[Am-info] For those who illogically insist on using MickySoft products.....

Fred A. Miller fm@cupserv.org
Thu, 3 Jan 2002 15:12:11 -0500 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Insurers Rethink IT Coverage For 2002

The new year is bringing a host of changes for cybercrime 
insurance policies. In 2002, many insurers will exclude online 
assets from standard commercial insurance policies, shifting 
the coverage to more costly supplemental policies. What's 
more, some policies will offer no coverage whatsoever if IT 
damage is terrorist-related. "I used to think cybercrime would 
become a standard feature of commercial property policies," 
says Robert Hartwig, chief economist at the Insurance 
Information Institute in New York. "Instead, the opposite has 
happened."

The intent of policies covering IT has been to protect against 
physical loss or damage--a computer zapped by lightning would 
be covered like any other piece of office equipment. But in 
recent years, companies have made claims on policies as a 
result of denial-of-service attacks. That was a problem for 
insurers, because traditional policies were designed and 
written when such attacks weren't an issue, says Tom Shields, 
senior VP of marketing for the financial enterprises division 
of Zurich North America. "There's the realization that there's 
a tremendous amount of exposure which was never intended in 
the pricing of those policies," Shields says.

Now insurers have drawn a line in the sand. "They want to make 
it clear that losses stemming from [denial-of-service 
attacks], viruses, and intellectual-property violations are 
not covered by standard policies," Hartwig says. Insurers 
started offering separate policies that covered malicious 
attacks back in 1999. Some supplemental policies, such as 
Zurich's E-Risk Edge policy introduced last month, have 
broader coverage compared with last year. An extension of 
Zurich's E-Risk E-commerce insurance program first offered in 
1999, E-Risk Edge takes a more comprehensive view of E-
business challenges. One new feature is dependent business 
income coverage, which helps cover business income lost as a 
result of vendor problems. "Over the course of the last few 
years, it's become very apparent that people really depend on 
other vendors to provide Internet-related services," Shields 
says. 

Another new wrinkle for 2002 is lack of coverage for terrorist 
attacks on computer systems. "You still have coverage if a 
teen-ager in the Philippines sends a virus and brings your 
systems down," Hartwig says. But companies won't necessarily 
be covered if a cybercrime was designed to further a political 
or religious cause. Says Hartwig, "Most people think about 
terrorist acts as the destruction of property, but the 
definition insurers will use won't necessarily mean that." 
- - Sandra Swanson

Go deeper. Read about efforts to protect IT assets: 
Zeroing In
http://update.informationweek.com/cgi-bin4/flo?y=eFbV0Bce7K0V20Zhc0AQ

Management Takes Notice
http://update.informationweek.com/cgi-bin4/flo?y=eFbV0Bce7K0V20R7U0AF

- -- 
Fred A. Miller
Systems Administrator
Cornell Univ. Press Services
fm@cupserv.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8NLsbIhTtc6nTZIIRAiuSAJ93HVJn1l1/xFNQSieJ7NjQnT/JAQCeP67i
Xrq0wvjo8lF7RM0K8ehk46A=
=4AMD
-----END PGP SIGNATURE-----