Premium Protection

Security breaches. Viruses. Should you amend your IT insurance plan to cover such risks?
Story by Thomas Hoffman

MARCH 31, 2003 ( COMPUTERWORLD ) - A small but growing number of companies are looking to buy insurance that would provide financial relief in the event of a data security breach caused by cyberattack or digital terrorism. Let's say a hacker broke into your company's networks and accessed reams of sensitive customer account data. Would your company be covered under its general liability insurance? Probably not.

Three or four years ago, there were a lot more gray areas as to whether information security was covered under general corporate liability policies, says Emily Freeman, a security consultant at AIG eBusiness Risk Solutions in San Francisco, an American International Group Inc. (AIG) division. Computer and data security "wasn't affirmatively covered, but it wasn't excluded either. But now, the drift is for exclusion," says Freeman. As a result, financial services companies, retailers, hotels, travel-related businesses and technology companies are showing strong interest in data security insurance. Commercial insurers such as AIG, Zurich North America Insurance Co. and The Chubb Corp. are responding with customized cybersecurity policies based on individual companies' exposure to risk.  »read more