Lloyd's Offers Hacker Insurance

Monday, July 10th 2000, 12:00 am
By: News On 6

SAN JOSE, Calif. (AP) — Lloyd's of London will offer up to $100 million in insurance coverage to clients of computer security management firm Counterpane Security Inc. against hacker losses to their business or their customers.

Counterpane in its announcement Monday claimed to be the first Internet security service provider to provide a guarantee of direct financial reimbursement in the event a hacker breaks through its defenses and uses customer data. The guarantee is underwritten by insurance brokers Frank Crystal & Co. and SafeOnline, with additional coverage available for purchase from Lloyd's, the world's leading insurance market.

``This is not for your home user, this is for Yahoo!, this is for CDUniverse, which lost all those credit card numbers (to a hacker) in January,'' said Bruce Schneier, chief technology officer at Counterpane. ``It's threat-avoidance. This, along with monitoring, is just another arrow in your quiver.''

Standard computer security includes firewalls, antivirus software that is updated weekly and systems that can prevent the entry of hackers. But experts say much of that software contains weaknesses that can be exploited by enterprising hackers.

An FBI-funded reported in March, based on responses from 643 mainly large companies and government agencies, suggested an epidemic of computer crime is under way across the United States. Since March 1999, nine out of 10 organizations reported computer security breaches, according to the annual Internet crime survey by the Federal Bureau of Investigation and the San Francisco-based Computer Security Institute.

The most common forms of unauthorized computer intrusions are still viruses, stolen laptop computers and employees abusing their Internet privileges. But businesses increasingly are reporting more serious incidents, including system penetration from the outside, financial fraud, data network sabotage, or denial-of-service attacks — a deluge of repetitive requests sent to clog a Web site's computers until they seize up.

Various organizations have estimated that hacker attacks this year have cost businesses tens of billions of dollars, mostly in lost time. A study released last week by Jericho, N.Y.-based Reality Research estimated businesses worldwide will lose more than $1.5 trillion this year due to computer viruses spread through the Internet.

The ``ILOVEYOU'' virus earlier this year, spread via e-mail, affected about 45 million computer files at a cost to companies of $2.61 billion alone, according to Computer Economics Inc.

Counterpane's Schneier said a $20,000 annual premium will provide coverage for $1 million in hacker losses; the cost rises to $75,000 for $10 million in losses. The price any additional coverage, up to $100 million, must be negotiated with Lloyds.

Some regular insurance policies pay hacker losses under loss-of-business or act-of-vandalism clauses, but there are few policies written to specifically cover hacker attacks. And those that do often carry premiums that start at $100,000 and run up to $3 million.

Analysts say the hacker insurance market is expected to grow to billions of dollars in annual premiums by the end of the decade, reflecting the growing popularity of electronic commerce. But insurers have been reluctant to be the ground-breakers because there currently are no effective tools for measuring the risk.

INSUREtrust.com also assesses security risks, but provides protection only for what it calls ``residual risks.''

IBM and Sedgwick Group PLC, the world's third-largest insurance broker provide products ranging from security reviews to compensation for lawsuits brought by victims of online credit card fraud. And International Computer Security Association, an Internet security company, announced in 1998 it will pay corporations up to $250,000 if hackers successfully crack its computer system.


On the Net: