continued from page 7

Development of a Specialty Market
In the meantime, a specialty market has developed among companies willing to devote the resources to understanding the new risks and developing products for cyber exposures. The market for dedicated cyber coverage has grown rapidly as insurers have sought to take advantage of new opportunities while carefully managing their exposures.

The specialized coverages were first offered a half-dozen years ago, but many of the new products have been developed only over the last three or four years.

The fluid nature of the current market is highlighted by the variety of approaches by which insurers have chosen to address cyber exposures. Some insurers have targeted high-risk industries, such as financial institutions or online retailers, while others have looked to extend cyber coverage to companies with more moderate, but still substantial, risks. Insurers have developed a wide range of products, leaving buyers in the position of having to do a lot of homework to come up with the right policy. For instance, buyers can opt for coverage for specific risks or purchase protection for the spectrum of cyber exposures.

New Coverages
In the cyber insurance specialty market, products are available to meet the full range of new exposures. Those products include coverage for the loss or corruption of data caused by hackers, rogue employees, or malicious codes. Insurers also offer business interruption coverage for network attacks, such as denial-of-service attacks, and lost income if a network attack shuts down a corporate Web site. Contingent business interruption coverage is available to handle losses caused by network outages due to problems at a service provider, including Web-hosting companies or outsourced e-commerce service providers.

On the liability side, insurers have developed coverage for exposures such as the release of confidential information, retransmission of a computer virus due to inadequate network security, intellectual property disputes, and even costs to restore public confidence after a cyber attack.

Insurers also offer coverage for emerging risks. Cyber extortion coverage, for example, covers the expenses arising from criminal threats to release sensitive information or to bring down a network. Notification coverage provides reimbursement for the cost of notifying customers, as required by law, after a security breach exposes personal information to possible fraud — an exposure that businesses would not have faced until just a few years ago.

Growth in the cyber insurance market has been rapid, although from a small base. Annual gross written premiums were estimated at $250 million to $300 million for 2005 by the Betterley Report, up from $150 million to $200 million in the prior year.(41) As companies across the business spectrum come to recognize the new cyber exposures, further growth will be significant as the industry provides needed products to meet the evolving risks inherent in adopting new technology.

Conclusion
Advances in information technology have transformed virtually every industry. While businesses across the economy have readily adapted, far fewer have sought to adequately protect themselves financially from the new exposures they face. The risks are not limited to technology companies. All businesses that have made the Internet and new information technology an essential part of their operations face significant cyber exposures.

Many companies have failed to recognize that the threat to their businesses from cyber risks has escalated sharply on several fronts.

• On the criminal front, organized gangs have adopted new technology and used it to launch more powerful attacks against corporate networks to
  extort protection payments or to steal confidential information or crucial intellectual property.
• On the regulatory front, lawmakers have enacted stricter data-privacy standards, requiring businesses to take significant measures — and commit significant resources — to protect personal and financial data and to notify customers of security breaches.
• On the litigation front, businesses face greater liability and the increased likelihood of class action suits should their data protection measures fail.
• Finally, businesses face the very real possibility ofa fatal loss of clients and customers should a security breach result in the exposure of confidential personal or client information.

The insurance industry has responded to the emerging exposures by creating products to specifically address the new cyber exposures, while excludingthose risks from traditional policies. To date, a small proportion of businesses have taken advantage of those new products to insure against cyber risks, making cyber coverage a specialty market with significant potential for growth.

The cyber insurance market has become a rapidly growing niche for insurers willing to devote the time and resources to understanding and properly underwriting the new risks. Insurers can foster the development of the market by helping clients to evaluate the new exposures they face, by encouraging them to take adequate security measures, and by educating them about the risk transfer potential of new cyber coverages.

The insurance industry, however, cannot remain static when it comes to covering cyber risks. As technology continues to evolve rapidly, transforming business and business exposures in new and unexpected ways, insurers must continuously adapt their products to meet the evolving exposures and to keep pace with rapidly changing technology and its risks.

1|2|3|4|5|6|7|8