In January, the hacker insurance market increased as many existing commercial general liability policies expired and were replaced by policies that contain explicit exclusions for hacker-related losses.
According to the Insurance Information Institute, a policy covering revenue lost due to hacking costs about $4,000 per year for each $1m in coverage.
Policies generally insure against losses due to hackers, viruses, worms, cyberterrorism, programming errors or intellectual property theft on the internet.
The Love Bug, Melissa, Code Red and other vulnerabilities have cost companies more than $54bn in down time, removal expenses and repairs according to Computer Economics.
‘Fears about how such vulnerabilities and attendant magnitudes of loss might impact on national security have reached a critical mass,’ attorney Robert Steinberg of Latham & Watkins wrote in a recent brief, ‘Particularly given the post- 11 September climate.’
The Bush administration has also pushed insurers to work with businesses to set up a security baseline in the private sector.
For example, American International Group, the world’s largest insurance company, said business espionage has become an increasing concern as 72% of US high-tech companies believe they are a target for domestic espionage, 46% cite foreign competition and 32% fear foreign governments.
Still AIG, which writes about 70% of cyber policies in the US, has only issued 2,000 policies for far, each with a minimum price of $10,000.
Gartner analyst John Pescatore said cyber insurance gets a temporary boost after every high visibility attack, like Nimda or Slammer.
But he warned: ‘Enterprise legal counsels and chief financial officers aren’t yet convinced that hacker insurance will limit their liability or ever recover the costs of the premiums plus the deductibles,’ he said.
Pescatore said it is not that the economic implications of the attacks are not well understood, it is that the value of hacker insurance is not clear at all.
He said for example, no one can point to any case law or legal precedent that would indemnify a company from all liabilities that might spring from a hacker attack.
‘It doesn’t seem particularly hard to get the insurance,’ Pescatore said. ‘Worst case, an enterprise needs to undergo a security audit, which most enterprises do regularly anyway.’
Barclays has partnered with accounting software company Xero to provide businesses with access to transaction data through its direct feed.
Government's estimate of a £400m admin saving from Making Tax Digital is way off - and is instead a huge cost burden, warns Lamont Pridmore chief executive Graham Lamont
Xero unveiled its expanded global partner programme at Xerocon South, the accounting technology conference in Australasia
Accountancy software firm Sage has been hit by a data breach which may have compromised the personal details and bank account details of as many as 300 UK businesses