Risky Business In Cyberspace.In the growing world of e-commerce, insurance companies and brokers face the challenge of identifying Internet risks, creating products to transfer them and underwriting Underwriting 1. The process by which investment bankers raise investment capital from investors on behalf of corporations and governments that are issuing securities (both equity and debt). 2. The process of issuing insurance policies. the products successfully. For a few startling star·tle v. star·tled, star·tling, star·tles v.tr. 1. To cause to make a quick involuntary movement or start. 2. To alarm, frighten, or surprise suddenly. See Synonyms at frighten. hours in February, Yahoo Inc. disappeared from computer screens around the world. The next day, eBay and several other Internet giants were temporarily out of business, too. The well-known Web sites had been sabotaged by hackers, drawing worldwide attention to the issue of online security. The damage to Yahoo and the other major sites was caused by a virus embedded Inserted into. See embedded system. in numerous computers, all of which were then instructed to send requests to the particular site at the same time, thus jamming all the intake lines. A breach of Web site security can create considerable damage, but it is only one of the exposures faced by companies that put themselves on the Internet. There are also technology errors and omissions errors and omissions n. short-hand for malpractice insurance which gives physicians, attorneys, architects, accountants and other professionals coverage for claims by patients and clients for alleged professional errors and omissions which amount to negligence. and multimedia and intellectual-property offenses, including copyright and trademark infringements Trademark infringement is a violation of the exclusive rights attaching to a trademark without the authorization of the trademark owner or any licensees (provided that such authorization was within the scope of the license). , to name a few. The challenge for insurance companies and brokers is to identify these risks, create products to transfer them and underwrite To insure; to sell an issue of stocks and bonds or to guarantee the purchase of unsold stocks and bonds after a public issue. The word underwrite has two meanings. the products successfully. Many of the exposures that business Web sites face are similar to those of "bricks and mortar A store (shop, supermarket, department store, etc.) in the real world. Contrast with clicks and mortar. " operations, but cyberspace Coined by William Gibson in his 1984 novel "Neuromancer," it is a futuristic computer network that people use by plugging their minds into it! The term now refers to the Internet or to the online or digital world in general. See Internet and virtual reality. Contrast with meatspace. has redefined the risks, said Emily Freeman Emily Freeman is a British senior female runner from the. She is currently associated with the Yorkshire / Wakefield Harriers & AC. In 2006, her UK Athletics ranking in the 100m is 5th, with a best time of 11.40 seconds. , practice leader for e-business risk solutions at Marsh, a subsidiary of Marsh & McLennan Cos., New York New York, state, United States New York, Middle Atlantic state of the United States. It is bordered by Vermont, Massachusetts, Connecticut, and the Atlantic Ocean (E), New Jersey and Pennsylvania (S), Lakes Erie and Ontario and the Canadian province of . These exposures have been changed by the severity, the global scale and the potential number of claimants. To respond to those risks, some insurers now are writing new policies for e-commerce coverages rather than adding on to existing property and liability policies. Eventually, as e-commerce becomes more ubiquitous, insurers may be forced to incorporate these risks into general liability policies. Old Rules Don't Apply Insurance products were developed for another day and age, and when you try to apply traditional insurance policies to the same perils on the Internet, there may be no coverage or large gray areas where coverage is unclear, Freeman said. The idea of protecting intellectual property, for example, has existed for a long time, but the Internet makes infringing easier. Whether intellectual property infringement requires first-party or third-party coverage depends on the circumstances. This infringement could take many forms, said David Mendelsohn, a partner with Piper Marbury Rudnick & Wolfe. For example, * a company could have its trademark, slogan or domain name used by another Web site; * a competitor could alter a company's domain name by simply leaving out an apostrophe apostrophe, figure of speech apostrophe, figure of speech in which an absent person, a personified inanimate being, or an abstraction is addressed as though present. , so potential customers could mistakenly call up the competitor's Web page with the slip of the finger, or * a company could unintentionally use a trademarked slogan or service mark. "I worry about small businesses that decide they want to have a Web site and don't understand the legal implications presented by the new Web site," said Kae Lovaas, vice president, technology, St. Paul St. Paul as a missionary he fearlessly confronts the “perils of waters, of robbers, in the city, in the wilderness.” [N.T.: II Cor. 11:26] See : Bravery Cos., St. Paul, Minn. "They could have their site built