Cyber Insurance Between the Lines

Shackleford writes "Security Focus has an article that discusses insurance policies regarding 'computer attacks and cyber sabotage.' It discusses a case in which an administrator who set up back doors in the system with which he was trusted deleted files to which he could access after he was fired. His company had insurance against dishonest acts by employees, but not against 'acts of destruction.' Eventaully, the company won, but the case went to litigation. So the lesson to be learned here is that your company may have 'cyber insurance' without knowing it, but you need to be sure about it."

"Acts of god"

If you're the system god, would this violate the insurance policy?

Re:"Acts of god"

[Verteiron]

"Acts of root" just doesn't have the same ring to it... sounds more like a program guide for a mini-series about emancipation.

Re:"Acts of god"

[freeweed]

Just in case anyone is curious, most insurance policies actually do cover an awful lot of so-called 'Acts of God'. Things like hailstorms, sewer backup due to intense rain, lightning, windstorms...

What typically is *not* covered are the mass catastrophes, like floods, earthquakes, asteroids hitting the Earth, etc. Some of this for obvious reasons, some of it because governments usually provide disaster relief for it.

Of course, YMMV, in areas that are hurricane-prone you will have a hard time getting insurance for it. Kind of like how people that play russian roulette have a hard time getting life insurance. It makes a twisted sort of sense from an insurance company's standpoint.

The usual idea with insurance coverage is a "sudden and accidental" loss, and also something that you don't expect to happen every year or 2. Most houses aren't broken into every year, so this is covered. But 10 years with a leaky roof, and the $30,000 in mold damage isn't going to be covered.

Re:"Acts of god"

[Scaba]

Just in case anyone is curious, most insurance policies actually do cover an awful lot of so-called 'Acts of God'. Things like hailstorms, sewer backup due to intense rain, lightning, windstorms...

Boy, that God's one son of a bitch, huh? Can't he ever do anything nice for a change?

Heh

[Gibble]

If you can't trust a bloodsucking insurance company who can you trust...

Good God Man

[Sokie]

It discusses a case in which an administrator who set up back doors in the system with which he was trusted deleted files to which he could access after he was fired.

What is that sentence supposed to mean? Use a freaking comma!

Yeesh.

Re:Good God Man

[cperciva]

What is that sentence supposed to mean? Use a freaking comma!

Where would you put a comma in that sentence? Commas do not exist simply for the purpose of being scattered randomly.

The only correction necessary would be to remove the extraneous "to":
It discusses a case in which an administrator who set up back doors in the system with which he was trusted deleted files to which he could access after he was fired.

Re:Good God Man

[Gibble]

Actually commas could be inserted properly.

It discusses a case in which an administrator, who set up back doors in the system with which he was trusted, deleted files to which he could access after he was fired.

Re:Good God Man

[deadsaijinx*]

It discusses a case in which an administrator, who set up back doors in the system with which he was trusted, deleted files to that he could access after he was fired.

Re:Good God Man

No it doesn't, you dumbass. The rest of the sentence makes perfect sense without that qualifier.

Re:Good God Man

The rest of the sentence makes perfect sense, yes... but it has a different meaning.

Re:Good God Man

[Sokie]

Actually I was just trying to make a joke but since you took the time to reply...

Well you could make that middle clause into a drop-in with a couple of commas:

It discusses a case in which an administrator, who set up back doors in the system with which he was trusted, deleted files which he could access after he was fired.

Actually if I had free reign to edit that sentence I'd probably do quite a bit more than that:

It discusses a case in which an administrator set up back doors in a system so that he could access deleted files even after he was fired.

Of course I'm having to make some assumptions about what he actually meant by that sentence. Did the administrator delete the files or could he just access all deleted files?

He's really got at least two sentences worth of material there and if he really wants to cram it into one he should have used some sort of punctuation, perhaps a semicolon.

Oh, and yes commas do exist simply for the purpose of being scattered about randomly (well maybe not totally randomly), the rules regarding the placement of commas are really rather vague and end up being mostly the authors prerogative. So long as they do more good than harm.

Re:Good God Man

[Shackleford]

I have to admit, I could've made that sentence more understandable. But maybe somethiing good came out of it. That lack of understandability could've led readers to read the article so that they'd know what I was talking about. Anything that gets people to read the article is good, right? :)

Anyway, I suppose I should try harder to avoid coming up with such long sentences, especially if they do not have punctuation. I must avoid writing long sentences in which I state several facts in which punctuation does not exist to serve the purpose of clarifying the point which I am making.

Translation of the last sentence: Long sentences without punctuation are hard to understand, so I shouldn't use them. :)

Re:Good God Man

LOL, let me guess... you just finished engineer english didn't you?

