Lloyd’s of London To Offer Hacker Insurance

Lloyd’s of London, one of world’s largest insurance firms, has partnered with San Jose, California-based Counterpane Security, Inc. to offer insurance against business losses due to mischief by hackers.

Counterpane said the insurance program will protect against the loss of revenues and information assets caused by Internet and e-commerce security breaches. The firm will offer one program for its clients, and another that its clients can offer to their own customers.

Counterpane chief technology officer Bruce Schneier said, “This is not for your home user, this is for Yahoo!, this is for CDUniverse, which lost all those credit card numbers in January. It’s threat avoidance. This, along with monitoring, is just another arrow in your quiver.”

Ransom Insurance

Counterpane says its customers will have exclusive access to two previously unavailable insurance programs. The first program, Internet Access and Income Protection Coverage, is designed for Counterpane clients. The second, Internet Asset and Income Protection Warranty Plan, is a program that Counterpane clients can offer to their customers.

Both plans cover damages, lost revenues and special costs. The cyber-damage protection portion covers the cost to repair and replace data and/or software to the same standard following a hacker attack that damages, destroys, alters, corrupts or otherwise misuses the customer’s electronic devices.

The revenue protection portion covers financial losses following a service interruption or service impairment caused by a hacker maliciously blocking access to a customer’s site.

The extortion protection part of the plan covers the costs of a specialist consultant’s assistance in a security crisis and any subsequent negotiation, including payment of a ransom demand.

The insurance products will be underwritten by insurance brokers Frank Crystal & Co. and SafeOnline. Businesses needing more than $100 million (US$) in protection can negotiate additional coverage directly with Lloyd’s.

Reluctant Insurers

According to Lloyd’s, hackers can cause millions of dollars worth of damage, and insurance companies have historically been unwilling to insure against those losses. Said Bronek Masojada, CEO of Lloyd’s insurer Hiscox, “Until now, the insurance industry has not had sufficient assurance of risk control from security companies.”

Masojada said that Counterpane showed Lloyd’s that it was able to substantially reduce its clients’ exposure to risk through security monitoring. Because of Counterpane’s monitoring services, Lloyd’s was able to “broaden the coverage and increase the amount and availability of our insurance to Counterpane and their customers,” Hiscox said.

According to the Insurance Information Institute, a non-profit organization sponsored by the property/casualty insurance industry, e-commerce insurance has been available for some time. However, many dot-com companies were either not aware of its existence or did not feel a need for it until after the denial-of-service (DoS) attacks on Yahoo! and other major Web sites last February.

The DoS attacks reportedly sparked a flood of calls to insurance brokerages. The Insurance Information Institute said that sales of e-commerce insurance policies could exceed the $2.5 billion now spent on directors’ and officers’ liability insurance policies.

The organization said that an e-commerce policy “can include loss of business income, public relations, intellectual property, difference in conditions, interruption of service and electronic publishing liability. In general, companies with revenues of $1 billion or less can expect to pay premiums of about $25,000 to $125,000 for at least $25 million in coverage. Coverage limits can be as high as $200 million.”

The Institute notes that DoS attacks and other e-commerce risks are not covered by typical business insurance policies, but rather by e-commerce insurance policies which will usually cover the cost of computer consultants and lost income during the time an e-commerce site is down. Lost income can include lost sales for e-tailers and lost “click-throughs” for content provider sites.

Hacker Tally

A report out last week from Jericho, New York-based Reality Research predicted that businesses worldwide will lose more than $1.5 trillion this year due to computer viruses spreading through the Internet.

Computer Economics, Inc. has estimated that the “ILOVEYOU” virus, which was released earlier this year and spread via e-mail, affected 45 million computer files and cost companies $2.61 million.