Cyber Liability Insurance Mitigates Exposure

December 7, 2009 by ADMIN

Share |

By Laton McCartney, Editor at CIOZone

Four or five years ago, insurance carriers selling cyber-liability insurance had difficulty giving the product away.

“CIOs weren’t interested,” Drew Bartkiewicz, vice president of cyber and new media risk at The Hartford (HIG), tells CIOZone. “They’d say, ‘We have firewalls; we have encryption. What do we need cyber-liability insurance for?”

That “what, me worry?” attitude has changed dramatically with the financial downturn, the sharp uptick in outsourcing and the influx of potentially disruptive technologies such as cloud computing, social networking and virtualization.

“CIOs are starting to embrace the idea of protecting against the risk that comes about as the unintended consequence of Web 2.0 technology,” Bartkiewicz says.

“At the same time, data is becoming increasingly regulated, which is creating new exposures, particularly in the areas of data privacy and reputational risk.”

Hartford’s CyberChoice 2.09 insurance covers data privacy, e-media and Internet liability, network security, infringement of intellectual property rights, professional services and network security.

Customers can pick and chose the kinds of coverage they need and have a wide choice of providers, including Hartford; MAG Mutual, which focuses primarily on the health care industry; BBVA Compass; and Brunswick Companies.

Premium costs and policy limits vary depending on how much coverage a company buys. Compass has a $5 million policy limit, for example. Hartford’s limit is $10 million.

Bartkiewicz says one of the big problems today is rogue employees who may say something derogatory in a blog.

“They can publish at will, and their employer is not protected by placing its terms and conditions on its Web site. You can’t hide behind conditions if something goes wrong.”

Case in point, notes Bartkiewicz: Louis Vuitton won $63 million in a suit against eBay (EBAY) last year as the result of a law suit claiming the online auctioneer hasn’t done enough to prevent sales of counterfeit luxury goods.

Other major threats today include data breaches, especially sensitive healthcare or financial data. “The nature of the data has an impact on the potential liability,” Bartkiewicz says.

Bartkiewicz is also wary of cloud computing providers that may have data from hundreds or even thousands of customers stored.

In the technology sector, he notes, the term aggregation usually has a positive connotation, meaning economies of scale have been achieved.

“In the financial services industry, however, it’s become a four letter word.”

The reason? The more data that’s aggregated in cloud storage, the greater the risk if the cloud provider experiences a problem.

In applying for liability and risk coverage, a company has to complete an extensive questionnaire dealing with the risk controls they have in place and the organization’s potential vulnerabilities.

In the past, these questionnaires were sometimes filled out by the risk manager alone. Today, however, both the CIO and the risk manager need to complete the questionnaire.

“If the risk manager tells us that the CIO was too busy to work with him in completing the questionnaire or sign it, that shows us that they’re not working together,” says Bartkiewicz.

“Those are the kinds of clients we run from.”

* * *

Stay Informed With ISR News Alerts:

* * *

Laton McCartney is a former editor-in-chief of InformationWeek. He has also been a top editor at several Ziff Davis publications, including Smart Partner. Laton has written for The Washington Post, Fortune and other national publications. He also the author of a number of books, including the best-seller “Friends in High Places: The Bechtel Story.” His latest, “The Teapot Dome Scandal: How Big Oil Bought the Harding White House and Tried to Steal the Country“, will be published in February by Random House.

CIOZone.com is the first of its kind online meeting place for CIOs. It is built upon the foundation of social networking and combines user generated content and expert editorial together around an open source platform.

The Publisher gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com

These icons link to social bookmarking sites where readers can share and discover new web pages.