Re:Good God Man

As a gentle suggestion to you, since undertaken a "proper use of language" theme, and might care:

You said: "Actually if I had free reign to edit that sentence I'd probably do quite a bit more than that:". The correct idiom is "free rein" as in "to rein (control) a horse". I understand your use of the noun "reign" e.g. "a term of rule", but that is not the idiom, nor is it an exact fit for any definition of the noun "reign".

In this case, "reign" almost makes sense, but in many cases where the idiom is misused, only "rein" even remotely fits. I trust you will take this correction in the gentle spirit intended.

Do Admins leave Backdoors a lot?

[Puchku]

Always wanted to know this. I am a sysadmin for a College (i'm a student there), and I always leave a backdoor or two in case of emergencies. like someome else chaniging the root passwords etc. Does anyone else do this, or is it just me?

Re:Do Admins leave Backdoors a lot?

[Jetson]

If you have the ability to add a back-door you will also (in most cases) have the ability to recover from a lost password without *needing* a back door.

Re:Do Admins leave Backdoors a lot?

[James+Littiebrant]

That would sound like a good idea, but it is not the best idea. I know how a hacker can get into computers (because I am one) and installing a backdoor on your server/computers is a deadly mistake. A simple scan from a hacker in theory could uncover that backdoor, then you are screwed. Instead I would recommend that you get a physical switch that resets the root password to a prespecified number or character. Where you can get these? I am sorry to say that I do not know where. I do know that they have been made bacause one of my friends has built one for his computer, with some programming and mod experiance you could build one too. I for one will never install a backdoor on MY servers.

Re:Do Admins leave Backdoors a lot?

[PetWolverine]

I know how a hacker can get into computers (because I am one)

What advances A.I. researchers have made recently, that computers can post comments to /.!

Re:Do Admins leave Backdoors a lot?

I do as well. as a "non-god" admin. Sometimes there's times where it's easier to just login and fix a problem rather then spend an hour finding and explaining a problem to the admins.

And it never hurts being able to log in after termination. As to deleteing files, I'd really have to get screwed over to do something malicious. A few pranks always make drunken lan parties go better.

Re:Do Admins leave Backdoors a lot?

LOL now that was funny...lets see how many people don't get it.

Re:Do Admins leave Backdoors a lot?

[luzrek]

Physical access to machines. In all modern operating systems you can reset the root password, if you know what you're doing during a re-boot. Ergo, there is no need to have a back door.

Re:Do Admins leave Backdoors a lot?

[deadsaijinx*]

the mistake in your logic is the assumption that a backdoor is insecure. A back door doesn't have to be just some open port. That would be stupid.

By the way, what's it like to be a computer?

Re:Do Admins leave Backdoors a lot?

I find it highly unlikely that any of the /. staff ever leave a backdoor...being the homosexuals that they are.

Re:Do Admins leave Backdoors a lot?

[Verteiron]

I wonder if using a bootdisk to bypass a password (like the linux-based Windows NT/2000/XP password reset boot disk) is illegal under the DMCA?

Re:Do Admins leave Backdoors a lot?

[moonbender]

What, you think all those idiot troll posts are made by real humans? Sheesh. Nicely spotted, BTW.

Re:Do Admins leave Backdoors a lot?

[oh]

Always wanted to know this. I am a sysadmin for a College (i'm a student there), and I always leave a backdoor or two in case of emergencies. like someome else chaniging the root passwords etc. Does anyone else do this, or is it just me?

The console should be logged in as root. If your console is physically secure, then you can get back into the system without a reboot. Even works if the password file gets trashed.

Never leave anything open that can be done remotely. If you can use it from home, so could someone else. Is it that important that you can fix a system without physically going in? I've worked with systems which had remote console access (the servers were located in a different country) but we never left those logged it. If something happened to prevent us logging in then we would arrange to have the server power cycled by someone local and we would bring them up in single user mode.

How often does it happen that you would need a backdoor anyway? Sure mistakes happen, but is it really worth the risk?

No wonder insurance is so expensive.

[Sheetrock]

I don't know how much hand-holding people need, but this kind of thing goes a bit far. If you've got a troublesome ex-employee, I'd think they should be able to handle something like this with a civil suit. Instead, it's pulled out of insurance, which drives up all our premiums.

Fantastic. And with litigation costs to boot.

Re:No wonder insurance is so expensive.

[mlyle]

Assuming the ex-employee has the resources to pay damages, and that you can collect them.

Insurance companies in most contracts are allowed to subrogate; that is, when they pay damages to you, they inherit all of your rights regarding that claim-- and can choose to go and sue the employee themselves if they think it's worthwhile.

This is what insurance is for, really.

Re:No wonder insurance is so expensive.

[Idarubicin]

If you've got a troublesome ex-employee, I'd think they should be able to handle something like this with a civil suit.

How is a disgruntled (and probably unemployed) ex-employee going to pay a hypothetical $20 million settlement? The company is still out-of-pocket that amount. Somebody has to pay to rebuild lost files. Also, insurance pays relatively quickly (in most cases) compared to a lawsuit. If you need to do data recovery to stay in business, you don't want to have to wait through several years' worth of appeals before someone cuts you a cheque.

