Penguinista.org: CRACKER Insurance: they're 'crackers,' not 'hackers.'Jul 10, 2000, 21:44 (0 Talkback[s])
(Other stories by Brent Toderash)
[ Thanks to Brent Toderash for this link. ]
"C|Net is running a story today (as is ZDnet) reporting that
Lloyd's of London will offer up to $100 million in insurance coverage to clients of computer-security management firm Counterpane Security against hacker-related losses to its business or its customers.How nice. But naturally, I have a few complaints to make - and here they come."
"First, let's be clear that this is already old news. Back in mid-February, HP announced that a group of HP users, Interex, had arranged insurance for loss of ecommerce revenue through J.S. Wurzler, and American International Group (AIG) began offering "hacker insurance" in January of this year through Tri-City Brokerage, Inc., but according to the product info, this is now underwritten by Lloyd's."
"Besides - and this is the biggie - I question the ability of the insurance industry as it stands to properly underwrite this exposure. Don't forget, you simply can't innoculate yourself against DDos attacks, no matter how much fear they spread... and that's the exact reason you want this coverage, isn't it? For circumstances beyond your control? I'd suggest managing your risk through whatever the IT department comes up with, backed with contract language. Maybe you're asking your provider for an uptime guarantee that is broad enough to include outages as a result of DDos attacks - but if you're the provider, you shouldn't be giving such assurances, because as you recall from a Penguinista report last February, you can't. DDos attacks are the standard motivation for insurance, but remember the phrase, "Well, you weren't cracked, you were smurfed."