by a 12-year-old who has no sense of proprietary use of slogans and words." Meta tags An HTML tag that identifies the contents of a Web page for the search engines. Meta tags are hidden on the page, but they, as well as all the HTML code on a page, can be viewed by selecting View/Source or View/Page Source from the browser menu. also can create problems. A meta tag is a descriptor (1) A word or phrase that identifies a document in an indexed information retrieval system. (2) A category name used to identify data. (operating system) descriptor that is attached to text in a Web site. Meta tags are not visible to people viewing a Web site, but search engines use them to locate the sites. If a company puts the name of a competitor into a meta tag on its Web site, customers looking for Looking for In the context of general equities, this describing a buy interest in which a dealer is asked to offer stock, often involving a capital commitment. Antithesis of in touch with. the competitor's site could be directed to the wrong company's site. In some instances, courts have ruled that companies had a First Amendment right to use a certain meta tag, even if it appeared to infringe in·fringe v. in·fringed, in·fring·ing, in·fring·es v.tr. 1. To transgress or exceed the limits of; violate: infringe a contract; infringe a patent. 2. on someone else's trademark or slogan, Freeman said. Business processes, or the ways in which transactions are performed on particular sites, also are vulnerable to theft. Privacy issues, including defamation defamation In law, issuance of false statements about a person that injure his reputation or that deter others from associating with him. Libel and slander are the legal subcategories of defamation. Libel is defamation in print, pictures, or any other visual symbols. and libel, take new form on the Internet. The traditional insurance policies that provide coverage for defamation, libel and slander libel and slander, in law, types of defamation. In common law, written defamation was libel and spoken defamation was slander. Today, however, there are no such clear definitions. typically are focused on the sale of the company s own goods and services In economics, economic output is divided into physical goods and intangible services. Consumption of goods and services is assumed to produce utility (unless the "good" is a "bad"). It is often used when referring to a Goods and Services Tax. , said Mary Fisk-Bieker, senior vice president, insurance operations, Insuretrust.com, an Atlanta-based risk-management company and insurance broker specializing in technology Many Web sites advertise the goods of others, so there is likely to be a gap in coverage. A company could be liable for defamation or libel included in outside advertising it carries on its site, but its insurance policy would cover only advertising of its own goods and services. Companies can get into trouble on the Internet through framing and deep linking, Mendelsohn said. Framing involves lifting content from one Web site and displaying it on another. Deep linking occurs when a company creates a link from its Web site to a Web page on another site but bypasses the site's first page. When that happens, a customer may miss important disclaimers or terms of usage on the second site. This ultimately could lead to a lawsuit. "It's like coming in through the back door and missing the security guard," Mendelsohn said. There is also the possibility that a user who deep links will miss advertising on the second site, which may result in loss of advertising revenue for that company. Often the revenue paid to the owner of the site is tied to the number of visits, or hits, on the page where the advertisement is. Insurers provide coverage for these types of exposures on a third-party basis through multimedia and intellectual property coverage. Errors and Omissions A second type of coverage companies on the Internet may need is technology errors and omissions coverage. In the past, software developers and manufacturers of electronics and components were most likely to purchase this coverage to protect them in case there was something wrong with the products and services they sold. Today, however, companies doing business on the Internet can run into similar problems, particularly with a business-to-business connection or network. Breach of computer security requires third-party coverage if loss of data or denial of service A condition in which a system can no longer respond to normal requests. See denial of service attack. can damage customers or business partners. In many general-liability policies, loss or corruption of data from sources other than physical perils, such as fire or tornadoes, isn't covered because data wasn't considered tangible property tangible property n. physical articles (things) as distinguished from "incorporeal" assets such as rights, patents, copyrights, and franchises. Commonly tangible property is called "personalty. . Now, computer vulnerability to tampering tampering The adulteration of a thing. See Drug tampering. from both inside and outside the company is a major threat. In fact, inside tampering is the larger exposure. "We've seen reports that say 80% of most hacks come from the inside," Fisk-Bieker said. For a company to get first-party coverage for loss of its own data and denial of service requires computer fraud coverage. This is another