Enterprises now face the question of determining the right kinds of cyber insurance to buy in addition to the other traditional insurance that covers the risk of doing business. Internet Evolution asks, “What would you pay to be insured against data loss or theft“? While cyber insurance of all kinds has been around for a while, more firms than ever are seriously considering it, as data breaches, Web fraud, and security breaches continue to make headlines.
Tracey Vispoli, global financial fidelity manager for Chubb, told Internet Evolution, “Although I would still characterize business interest in cyber insurance as emerging, we saw a 40 percent growth in firms securing some form of Internet liability insurance in 2009.” Chubb provides Internet liability and other insurance coverage for businesses worldwide. “I’ve been talking with several insurance companies now about entering the cyber-insurance area,” says Paul Sop, CTO for computer security and consulting firm Prolexic Technologies Inc.
For insurers like Chubb, the Internet provides an opportunity to develop new products to meet emerging business needs. For potential business clients, Internet insurance plugs gaps in coverage that current business insurance policies don’t address. The article says the gaps include:
- Website-related losses,
- Website copyright infringements,
- Cyber-attacks and
- Unauthorized online access to customer information.
“We encourage companies to think not only about their Web-based assets but also about their entire technology base when they consider insurance,” Ms. Vispoli told Internet Evolution. This includes not only cyber-attacks that directly target the Website from the Internet but also breaches of confidential corporate data such as customer and employee records. Ms. Vispoli explained that at least 45 states require a company whose data is compromised to send out official notifications to all those affected.
Someone from the outside can hack into your employee or customer information, and then there’s the financial pressure of not only fixing the breach and taking action, but also of notifying potentially hundreds of thousands of individuals whose information has been compromised.
The article says that the cost of notification alone can be worth insuring, but there are other costs as well. As recently as five years ago, companies were not required to send out notices nor did they spend the amount of money that it takes today to bring in a forensics team to analyze a cyber breach and find the hack.
The cost of Internet liability and other e-commerce-related insurance varies, depending on the risk factors a given organization presents. Internet Evolution says one of the variables is the amount of online sales it books each year. Common types of cyber-insurance that are available today include:
- Technology professional liability,
- Media errors and omissions,
- Telecommunications professional liability and
- Computer information and data security liability.
“We are seeing an aggressive trend in businesses subscribing to cyber-insurance, especially in industry sectors like healthcare, financial services, retail, services companies like hotel chains and media,” Ms. Vispoli said in the article. “Depending on the size of the organization, we might be contacted for coverage information by a Chief Security Officer, or possibly by a CFO or CIO.” All of them see growing exposures from e-theft, e-fraud, compromise of critical data, loss of goodwill, e-threats, and vandalism, denial of service, copyright infringement, and regulatory compliance issues.
What do you think?
Does your organization have cyber insurance?
Related articles
- Breaches and Cyber Insurance (imperva.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.