem with a thorough security audit.
    
    The introduction of security insurance policies, and we'll leave it to
    you to read the fine print on policies and decide which you prefer,
    could have important implications - if it influences customer purchase
    decisions on security technology or even operating system.
    
    ISN is hosted by SecurityFocus.com
    ---
    To unsubscribe email LISTSERVat_private with a message body of
    "SIGNOFF ISN".
    



    This archive was generated by hypermail 2b30 : Tue Apr 17 2001 - 23:13:21 PDT