New Market for Security Insurance

Event Summary

In light of the heightened exposure various companies are facing regarding website, network, and system security compromises, insurance brokers are jumping on the bandwagon, offering customized Security Insurance Polices that protect companies with information technology infrastructures against numerous risks not covered by their required standard corporate General Liability Insurance Policy.

Some of the kinds of protections these policies cover are:

  • Loss due to fraudulent and malicious acts against your computer system, programs, data, or media from theft, damage/alteration or virus attacks.

  • Loss due to extortion - threatening malicious acts against systems, networks, or websites.

  • Loss due to business interruption and extra expense as a result of computer virus or malicious destruction of the data inside the computer systems.

  • Bodily injury judgments if someone learns how to make a bomb or something destructive out of content obtained from your website.

  • Protection in case of lawsuits resulting from website, network, and system security exposures.

Market Impact

We believe that as security exposures grow to unprecedented proportions, Security Insurance Policies will become standard fare for eCommerce companies.

As this is a nascent market, insurance brokers that are offering this service are still working out pricing details and prerequisites for coverage.

Don't expect all underwriters to cover your corporate infrastructure just because you think your company may be liable to future lawsuits. However, if your computer environment is critical to your operations, you have a dedicated Information Technology staff, and your IT staff and computer budget exceeds $250,000 annually, this may be worth looking into.

User Recommendations

Underwriters need to take due diligence and make sure that insurance brokers have required all future policy holders to pass a standard Security Vulnerability Assessment. This assessment should at the minimum look for:

  • Information Gathering and Reconnaissance vulnerabilities

  • File Transfer Vulnerabilities

  • Hardware Peripheral Vulnerabilities

  • Backdoors and Errant Configurations

  • Messaging Holes

  • Web, HTTP, and CGI Vulnerabilities

  • Denial of Service Vulnerabilities

comments powered by Disqus