^macro[html_start;Cybercrime insurance growing;Cybercrime insurance growing; Cybercrime, insurance, growing]
^macro[pagehead;img/library.gif]
^macro[leftcol]
^macro[centercol;
<td colspan=3>
<div class=text>
<br><br>
<center><b><FONT FACE="Arial"><font color="#333366"><h3>Cybercrime insurance growing<br></b></font></font>
</h3><br></center>
<br>
Source: <a href="http://www.azcentral.com">The Arisona Republic</a></b>
<br>
<b>By Russ Wiles</b>
<br>
Date: <b>September 15, 2003</b>
<br><br>
<p ALIGN="JUSTIFY">
<img src="../img/cenz.jpg" alt="Cyber-crime" vspace="0" border="0" align=left hspace=10>
Almost every week brings a new revelation of a computer breach somewhere in the business world.
<br><br>
Viruses on the loose.
<br>
Hackers arrested.
<br>
Networks spilling confidential data.
<br><br>
Companies spend billions of dollars erecting firewalls, buying anti-virus software and taking other defensive measures, but sometimes those safeguards aren't enough.
<br><br>
For firms that still feel vulnerable, cyberinsurance provides another layer of protection.
<br>
Cyberinsurance or e-commerce insurance covers a laundry list of high-tech dangers, from lost income if a hacker interrupts your business to the costs of recovering data destroyed by a virus or malicious code.
<br>
The policies also focus on legal liabilities in case an attack on your computer system causes problems to innocent third parties, such as a breach of privacy because of data theft.
<br>
In addition, the policies cover things like public relations expenses to restore confidence and even payments that may be needed to settle a threat from extortionists.
<br>
"Virtually, all major businesses today rely on computer networks to function," said John Spagnuolo, a spokesman for the Insurance Information Institute in New York.
<br>
"But they need to recognize that network security risks are fundamentally different from traditional physical risks like fire."
<br>
Insurers won't name specific clients because of privacy agreements, but they say customers include firms in financial services, travel and tourism (including airlines), health care and retailing.
<br>
Also, many manufacturers have policies since computers control so much of the production process.
<br><br>
The business community's awareness of cyberinsurance does not seem high. Only 7 percent of business respondents in an Ernst & Young survey said they knew for sure that their firms have specific insurance coverage for cyberrisks.
<br>
Many executives assume incorrectly that standard business policies include computer-related dangers. But as rule, they must buy specialized coverage from one of a dozen or so carriers.
<br>
"Traditional insurance carriers have looked at some of these loss scenarios and said, 'Gee, that's not what we bargained for,' " said Jon Farber, vice president of global technology underwriting at St. Paul Cos., an insurer in St. Paul, Minn.
<br>
Underwriting the policies "involves an understanding of technology and some very different and unusual risks," said Emily Freeman, Western region vice president at AIG eBusiness Risk Solutions in San Francisco.
<br>
Besides St. Paul Cos. and AIG, cyberinsurers include CNA, Chubb, Marsh, Lloyds and Zurich North America.
<br><br>
Acceptance has been modest, with total annual premiums in the $100 million range. But insurers say demand is growing as businesses learn about the coverage.
<br>
Cyberinsurance dates to the late 1990s, when worries about the potential dangers from Y2K elevated computer risks to the front burner, Spagnuolo said.
<br>
Such policies are not sold to individuals, but consumers can purchase a somewhat related product, identity-theft coverage, that reimburses them for the costs to repair credit reports and correct compromised accounts.
<br><br>
Cyberinsurance has been targeted to mid- and large-size companies that can afford the coverage, Farber said.
<br>
Annual premiums start around $10,000, he said, and can go much higher.
<br>
Also, larger companies generally are better able to satisfy insurer demands that they have adequate safeguards in place.
<br>
Before a policy is sold, carriers will assess an applicant's cyberprotections.
<br><br>
AIG, for example, asks about such things as a firm's technology budget, security infrastructure, virus-protection programs, testing procedures and outsourcing.
<br>
Technology and dot.com companies were the early buyers of cyberinsurance, presumably because they knew the security limits of the products they built.
<br><br>
Since then, the customer base has broadened.
<br>
The potential customer list extends to virtually any company with a computer network, databases, a Web address and the like. Which means just about everyone is a candidate.
<br><br>
But as noted, awareness remains low.
<br>
"It's a matter of intensive education involving insurance companies, brokers and their clients," Freeman said.
<br><br>
<i><b><a href="http://www.azcentral.com/arizonarepublic/business/articles/0915insure15.html">Original article</a></b></i>
^macro[showdigestcomments;^uri[];Cybercrime insurance growing]
<br>
</div></td>
       ]
^macro[html_end]