Cyberinsurance 101: What it is, what to watch for

What you will learn from this tip: The fundamentals of cyberinsurance, including pitfalls to avoid when shopping for a policy.

For IT personnel, the way to protect a business's assets is through technology. Hardened servers, more redundancy, better security -- if you have a problem, you throw technology at it, right? At some point that technology is going to fail and it won't be able to ensure the continuity of the business. That is where insurance comes in.

Insurance essentially protects an investment from unforeseen circumstances. In the brick and mortar world those circumstances could be crime or severe weather. An event as far reaching and as damaging as a hurricane could also occur in the cyberworld. In a paper, Vern Paxson and Nicholas Weaver at the International Computer Science Institute, claim that a worst-case scenario Internet attack could cause

    Requires Free Membership to View

$50 billion in economic damage in the U.S. But even without the threat of a widespread attack, downtime of any kind can adversely affect the bottom line of any business.

If you work at a company whose primary business is not an online entity you might be inclined to trust in the traditional insurance that every company has. Not so fast. Your company might have a full complement of property and liability insurance, but in almost all cases these do not cover data. Even in cases where it seems data loss will be covered -- your datacenter gets flooded, for instance -- property insurance will only cover the physical loss of the hardware, not the data stored on it.

In the late 1990s when companies started to realize both how much their data was worth and how transient its safety could be, they also realized that they needed to insure their investment. It has taken the insurance industry a few years to figure out how to insure intangible data and in turn market acceptance has been slow.


Where's the cybersecurity coverage these days?
Though companies are expressing more interest in policies to protect against the onslaught of privacy breaches, such insurance still remains a rarity.


So, if you are looking into a cyberinsurance policy here are a few first steps and pitfalls to avoid.

  • Review your current coverage. Are you spending too much on the traditional plans like property, and errors and omissions? Is more of your company's worth in data?
  • Understand not only what your data is worth to you, but how your systems affect your business's bottom line. How much money could you lose from a single day of downtime? Quantify it. Insurance costs money, calculate the income loss so you can make better informed decisions.
  • Consider that the purchase of a policy will be made by an executive, a CSO, a CIO, a CEO, a CTO, but also know that the details needed to apply for the policy will come from various departments and levels of the organization. Make sure a single point person helps coordinate business and technical perspectives to ensure that you receive the proper coverage.
  • Most insurance companies are still developing their actuarial experience with regard to cyberinsurance, so make sure you choose one that has a proven track record of cyberinsurance coverage.
  • Insurance is a collective, the more companies that invest in cyberinsurance the less the coverage will cost.

Remember, not everything can be patched.

This was first published in May 2005

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.