Recent assaults on big-name Web sites have startled many companies into examining insurance policies that protect companies from losses attributable to computer hackers. The headlines about temporary service interruptions at such sites as Ebay, Amazon, and Yahoo have penetrated the corporate boardroom, where the risk is being taken seriously.
"Traditionally, senior management and risk managers thought of the types of network risks that we're insuring as being the systems department's problem," says Brad Gow, assistant vice president for the IT products group at ACE USA Philadelphia. "But as companies went through the Y2K preparation and remediation exercise, they gained a better idea of what mission-critical tasks are being driven through their networks, and the kinds of real exposures they have."
Policies that protect companies from damages caused by computer hackers should be considered a general business practice, no different than fire and casualty coverage, according to Alexander C. Cheung, who manages the Monument Internet Fund, a top-performing Internet stock fund.
Prices for the various kinds of hacker insurance can vary widely, based on industry, company revenue, and the amount of network security in place, according to Gow. He says that annual premiums generally range from $15,000 to $30,000 a year, for limits of $1 million to $2 million, with coverage up to $25 million. Deductibles can range to $10,000 and above. Before a policy is awarded, a security audit ($3,000 to $6,000) may need to be performed.