More companies are taking out insurance policies
to protect against cybercrimes. Here’s why IT’s input is critical. BY MARY K. PRATT
IF YOUR COMPANY were hit with a cyberattack today, would it be able to foot the bill? The entire bill, includ- ing costs from regulatory fines, potential lawsuits, damage to your organizations’ brand, and hardware and software repair, recovery and protection? It’s a question worth careful consideration, given that the price of cyberattacks is rising at an alarming rate. The second annual Cost of Cyber Crime study, released last August by the Ponemon Institute, reported that the median
annualized cost of cybercrime for a company is $5.9 million —
a 56% increase from the 2010 median figure.
A growing number of insurance companies are offering policies
that provide protection in the event of data breaches and other
malicious hacks. But they’re having some difficulty making many
sales — in part because the cost of premiums can be staggering.
Lawyers and information security leaders say many executives
mistakenly believe that standard corporate insurance policies or
general liability policies cover losses related to hacking, or
that their cyberpolicies, if they have them, will cover all
costs related to a breach. Most of the time, they won’t.
A February 2011 paper by Forrester Research analyst
Khalid Kark indicates that many companies are still trying
to understand the basics of these policies, which are offered
by such carriers as ACE USA, Chubb, The Hartford and St. Paul
Travelers Cos. The most common questions revolve around what
types of polices are out there, what they cover, how to select the
right policy and whether such insurance is even needed.