Lloyd's Offers Hacker Insurance
Monday July 10, 2000
From
Yahoo News
By CLIFF EDWARDS, AP Technology Writer
SAN JOSE, Calif. (AP) - Lloyd's of London will offer up to $100 million in insurance coverage to clients of computer security management firm Counterpane
Security Inc. against hacker losses to their business or their customers.
Counterpane in its announcement Monday claimed to be the first Internet security service provider to provide a guarantee of direct financial reimbursement in
the event a hacker breaks through its defenses and uses customer data. The guarantee is underwritten by insurance brokers Frank Crystal & Co. and
SafeOnline, with additional coverage available for purchase from Lloyd's, the world's leading insurance market.
``This is not for your home user, this is for Yahoo!, this is for CDUniverse, which lost all those credit card numbers (to a hacker) in January,'' said Bruce
Schneier, chief technology officer at Counterpane. ``It's threat-avoidance. This, along with monitoring, is just another arrow in your quiver.''
Standard computer security includes firewalls, antivirus software that is updated weekly and systems that can prevent the entry
of hackers. But experts say much of that software contains weaknesses that can be exploited by enterprising hackers.
An FBI-funded reported in March, based on responses from 643 mainly large companies and government agencies,
suggested an epidemic of computer crime is under way across the United States. Since March 1999, nine out of 10
organizations reported computer security breaches, according to the annual Internet crime survey by the Federal Bureau of
Investigation and the San Francisco-based Computer Security Institute.
The most common forms of unauthorized computer intrusions are still viruses, stolen laptop computers and employees abusing their Internet privileges. But
businesses increasingly are reporting more serious incidents, including system penetration from the outside, financial fraud, data network sabotage, or
denial-of-service attacks - a deluge of repetitive requests sent to clog a Web site's computers until they seize up.
Various organizations have estimated that hacker attacks this year have cost businesses tens of billions of dollars, mostly in lost time. A study released last
week by Jericho, N.Y.-based Reality Research estimated businesses worldwide will lose more than $1.5 trillion this year due to computer viruses spread
through the Internet.
The ``ILOVEYOU'' virus earlier this year, spread via e-mail, affected about 45 million computer files at a cost to companies of $2.61 billion alone, according
to Computer Economics Inc.
Counterpane's Schneier said a $20,000 annual premium will provide coverage for $1 million in hacker losses; the cost rises to $75,000 for $10 million in
losses. The price any additional coverage, up to $100 million, must be negotiated with Lloyds.
Some regular insurance policies pay hacker losses under loss-of-business or act-of-vandalism clauses, but there are few policies written to specifically cover
hacker attacks. And those that do often carry premiums that start at $100,000 and run up to $3 million.
Analysts say the hacker insurance market is expected to grow to billions of dollars in annual premiums by the end of the decade, reflecting the growing
popularity of electronic commerce. But insurers have been reluctant to be the ground-breakers because there currently are no effective tools for measuring the
risk.
INSUREtrust.com also assesses security risks, but provides protection only for what it calls ``residual risks.''
IBM and Sedgwick Group PLC, the world's third-largest insurance broker provide products ranging from security reviews to compensation for lawsuits
brought by victims of online credit card fraud. And International Computer Security Association, an Internet security company, announced in 1998 it will pay
corporations up to $250,000 if hackers successfully crack its computer system.