A growing threat: computer networks are increasingly vulnerable to catastrophic cyberrisk.Advances in technology are revolutionizing how the world does business. These advances are fueling remarkable productivity growth. But society's growing dependence on vast networks of computers is making it increasingly vulnerable to a new array of potentially catastrophic threats collectively called cyberrisk. For insurers, these new threats are also huge opportunities. Seizing these opportunities will require learning how to cover cyberrisk. With more than 730 million people connected to the Internet, Forrester Research Forrester Research is an independent technology and market research company that provides its clients with advice about technology's impact on business and consumers. Corporate facts
Every business using computers to store critical data, interact with customers or suppliers, or perform other essential processes is exposed to cyberrisk. Consumers also are exposed, with the Internet and World Wide Web making fraud, identity theft and invasion of privacy invasion of privacy n. the intrusion into the personal life of another, without just cause, which can give the person whose privacy has been invaded a right to bring a lawsuit for damages against the person or entity that intruded. possible on an unprecedented scale. Transnational criminals, terrorists and intelligence services are learning about and using viruses, Trojan horses It may never be fully completed or, depending on its its nature, it may be that it can never be completed. However, new and revised entries in the list are always welcome.
tr.v. dis·grun·tled, dis·grun·tling, dis·grun·tles To make discontented. [dis- + gruntle, to grumble (from Middle English gruntelen; see insiders pose a particular threat because of their knowledge of and access to the systems they may attack. The frequency, cost and sophistication so·phis·ti·cate v. so·phis·ti·cat·ed, so·phis·ti·cat·ing, so·phis·ti·cates v.tr. 1. To cause to become less natural, especially to make less naive and more worldly. 2. of cyber-attacks are increasing. The number of computer security incidents reported to the CERT Coordination Center rose from just six in 1988 to 137,529 in 2003. After declining from a record $17.1 billion in 2000 to $11.1 billion in 2002, the financial damage inflicted by computer viruses is once again rising, increasing to $13.5 billion in 2003, according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. Computer Economics Inc. The MyDoom virus caused an estimated $4 billion in damage last January, but the Love Bug A famous virus that arrived as an e-mail attachment using the "double extension trick." The file name was "I LOVE YOU.TXT.vbs." The .vbs extension slipped by users who thought it was a safe text (.TXT) file. still holds the record at $8.75 billion. Daily, we face the threat of super attacks with effects that could dwarf those of previous viruses and worms. For example, the Slammer A worm that caused a billion dollars worth of damage on the Internet on January 25, 2003. Slammer infected computers all over the Internet by generating random IP addresses and causing the computer's buffer to overflow with its own instructions that replicate itself and start the process worm disabled a safety monitoring system at a nuclear power plant in Ohio for nearly five hours and shut down the plant's process computer for about six hours. But not all cyberrisks are new and exotic. A fire, power failure or theft of hardware can shut down a computer system just as effectively as malicious code or a denial-of-service attack. Two of the first steps in providing insurance against cyberrisk are defining the scope of the threat and then developing policy forms and endorsements specifying coverage terms and conditions, including the perils and causes of loss insured against. Though some insurers have been working on this problem for about a decade, the market for cyberrisk insurance has been hampered by the absence of standardized policy language such as that which is available for more traditional risks. But development of standardized contracts is a natural step in the evolution of insurance markets, and progress is being made. For example, 1999 witnessed the introduction of standardized commercial inland marine forms providing coverage against direct physical loss or damage to computer equipment, data and media. And 2001 brought the introduction of standardized commercial property forms providing limited coverage for the destruction of electronic data, as well as an endorsement providing additional coverage of firms in e-commerce. That same year also brought commercial general liability polices with standardized language covering liability for Internet advertising that infringes on copyrights, slogans or trade dress, such as packaging or symbols associated with specific companies, brands or products. But policy forms and endorsements alone are not enough. To cover cyberrisk, insurers must learn how to underwrite and price cyberrisk, as well as settle a whole new class of claims. With Gartner Inc., having projected that cyberinsurance premiums will rise to about $1 billion in 2005, those insurers that find effective means of covering cyberrisk will unlock an enormous opportunity to do well by doing good. Frank J. Coyne, a Best's Review columnist, is chairman, president and chief executive officer of Insurance Services Office Insurance Services Office, Inc. (ISO) is a provider of data, underwriting, risk management and legal/regulatory services to property-casualty insurers and other clients. Headquartered in Jersey City, New Jersey, the organization serves clients with offices throughout the United Inc. He can be reached at insight@bestreview.com. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion