Big insurers are now offering policies against hacks, viruses, and stolen data. They may also set security standards. This broad rubric covers policies that address threats new to the Digital Age, including virus attacks, denial-of-service assaults, cracking into company systems, and Web-site defacements.. . .
Big insurers are now offering policies against hacks, viruses, and stolen data. They may also set security standards. This broad rubric covers policies that address threats new to the Digital Age, including virus attacks, denial-of-service assaults, cracking into company systems, and Web-site defacements. Some companies even write policies that cover cyber-extortion, where an online intruder or an insider steals crucial data such as customer credit-card files and demands a payoff. The rising tide of lawsuits against companies whose employees have used corporate e-mail inappropriately has also caught the attention of e-insurers.

The repercussions could be sweeping. Why? Because insurers will probably become a major force in shaping the computer- and network-security business. They'll likely mandate what types of security practices, providers, and products are acceptable, just as they've shaped practices and products in the construction and auto industries. "Things like CodeRed [a computer worm that appeared in July, 2001] are happening so often now that cyber-insurance will become ubiquitous. Then [insurance] price differentials will appear for different types of software," says Bruce Schneier, chief technology officer of Counterpane Internet Security.

The link for this article located at BusinessWeek is no longer available.