example of ways the Internet has substantially changed an exposure. In the material world, business interruption was thought of as being caused by a physical peril destroying a physical asset. "Now we talk about disruption, Web outages and loss of connectivity to the Web itself," Marsh's Freeman said. And the damage can be severe. "These applications run critical functions of people's enterprises," she said. "Whether it's procurement, supply-chain management, legal affairs or human resources The fancy word for "people." The human resources department within an organization, years ago known as the "personnel department," manages the administrative aspects of the employees. , these networks allow organizations to function more efficiently." When transaction-oriented sites go down, the insurance coverage cannot have a standard 72-hour deductible or anything like that, St. Paul's
In the event of an attack, the crime scene is substantially different, too. Traditional crime insurance is based on three things--motive, perpetrator A term commonly used by law enforcement officers to designate a person who actually commits a crime. and notification of the police, Freeman said. Because of the anonymity afforded by computers and the Internet, a victim of computer fraud may never know the motive or the perpetrator. Companies often don't notify the police of security breaches because the damage to their reputation can be greater than the actual damage caused by the hacker A person who writes programs in assembly language or in system-level languages, such as C. The term often refers to any programmer, but its true meaning is someone with a strong technical background who is "hacking away" at the bits and bytes. . In fact, some insurance policy forms designed for e-businesses cover loss of reputation for that reason, Insuretrust. com's Fisk-Bieker said. The Internet has exacerbated financial exposures to the point that unusual coverages are being created. One such coverage concerns credit-card processing, said Joseph Babin, chief executive officer of Electronic Risk Management, an e-business consulting firm Noun 1. consulting firm - a firm of experts providing professional advice to an organization for a fee consulting company business firm, firm, house - the members of a business organization that owns or operates one or more establishments; "he worked for a , and president of Norman Spencer McKernan, an insurance broker in Philadelphia. A merchant doing business on the Internet has difficulty getting bank approval for credit-card processing online because in addition to credit-card fraud, the bank is exposed to the risk that the merchant will not be able to fulfill the order. When customers do not receive their merchandise, they ask for credit on their cards, which is the responsibility of the bank. Internet sales have the ability to increase so rapidly that the bank's responsibility if the merchant fails to fulfill its orders could grow far beyond what the bank feels it can handle. Consequently, banks often give Internet companies caps on how much credit-card processing they can do, which can stunt the business's growth, Babin said. Electronic Risk Management designed an insurance product, which it distributes through Norman Spencer McKernan, to transfer that risk. The product is a bond that guarantees that the bank won't get hit with that merchant risk. Without that risk, the bank will allow the merchant to operate at top level, Babin said. The merchant buys the bond from the insurance company by paying a premium that is a percentage of the bond. If the merchant can't fulfill its orders, the insurance company pays the bank the amount of the bond. To underwrite the bond, the company had to look at the exposure banks had in the past. "We did all the things you would do for surety underwriting, but the new part is fulfillment underwriting," he said. The merchant may be financially strong, but if it can't fulfill, there could be a claim. Underwriting the product "is not completely arbitrary, but we had to start somewhere," Babin said. Knowing the Issues Underwriting most e-commerce products is challenging. "I wish there was a formula like asking life insurance applicants if they skydive sky·dive intr.v. sky·dived, sky·div·ing, sky·dives To jump and fall freely from an airplane, performing various maneuvers before pulling the ripcord of a parachute. ," Lovaas said. Instead, it's more a matter of being thoroughly familiar with technology and security issues. A critical part of underwriting e-commerce products is being able to examine a particular Web site to see how it's being used. For technology companies that build numerous sites, St. Paul underwriters review their contracts to understand what they have agreed to build and then examine the site if it has been created, she said. Technology companies such as Microsoft and Texas Instruments See TI. (company) Texas Instruments - (TI) A US electronics company. A TI engineer, Jack Kilby invented the integrated circuit in 1958. Three TI employees left the company in 1982 to start Compaq. have had errors and omissions coverage and multimedia coverage for years, so there is some actuarial ac·tu·ar·y n. pl. ac·tu·ar·ies A statistician who computes insurance risks and premiums. [Latin history in those areas, Fisk-Bieker said. Breach of security is the newest coverage, and the only way to underwrite it is to thoroughly