He knew the threats that were out there.
But he just didn't think the insurance was worth the money. Up until just a few years ago, network policies provided only very limited coverage for losses that were the direct result of a computer security breach. And so instead, he, and others as well, spent money on virus protection and other technology to help build better network defenses.
But network policies have come a long way in the last few years. And a good thing too since the risk and the potential for loss is only getting worse. The risk has gone big time with both the involvement of organized crime and the government.
Organized crime--often state-sponsored--has become increasingly involved in cyber crime, creating a lucrative black market for private information stored on computer systems and putting companies at even greater risk than they were before. Regulators, meanwhile, have stepped in and have enacted notification laws that require companies to disclose whenever confidential personal information may have been inadvertently lost or stolen. Businesses are under pressure both to fend off the criminals and comply with the regulators in their efforts to keep valuable confidential information safe and avoid the risk of lawsuits, fines and penalties.
I recently spoke with Bob Parisi, an expert in cyber insurance at broker Marsh and a 2008 Power BrokerTM, and he says network insurance is in big demand these days in spite of the tough economy. Interest is particularly strong from retailers and financial institutions, two sectors that have been especially hard hit in the recession. Other sectors that are vulnerable include health care institutions as well as colleges and universities.
Parisi, who is national practice leader of Marsh's Technology, Network Risk and Telecommunications Practice, notes that interest in network coverage began to pick up several years ago after underwriters began crafting more comprehensive coverage.
The first breakthrough came with the addition of privacy liability coverage. This meant companies had coverage for more than just breaches and intrusions but also for failures to protect confidential information--a lost laptop for instance.
The next step was coverage for vicarious liability. This expanded coverage to include any confidential information that might be lost by a company's vendors. With so many companies outsourcing key parts of their operations, this was critical.
The policies also began providing coverage for preclaim liability. Even before companies are hit with any kind of claim or lawsuit, they have to disclose the problem to their customers and that disclosure can be costly.
Finally, the policies now also will cover defense costs as well as any fines and penalties associated with regulatory actions.
What does the future hold? Policies may begin to become more standardized as the market matures. Parisi says policies all tend to share the same meaning, but they are all using different terms and language to get there.
Capacity is also expanding as more insurers see this as a viable market and begin offering coverage. In years past, Parisi says it could be hard to put together $50 million in limits. These days $50 million, $75 million and $100 million in limits is routine and even $200 million can be done.
PATRICIA VOWINKEL has worked for national media outlets for more than 20 years.
July 1, 2009
Copyright 2009© LRP Publications