Event
Summary
In light
of the heightened exposure various companies are facing regarding website, network,
and system security compromises, insurance brokers are jumping on the bandwagon,
offering customized Security Insurance Polices that protect companies with information
technology infrastructures against numerous risks not covered by their required
standard corporate General Liability Insurance Policy.
Some
of the kinds of protections these policies cover are:
- Loss due to fraudulent and malicious acts against your computer system,
programs, data, or media from theft, damage/alteration or virus attacks.
- Loss due to extortion - threatening malicious acts against systems, networks,
or websites.
- Loss due to business interruption and extra expense as a result of computer
virus or malicious destruction of the data inside the computer systems.
- Bodily injury judgments if someone learns how to make a bomb or something
destructive out of content obtained from your website.
- Protection in case of lawsuits resulting from website, network, and system
security exposures.
Market
Impact
We believe that as security exposures grow to unprecedented proportions, Security
Insurance Policies will become standard fare for eCommerce companies.
As this is a nascent market, insurance brokers that are offering this service
are still working out pricing details and prerequisites for coverage.
Don't
expect all underwriters to cover your corporate infrastructure just because
you think your company may be liable to future lawsuits. However, if your computer
environment is critical to your operations, you have a dedicated Information
Technology staff, and your IT staff and computer budget exceeds $250,000 annually,
this may be worth looking into.
User
Recommendations
Underwriters need to take due diligence and make sure that insurance brokers
have required all future policy holders to pass a standard Security Vulnerability
Assessment. This assessment should at the minimum look for:
- Information Gathering and Reconnaissance vulnerabilities
- File Transfer Vulnerabilities
- Hardware Peripheral Vulnerabilities
- Backdoors and Errant Configurations
- Messaging Holes
- Web, HTTP, and CGI Vulnerabilities
- Denial of Service Vulnerabilities