http://www.usatoday.com/money/industries/technology/2003-02-09-hacker_x.htm By Jon Swartz USA TODAY 2/9/2003 SAN FRANCISCO -- Computer worms and viruses cost companies time and cleanup costs - and now higher insurance premiums. Many insurance companies - overwhelmed with hacking-related claims the past two years - have sliced hacking losses from general-liability policies, forcing companies to spend extra for "network risk insurance," which costs about $5,000 to $30,000 a year for $1 million in coverage. "Insurers are delivering an ultimatum: Invest in stand-alone hacker policies or go unprotected," says corporate attorney Bob Steinberg. That's a dangerous proposition. Losses from computer crime are expected to soar 25% to $2.8 billion in the USA this year, says market researcher TruSecure. Successful Web-site attacks nearly doubled to 600 a day. Hacker insurance is expected to jump from a $100 million market today to $900 million by 2005, market researcher Gartner says. That may result in higher costs for consumers as the cost of doing business goes up. "Hacker insurance will be ubiquitous in a few years," says Bruce Schneier, chief technology officer of Counterpane Internet Security. "You can't budget for the next computer worm, but insurance is a fixed cost that reduces risk." The threat of computer worms such as Slammer, which recently clogged global Internet traffic, underscores Corporate America's growing dependence on the Internet and the vulnerability of its computer networks. The Code Red worm in 2001 caused an estimated $2 billion in damages and cleanup costs. Such security breaches prompted the government in September to urge companies to insure against losses and for insurance companies to offer more cyber-risk policies as part of its "National Strategy to Secure Cyberspace" plan. As technology grows more complex and creates security holes, companies would "have to disconnect every PC to be safe," says Ron Ben-Natan, chief technology officer at security firm Guardium. Until recently, companies relied on general liability policies to cover data losses from computer theft and stolen trade secrets. But with the spread of viruses and worms - which electronically damage computer data from remote locations - companies increasingly were forced to sue insurance providers to collect. That prompted more stand-alone policies from some of the biggest insurers, including: * American International Group, the largest network-security insurer, recently created stand-alone coverage for viruses and credit card and ID theft. * Hiscox, a Lloyd's of London syndicate, last year initiated a policy for telecommunications, media and technology companies that covers virus and hacker losses. * Chubb now offers financial institutions a policy for "e-theft, e-vandalism and e-extortion." * Zurich North America, in one plan last year, added a reward for information leading to the conviction of cyberterrorists. In addition to the premium, companies have to pay upfront to have their networks assessed. That can cost thousands. And hacker insurance isn't entirely foolproof, security experts warn. Some coverage is limited and may not cover sophisticated worms and viruses that have yet to surface. "It may take a few years for insurance providers to shore up holes," Steinberg says. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Feb 10 2003 - 03:11:24 PST