Lloyd's offers hacker insurance

[William Knowles <wk () C4I ORG>]

http://news.cnet.com/news/0-1005-200-2232221.html?tag=st.ne.1002.thed.ni

By The Associated Press
Special to CNET News.com
July 9, 2000, 11:30 p.m. PT

SAN JOSE -- Lloyd's of London will offer up to $100 million in
insurance coverage to clients of computer security management firm
Counterpane Security against hacker losses to their business or their
customers.

Counterpane in its announcement today claimed to be the first Internet
security service provider to provide a guarantee of direct financial
reimbursement in the event a hacker breaks through its defenses and
uses customer data. The guarantee is underwritten by insurance brokers
Frank Crystal & Co. and SafeOnline, with additional coverage available
for purchase from Lloyd's, the world's leading insurance market.

"This is not for your home user, this is for Yahoo, this is for
CDUniverse, which lost all those credit card numbers (to a hacker) in
January," said Bruce Schneier, chief technology officer at
Counterpane. "It's threat-avoidance. This, along with monitoring, is
just another arrow in your quiver."

Standard computer security includes firewalls, antivirus software that
is updated weekly and systems that can prevent the entry of hackers.
But experts say much of that software contains weaknesses that can be
exploited by enterprising hackers.

An FBI-funded reported in March, based on responses from 643 mainly
large companies and government agencies, suggested an epidemic of
computer crime is under way across the United States. Since March
1999, nine out of 10 organizations reported computer security
breaches, according to the annual Internet crime survey by the Federal
Bureau of Investigation and the San Francisco-based Computer Security
Institute.

The most common forms of unauthorized computer intrusions are still
viruses, stolen laptop computers and employees abusing their Internet
privileges. But businesses increasingly are reporting more serious
incidents, including system penetration from the outside, financial
fraud, data network sabotage, or denial-of-service attacks--a deluge
of repetitive requests sent to clog a Web site's computers until they
seize up.

Various organizations have estimated that hacker attacks this year
have cost businesses tens of billions of dollars, mostly in lost time.
A study released last week by Jericho, N.Y.-based Reality Research
estimated businesses worldwide will lose more than $1.5 trillion this
year due to computer viruses spread through the Internet.

The "ILOVEYOU" virus earlier this year, spread via e-mail, affected
about 45 million computer files at a cost to companies of $2.61
billion alone, according to Computer Economics.

Counterpane's Schneier said a $20,000 annual premium will provide
coverage for $1 million in hacker losses; the cost rises to $75,000
for $10 million in losses. The price any additional coverage, up to
$100 million, must be negotiated with Lloyds.

Some regular insurance policies pay hacker losses under
loss-of-business or act-of-vandalism clauses, but there are few
policies written to specifically cover hacker attacks. And those that
do often carry premiums that start at $100,000 and run up to $3
million.

Analysts say the hacker insurance market is expected to grow to
billions of dollars in annual premiums by the end of the decade,
reflecting the growing popularity of electronic commerce. But insurers
have been reluctant to be the ground-breakers because there currently
are no effective tools for measuring the risk.

INSUREtrust.com also assesses security risks, but provides protection
only for what it calls "residual risks."

IBM and Sedgwick Group, the world's third-largest insurance, broker
provide products ranging from security reviews to compensation for
lawsuits brought by victims of online credit card fraud. And
International Computer Security Association, an Internet security
company, announced in 1998 it will pay corporations up to $250,000 if
hackers successfully crack its computer system.


*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".