The SQL Slammer attack in January demonstrated once again the kind of damage a computer virus can cause in an information economy. It froze many of the Bank of America's ATM machines, disrupted the Web sites of American Express Co. and Countrywide Financial Corp. and caused problems in Continental Airlines' ticketing system.
Such viruses aren't uncommon. Ninety percent of companies surveyed in 2002 by the Computer Security Institute and the FBI had detected computer security breaches in the preceding 12 months. But so far, there's been little demand for insurance that covers the damage such attacks could do to companies' systems and data or the data of their customers. Brokers estimate that in 2002, companies bought just $100 million to $200 million of such insurance, in contrast with estimates on potential losses in the billions.
Brokers say the rising premiums companies are paying on existing commercial property and casualty policies have discouraged them from considering new coverage, and some actually incorrectly assume those policies cover them for cyber loss, despite recent efforts by insurers to add wording to make it clear that those kinds of losses were not covered. Brokers also cite a lack of communication between information technology personnel and risk managers and the fact that executives often fail to realize how much of their company's business now depends on computers and the Internet.
Recommended For You
The good news: Executives are trying to get better informed–some by choice and others by necessity. American International Group Inc. is the leading provider of cyber coverage, and Bob Parisi, the chief underwriting officer for AIG eBusiness Risk Solutions, says that in the past year he has seen "an increasing awareness and recognition of the need" for such coverage. "People are starting to realize that data makes up a much greater proportion of their company's assets and value, and the risks associated with damage to that data are greater than people had clued into before," Parisi says.
Peter Foster, a senior vice president in the e-business practice of insurance broker Marsh Inc., says he's seeing the greatest interest in cyber insurance from companies in the health care and financial industries, both of which are working to comply with new regulations on protecting customer information. Foster adds that some companies may pop for cyber insurance because insurers are starting to add language to directors and officers policies that excludes claims resulting from the company's failure to maintain other types of coverage.
But is it just your network about which you should worry? Microsoft thinks not, since it has implemented a policy that requires not only Microsoft to maintain cyber insurance but all business partners with access to its network. As Michael Flanagan, a managing director at insurance broker Arthur J. Gallagher & Co., puts it, a company must adopt a 360-approach since most cyber-crime is perpetrated by company insiders or business partners.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
