Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacking Insurance For Net Businesses

Posted by ryuzaki0 on from the lloyds-of-london dept.

Spasemunki writes: "ZDNet is carrying a story today on the new partnership between Lloyd's of London and Counterpane to offer 'hacking insurance' to businesses with big, expensive net presence. Is this a good-for-business acknowledgement that even the best security framework has flaws, or companies stepping back from protecting their customers in favor of covering themselves? According to the CTO of Counterpane, e-commerce businesses 'don't have to prevent hacking; they have to manage their risks.' Interesting perspective from a security wonk." Of course, I'd rather have cracker insurance.

7 of 117 comments (clear)

  1. I think that this is going to be well-used by drinkypoo · · Score: 4

    Certainly, any large corporation should both secure themselves to the best of their ability, AND take out a policy.

    Reading sites like CERT, l0pht and rootshell (And hoist a beer to the now-seemingly-defunct 8lgm) is never going to become useless, because at some point they will charge you so much for your coverage that you can no longer afford to remain in buisness. There will continue to be a need for security.

    At the same time, I do think that for a short time at least, this will lead to lax security in companies which do purchase these policies. Some of them will doubtless reason that simply because they have purchased this policy they have all the protection they need.

    That will last just long enough for them to lose some truly critical data or buisness which will seriously impair their ability to operate. At that time, they will take the money their policy pays out to them and hire a team of badasses to come in and secure their network, because they can't afford to have that happen again, even if someone does throw money at them when it occurs. Money doesn't turn back the clock, at least not yet.

    All you security consultants are safe, but you might want to lay in some ramen for the next few months if you just got off a four month vacation. Lazy bastards.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  2. Their marketing by quintessent · · Score: 4

    'For the right price, my boys could offer you "protection", because we wouldn't want to see what happened to you if you didn't buy our "protection." hehehehe.'

    --
    Donate background CPU time to fight cancer.
  3. What will be interesting... by wrenling · · Score: 5

    Is to see how the claims get handled. If basic security proceedures were not followed (patches, closing off extraneous ports, etc) will the claim be paid? If they are paid, it will set a bad precendent, and give companies an excuse to maintain poor security, hire less qualified admins, and just file claims when bad stuff happens.

    If they DO deny claims based on lack of basic preparedness, it could benefit the overall community by making it worth the company's pocketbook to make sure their admins are well trained, and have the equipment and software they need. Lawyers LOVE it when companies have insurance policies - it means larger settlements for them.

    --
    Check out Magic Firesheep!
  4. Same as every business... by MosesJones · · Score: 4


    Why is this news ? Surely this is exactly the same as insuring a standard company against burglary ?

    Its just another case where everyone is suprised because the eWorld is the same as the normal world.

    To use the real world, basic security is important, but investment in a patrolled compound to protect a pizza parlour is excessive, while spending $100 on insurance per year makes pretty good sense.

    There is no "e" or "v" world, there is this world.

    --
    An Eye for an Eye will make the whole world blind - Gandhi
  5. Symantics by Kintanon · · Score: 5

    I just can't wait for the first claim to come in:

    Business: Look! We were attacked by hackers and lost X millions of dollars, call the insurance company!

    Insurance Company: We're sorry, but you were attacked by CRACKERS, not Hackers, and you only purchased the Hacker insurance. It's an extra 50K a year for the Cracker insurance. Sorry. (Evil cackle)

    Kintanon

    --
    Check out JoshJitsu.info for Brazilian Ji
  6. Don't laugh by / · · Score: 4

    Don't laugh. The British firm Goodfellow Rebecca Ingrams Pearson actually offered a policy against Alien impregnation.

    Sadly, they discontinued the service in the wake of the Heavens Gate cult suicide. Insane people are just too likely to make claims against the policy.

    --
    "If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
  7. Hacking insurance! by 11223 · · Score: 5
    Here at XYZ Insurance Corporation, we're proud to announce our new Hacking Insurance - protecting your business interests against hackers!

    Hackers have been known to attempt to undermine your business interests with subversive activities like replacing IIS with Apache, and porting your product to Linux. Here's what we offer for protection:

    • Instant Apache uninstall - we keep secured backup tapes that let you go back to your secure, responsive IIS environment instantly!
    • Linux replacement - with proprietary tools we can search out Linux computers connected to your network and replace them with secured NT workstations!
    • Source code security - we offer to help you write Windows-specific code so your developers can never switch to Linux if their hacker instincts flair up! As you can see, hacker insurance has many benifits. Protect your business investments today!