assess the Web site or the network. It's also important to remember that security is only as good as it is at the time of the audit, Lovaas said. Therefore, "we have to be sure we have strong procedures around continuing security activities," she said. Learning to underwrite e-commerce products is somewhat like learning to underwrite other new products. "When we came out with our first E&O policy for computer programmers 20 years ago, we went through many of the same processes," Lovaas said. For now, insurers are mostly writing new policies for e-commerce coverage, rather than creating additions to existing property and liability policies. Whether that strategy will continue is uncertain. An interesting question for the insurance industry is what is going to happen to the general liability policy in the next few years, Lovaas said. It may be that insurers need to respond to e-commerce issues in a more general way. "My advice is to constantly watch the losses that are coming in on policies and evaluate the exposures, because I believe there is going to be a trend toward the general liability policy being more inclusive," she said. Some insurers, however, doubt the wisdom of expanding general liability to cover e-commerce. "It would be pretty scary if they incorporated these coverages into general policies so that everybody is writing it, because it really is a specialty area," Fisk-Bieker said. Regardless of how coverage develops, exposures from doing business on the Internet likely will increase. One of the newest players in the Internet market, for example, is the application-service provider, a technology company that leases software to other companies instead of selling it. Eventually, application-service providers will change how we use servers, Lovaas said. They will probably soon hold data. The question is what their liabilities will be. If the exposures are not specifically excluded in a policy, insureds may be able to get some coverage. In other cases, companies don't realize that because they have a Web site, they have these exposures. To anticipate new e-commerce risks, insurers need to read as much about the subject as they can, Lovaas said. They also need to stay in close touch with their customers, Fisk-Bieker said. A critical ingredient in identifying new exposures will be the evolving legal theories about the Internet and the evolving status of international law and regulations pertaining per·tain intr.v. per·tained, per·tain·ing, per·tains 1. To have reference; relate: evidence that pertains to the accident. 2. to the Internet, Freeman said. Many of the perils are known. "It's the outcome of future cases and regulations that represent the big uncertainties," she said. Financial Losses From Cybercrimes on the Rise Ninety percent of large corporations and government agencies had detected computer security breaches within the last 12 months, and 74% acknowledged financial losses due to breaches, according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. the Computer Security Institute's fifth annual Computer Crime and Security Survey. Only 42%, however, were willing or able to quantify their financial losses, according to the San Francisco-based institute, which released the survey results in March. The losses from these 273 respondents totaled more than $265 million. The average annual total over the last three years was greater than $120 million. The most serious financial losses occurred through theft of proprietary information and financial fraud. The number of organizations conducting electronic commerce on their Web sites grew to 43% from 30% a year earlier. Sixty percent reported a denial of service. The most common security breaches were computer viruses, theft of laptop computers and employee abuse of Internet privileges, such as downloading pornography or pirated pi·rate n. 1. a. One who robs at sea or plunders the land from the sea without commission from a sovereign nation. b. A ship used for this purpose. 2. One who preys on others; a plunderer. 3. software. Nonetheless, 70% reported serious computer security breaches other than those, including theft of proprietary information, financial fraud and sabotage sabotage [Fr., sabot=wooden shoe; hence, to work clumsily], form of direct action by workers against employers through obstruction of work and/or lowering of plant efficiency. Methods range from peaceful slowing of production to destruction of property. of data and networks. Most respondents (71%) detected unauthorized access by insiders, but for the third year in a row, more respondents (59%) cited the Internet connection as a frequent point of attack than those that cited their internal systems as a frequent point of attack (38%). Of those acknowledging an attack, 64% reported Web-site vandalism. The Computer Security Institute survey included responses from 643 computer security experts in U.S. corporations, government agencies, financial institutions, medical institutions and universities. The institute conducts the survey in conjunction with the San Francisco San Francisco (săn frănsĭs`kō), city (1990 pop. 723,959), coextensive with San Francisco co., W Calif., on the tip of a peninsula between the Pacific Ocean and San Francisco Bay, which are connected by the strait known as the Golden Federal Bureau of Investigation's Computers Intrusion Squad. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion