Businesses consider 'hacking insurance'

With high-profile network outages and virus attacks on the rise, businesses want more than good security
Written by Robert Lemos, Contributor

Security monitoring service Counterpane Internet Security announced Monday that it has teamed up with insurance house Lloyd's of London to offer Counterpane customers insurance against loss of revenue and valuable data due to network security breaches.

After February's high-profile denial-of-service attacks and May's epidemic of the ILOVEYOU virus, businesses want more than good security, said Bruce Schneier, chief technology officer of Counterpane.

"The future of security will be driven not by technology, but by insurance," he said, adding that e-commerce companies "don't have to prevent hacking; they have to manage their risk".

The insurance policy can be used to insure companies for up to $100m (£66m)in losses due to security breaches in network security and e-commerce.

The deal marks the second time Lloyd's has teamed up with a security firm to offer insurance against hacking. Other insurance houses have followed suit, partnering with security auditors to offer "hack insurance" to companies that pass a strict audit.

Such insurance is the way of the future, say others in the industry, because companies want to assure themselves that their business cannot be destroyed by a teenager behind a keyboard.

"If the sum of your business is what's on your servers, your reputation on the Internet and the preparation for continuing your business after a disaster, you better make sure that you have some insurance," said Dan Geer, chief technology officer for security consultant @Stake "Those are the minimum ingredients for any successful electronic business."

The new insurance offered by Lloyd's and Counterpane also protect a business's consumers and protects the business against lawsuits by its customers.

That's one policy that companies such as online music seller CDUniverse may need. The music retailer has opened itself up to a massive lawsuit after allegedly losing 300,000 of its customers' credit card numbers to a Russian cyber-criminal last December.

"The biggest possible loss in any of these cases is almost always due to third-party liability," said Keith Lowry, director of security auditing and investigations for Pilot Network Services

Still, is hacking insurance the equivalent of a high-risk bet against your own company?

"CDUniverse wouldn't have thought so. Nike wouldn't have thought so," said Schneier.

"It solves the chief executive problem. Our service is targeted not at the security guy but the person above him. The chief executive wants to manage the risk."

Take me to Hackers

What do you think? Tell the Mailroom. And read what others have said.

Editorial standards