InformationWeek

October 5, 1998

Insurers Plan To Offer Antihacker Policies

Coverage could make E-commerce less risky

By Beth Davis

ew antihacker insurance policies from Cigna Property & Casualty and Sedgwick Technology Group are expected to drive down electronic-business risks.

Cigna this week will introduce insurance that will let companies recoup losses if someone breaks into their network and steals or damages data, or otherwise causes financial harm. Sedgwick Technology Group, a business unit of Sedgwick Inc., a global insurance broker, joined with IBM last week to offer similar coverage. These insurers join Lloyds of London and Kemper Insurance Cos. in offering such coverage, says the Insurance Information Institute in New York.

Companies launching E-commerce initiatives are particularly interested. "This insurance would be very appealing not only to me, but also to the casinos utilizing my services," says Tony Fontaine, VP of applied technology at Bally Gaming Inc. The Las Vegas gambling-machine maker next month will launch a system for its casino customers that will let 75,000 Nevada gamblers place bets on sports events over an extranet.

The insurance could cut risks for companies like Bally. If a company is attacked, "the board of directors, the CFO, the business manager may be personally liable," says Ellen Carney, a Dataquest analyst. Transferring risk "means you don't have to cruise along on a wing and a prayer," Carney says.

The insurance may also elevate E-commerce security levels. "If you have poor security, you'll pay higher premiums," notes Jim Balderston, an analyst at Zona Research Inc. "As data-theft insurance becomes more prominent, you'll see higher levels of security implemented."

Both Cigna's insurance, available now, and Sedgwick's, available in November, will cover external and internal attacks that interrupt business, steal or damage data, and cut into revenue. Cigna policyholders must purchase security assessment and monitoring services from Cisco Systems or Netsolve Inc. Or they can get a full-scale security audit from Cisco and fix any problems found. Sedgwick will require assessments on a case-by-case basis. It will offer optional consulting and assessment services from IBM.

Premiums for Cigna's policy vary: A retailer with $100 million in annual revenue would pay about $55,000 a year to cover external threats, with limits of $500,000 per theft, $1 million for damage to data or software, and $10 million for business interruption. Sedgwick hasn't set pricing.