Network risk exposure would likely be considered a first-party risk, because revenues to a corporation would suffer as a result of a significant business-interruption loss. There is also potential liability exposure if corporate customers are dependent on your network and/or your applications for some business need.
This risk exposure should also be elevated on the list of concerns for the risk manager whose company requires 24-hour networking availability in order to conduct business and meet the demands of customers or partners.
Thus, a risk manager may want to answer these questions: How important is the corporate computer network in terms of ensuring that the network is always on and connected? Should an attack occur, how long can the business afford to have the network down before it becomes a serious issue? Might other networks or services contribute to or cause a future loss? Might customers or partners be affected should the network crash for a sustained period?
For the risk manager seeking to cede all or part of the exposure, he or she may want to consider a cyberrisk policy that specifically covers "cyberextortion."
Carriers starting to cover this exposure include Ace USA, AIG, Arch (Digital Risk Managers), Chubb, Zurich, and various London syndicates, such as Hiscox and JLT Risk Solutions. Policies often reimburse the insured for the financial payout to an extortion attack. Limits or sublimits range from $250,000 to more than $20 million.
There are few conditions and exclusions that would degrade coverage beyond some commonsense elements, such as the immediate notice and written approval by the insurer.
Three example policies that cover this peril include the "WebNet" form from Digital Risk Managers (Arch), which offers to pay for extortion monies and/or extortion expenses incurred as a result of any extortion threat that began during the policy period. No deductible applies to this coverage.
Ace USA offers its version, known as the "Digitech" form, and AIG's version is the "NetAdvantage Security" form.
June 1, 2006
Copyright 2006© LRP Publications