The hardened insurance market, costly incidents of cyber crime, and a new ISO Electronic Data Liability endorsement, which provides clear limitations for cyber risks under its Commercial General Liability standard-are all factors driving commercial insurers to reevaluate their business liability coverage. And many of them are beginning to separate cyber coverage from commercial general liability coverage."You're clearly starting to see traditional insurance policies getting much clearer on their intent around cyber exposures," says Jon Farber, assistant vice president of global technology underwriting at St. Paul Cos. The St. Paul-based insurer is one of several commercial insurers offering cyber insurance. Others include Zurich North America, AIG, Chubb, and Lloyd's of London.
Many of these carriers are also creating alliances with Internet security firms. Through these alliances, insurers assess the security of businesses applying for cyber coverage, and offer them prequalification or discounts on premiums for installing specific security technologies.
Atlanta-based Internet Security Systems, for example, offers companies a bundle of services called "Secure Steps," which includes managed firewall, intrusion detection, antivirus and emergency response services. Companies that sign up for the service are prequalified for cyber insurance through New York-based Marsh McLennan Inc.
These alliances are beginning to provide an incentive for companies to invest in specific Internet security solutions, says Ian Williams, e-security analyst for Datamonitor, a London-based business and market research firm. "In the offline world, when people hire security guards and buy burglar alarms, they often find the cost of buying the alarm is less than what they're saving on their premium-which is why they do it. The ROI is immediate."
"Eventually, the insurance industry will subsume the computer security industry," said Bruce Schneier, chief technical officer, Counterpane Internet Security Inc., Cupertino, Calif., when he testified before a U.S. Senate committee on Internet security in July. "The kind of firewall you use, and the kind of network monitoring scheme you use-will be strongly influenced by the constraints of insurance."
