MIS offers Web attack policy

Insurance: IT departments turn to insurance companies for Web security and disaster recovery

Insurance: IT departments turn to insurance companies for Web security and disaster recovery

Hacker attacks and security breaches, which have blighted companies such as Reed Executive, Egg and Powergen, are fuelling demand for specific insurance cover, it was claimed last week.

Insurance companies are offering IT departments an expanding range of insurance policies offering cover against losses caused by deliberate attacks on their systems, the Association of British Insurers said.

Internet crimes will grow in frequency and commercial organisations will be increasingly at risk from attack from their own employees and external hackers, predicts the association in its report on future crime trends.

The trend of storing large amounts of valuable and sensitive data electronically will leave greater opportunities for theft and misuse, warned the association.

Insurers are responding by offering new policies to cover companies from losses caused by hackers and computer viruses.

The latest, unveiled this week by IT security firm MIS and US managing agency Wurzler, will cover the cost of lost business and the public relations costs of mounting a damage limitation exercise if systems are breached.

It claims to be the first to insure dotcom ventures for the costs of lost business, irrespective of whether or not they are making profits.

The policy will also indemnify firms against claims from customers, should the insured firm accidentally send them a virus.

To qualify for cover, businesses will have to agree to have the security of their systems audited regularly, using penetration tests. The more secure their systems, the lower the premiums.

An organisation with a turnover of £5m from e-commerce, will typically pay £45,000 a year for £1m in cover, if it agrees to daily penetration tests. The cost rises to £49,000 if the tests are carried out quarterly.

The policy is designed to reassure customers that an organisation's IT systems are secure, said Matt Tomlinson of MIS. "They will be able to say to customers 'we are secure, but if something does happen, we are covered and so are you."

Read more on IT risk management