Lloyd's Offers Hacker Insurance

[Paul Howell]

At http://dailynews.yahoo.com/h/ap/20000710/tc/hacker_insurance_1.html

Monday July 10 12:03 AM ET 

Lloyd's Offers Hacker Insurance

By CLIFF EDWARDS, AP Technology Writer 

SAN JOSE, Calif. (AP) - Lloyd's of London will
offer up to $100 million in insurance coverage to
clients of computer security management firm
Counterpane Security Inc. against hacker losses to
their business or their customers.

Counterpane in its announcement Monday claimed
to be the first Internet security service provider to
provide a guarantee of direct financial
reimbursement in the event a hacker breaks
through its defenses and uses customer data. The
guarantee is underwritten by insurance brokers
Frank Crystal & Co. and SafeOnline, with
additional coverage available for purchase from
Lloyd's, the world's leading insurance market.

``This is not for your home user, this is for Yahoo!,
this is for CDUniverse, which lost all those credit
card numbers (to a hacker) in January,'' said Bruce
Schneier, chief technology officer at Counterpane.
``It's threat-avoidance. This, along with monitoring,
is just another arrow in your quiver.''

Standard computer security includes firewalls,
antivirus software that is updated weekly and
systems that can prevent the entry of hackers. But
experts say much of that software contains
weaknesses that can be exploited by enterprising
hackers.

An FBI-funded reported in March, based on
responses from 643 mainly large companies and
government agencies, suggested an epidemic of
computer crime is under way across the United
States. Since March 1999, nine out of 10
organizations reported computer security
breaches, according to the annual Internet crime
survey by the Federal Bureau of Investigation and
the San Francisco-based Computer Security
Institute.

The most common forms of unauthorized computer
intrusions are still viruses, stolen laptop computers
and employees abusing their Internet privileges.
But businesses increasingly are reporting more
serious incidents, including system penetration
from the outside, financial fraud, data network
sabotage, or denial-of-service attacks - a deluge
of repetitive requests sent to clog a Web site's
computers until they seize up.

Various organizations have estimated that hacker
attacks this year have cost businesses tens of
billions of dollars, mostly in lost time. A study
released last week by Jericho, N.Y.-based Reality
Research estimated businesses worldwide will
lose more than $1.5 trillion this year due to
computer viruses spread through the Internet.

The ``ILOVEYOU'' virus earlier this year, spread
via e-mail, affected about 45 million computer files
at a cost to companies of $2.61 billion alone,
according to Computer Economics Inc.

Counterpane's Schneier said a $20,000 annual
premium will provide coverage for $1 million in
hacker losses; the cost rises to $75,000 for $10
million in losses. The price any additional
coverage, up to $100 million, must be negotiated
with Lloyds.

Some regular insurance policies pay hacker
losses under loss-of-business or act-of-vandalism
clauses, but there are few policies written to
specifically cover hacker attacks. And those that
do often carry premiums that start at $100,000 and
run up to $3 million.

Analysts say the hacker insurance market is
expected to grow to billions of dollars in annual
premiums by the end of the decade, reflecting the
growing popularity of electronic commerce. But
insurers have been reluctant to be the
ground-breakers because there currently are no
effective tools for measuring the risk.

INSUREtrust.com also assesses security risks, but
provides protection only for what it calls ``residual
risks.''

IBM and Sedgwick Group PLC, the world's
third-largest insurance broker provide products
ranging from security reviews to compensation for
lawsuits brought by victims of online credit card
fraud. And International Computer Security
Association, an Internet security company,
announced in 1998 it will pay corporations up to
$250,000 if hackers successfully crack its
computer system.