Home News News Item
 

Insuring Against Cybercrime Gets Tougher

March 2001

Insurers set stricter policies and charge more for cyberinsurance after Sept. 11.

The new year ushered in a host of changes for cybercrime insurance policies. Many insurers will exclude online assets from standard commercial insurance policies this year, shifting the coverage to costlier supplemental policies. What's more, some policies will offer no coverage if IT damage is terrorist-related.

"I used to think cybercrime would become a standard feature of commercial property policies," says Robert Hartwig, chief economist at the Insurance Information Institute in New York. "Instead, the opposite has happened."

Policies covering IT have typically protected against physical loss or damage; a computer zapped by lightning would be covered like any other piece of office equipment. At least three insurance carriers--The Hartford Financial Services Group, Royal & SunAlliance Insurance Co., and Zurich North America--have excluded cybercrime coverage from their standard policies and are offering supplemental policies. "There's a tremendous amount of exposure that was never intended in the pricing of those policies," says Tom Shields, senior VP of marketing for the financial enterprises division of Zurich North America.

Sept. 11 took a huge toll on the insurance industry, which will pay out $50 billion as a result of the terrorist attacks. Now, insurers have drawn a line in the sand. "They want to make it clear that losses stemming from denial of service, viruses, and intellectual property violations aren't covered by standard policies," Hartwig says.

Some insurers will exclude all coverage of terrorist activities, both virtual and physical. Others will offer cyberpolicies that cover terrorist threats. But proving that a cyberattack is the result of terrorism won't be easy. "Just because a virus was accidentally spread from a third-world country doesn't mean it's a terrorist attack," Lamprecht says.

Source...

News Headlines