[ISN] Firms' hacking-related insurance costs soar

From: InfoSec News (isnat_private)
Date: Mon Feb 10 2003 - 00:35:40 PST

  • Next message: InfoSec News: "[ISN] Draft of USA PATRIOT ACT II"

    By Jon Swartz
    SAN FRANCISCO -- Computer worms and viruses cost companies time and
    cleanup costs - and now higher insurance premiums.
    Many insurance companies - overwhelmed with hacking-related claims the
    past two years - have sliced hacking losses from general-liability
    policies, forcing companies to spend extra for "network risk
    insurance," which costs about $5,000 to $30,000 a year for $1 million
    in coverage.
    "Insurers are delivering an ultimatum: Invest in stand-alone hacker
    policies or go unprotected," says corporate attorney Bob Steinberg.
    That's a dangerous proposition. Losses from computer crime are
    expected to soar 25% to $2.8 billion in the USA this year, says market
    researcher TruSecure.
    Successful Web-site attacks nearly doubled to 600 a day. Hacker
    insurance is expected to jump from a $100 million market today to $900
    million by 2005, market researcher Gartner says. That may result in
    higher costs for consumers as the cost of doing business goes up.
    "Hacker insurance will be ubiquitous in a few years," says Bruce
    Schneier, chief technology officer of Counterpane Internet Security.  
    "You can't budget for the next computer worm, but insurance is a fixed
    cost that reduces risk."
    The threat of computer worms such as Slammer, which recently clogged
    global Internet traffic, underscores Corporate America's growing
    dependence on the Internet and the vulnerability of its computer
    The Code Red worm in 2001 caused an estimated $2 billion in damages
    and cleanup costs.
    Such security breaches prompted the government in September to urge
    companies to insure against losses and for insurance companies to
    offer more cyber-risk policies as part of its "National Strategy to
    Secure Cyberspace" plan.
    As technology grows more complex and creates security holes, companies
    would "have to disconnect every PC to be safe," says Ron Ben-Natan,
    chief technology officer at security firm Guardium.
    Until recently, companies relied on general liability policies to
    cover data losses from computer theft and stolen trade secrets.
    But with the spread of viruses and worms - which electronically damage
    computer data from remote locations - companies increasingly were
    forced to sue insurance providers to collect. That prompted more
    stand-alone policies from some of the biggest insurers, including:
    * American International Group, the largest network-security insurer,
      recently created stand-alone coverage for viruses and credit card
      and ID theft.
    * Hiscox, a Lloyd's of London syndicate, last year initiated a policy
      for telecommunications, media and technology companies that covers
      virus and hacker losses.
    * Chubb now offers financial institutions a policy for "e-theft,
      e-vandalism and e-extortion."
    * Zurich North America, in one plan last year, added a reward for
      information leading to the conviction of cyberterrorists.
    In addition to the premium, companies have to pay upfront to have
    their networks assessed. That can cost thousands. And hacker insurance
    isn't entirely foolproof, security experts warn. Some coverage is
    limited and may not cover sophisticated worms and viruses that have
    yet to surface.
    "It may take a few years for insurance providers to shore up holes,"  
    Steinberg says.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon Feb 10 2003 - 03:11:24 PST