This is what insurance is for--to protect entities (individuals and corporations) from ruinous losses due to one-off incidents. Everybody pays a little bit in premiums, everybody is protected from catastrophic losses in the event of disaster. If you never make an insurance claim, you're still ahead--because you get to sleep soundly at night.

Besides, in most jurisdictions, insurance companies are allowed to sue to recover losses. If the disgruntled ex-employee from our example does have some assets worth going after, believe you me, the insurance guys will be relentless.

BOFH

[RobertTaylor]

Obligatory link to The Bastard Operator from Hell page.

Re:BOFH

[Gibble]

Lets not forget the new home
http://theregister.co.uk/content/30/index.ht ml

Playing Russian Roulette

It's better to secure the system to prevent unauthorized root password changes than to add security vulnerabilities in case.

Re:Playing Russian Roulette

[Puchku]

true true. But the question is, do sysadmins suvccumb to the tempatation of leaving these backdoors? Hell, i know that if someone else stumbles upon the backdoor, i'm screwed, so i change the backdoors every two weeks. but i still leave them. They've saved the systems ass a few times too, when the other sysadmin, whos more of a NT/2k guy, screwed around. So does anyone else do this, then?

Note to self..

[grub]

Don't leave backdoors in the system, burn the place down. It's harder to trace back..

Re:Note to self..

Just make sure you grab your stapler before you start the fire.

Re:Note to self..

Don't forget to take your red swingline stapler with you before you burn down the building.

Re:Note to self..

[niko9]

"Hey Milton, whhhhhat's happenening......"

Re:Note to self..

[Aliencow]

It's not me ! It's the butterfly !

dishonest acts by employees?

[mr_zorg]

I'm sure this is an over simplification, but if the insurance was for dishonest acts by employees, how could the company win? This act was comitted by someone who was no longer an employee...

Re:dishonest acts by employees?

[The+Jonas]

IANAL, however I think the case may have been won by the fact that the "backdoors" were put in place while the offender was employed with the company. Therefore, they might have been able to prove malicious intent or something like that.

Re:dishonest acts by employees?

[Anti+Frozt]

IANAL, but I would imagine their contract would have provisions that include former employees (up to a certain time after termination) and would possibly be bound by clauses set out in NDA and employment agreement.

The fact that the insurance company nitpicked between dishonest and destructive acts doesn't surprise me in the least.

Re:dishonest acts by employees?

[Hittis]

I think it might be easier than that...
Was the emplyee supposed to install the backdoor? If not... The dishonest act was committed before the employee was fired, and therefore it fits right in.

_If_ he was supposed to install the backdoor..... Hmmm.... Then somebody should get his head examined :)

Re:dishonest acts by employees?

[argel]

Did you even read the article? If he had not been considered an employee it would have been a much easier and clear cut decision. Instead we get a questionable verdict where intellectual property is in effect equated to physical property.

Insurance...

[NickisGod.com]

Insurance is one of the biggest vains the U.S. is facing today. You name it, car insurance, workman's comp, homeowners, cyber, etc.

Beside's it being legalized gambling, whenever something does happen, these companies try to get out of paying and point fingers at fraud.

There has to be a better way.

P.S. Is it this bad in other parts of the world, or are there "better systems" in place?

Re:Insurance...

[deadsaijinx*]

car insurance is the worst offender, imo. First, it's illegal to drive without car insurance, and then when you acutally need it, they try to get out of paying for it.

Re:Insurance...

[Verteiron]

And a 23 year-old male with a clean driving record pays two to three times what a 26-year-old female with 3 accidents on her record pays. No matter WHO you get insurance through. Statistical analysis sucks.

Re:Insurance...

did you forget to mention that the female drives a plymouth reliant while the male is driving a mustang?

Re:Insurance...

P.S. Is it this bad in other parts of the world, or are there "better systems" in place?

Yes, in soviet russia, you screw insurance!!

(Sorry, couldn't resist)

Re:Insurance...

[Cecil]

Canada is just the same. I'm paying CDN$6,000/yr. with driver's ed certificate, as a 21-year-old, had my learners license when I was 17, full license at 19, driving a Nissan Sentra (economy car, not the SE-R model or anything). That's the best rate I could get. It's more than my car payments!

It's extortion, as far as I'm concerned. There's no way for a new driver to prove himself except by not having accidents -- but only once you're already paying the inflated new driver rate for 3-6 years! Ridiculous. And god help you if the insurance company ever gets wind that something might've happened to you.

I, in my naive belief of the insurance company rhetoric that they were my friends, called my insurance company to ask if they had any recommendations on a body shop, figuring they would know some decent ones in my area. I had scratched my car in the parkade of my apartment building and needed a body shop to fix it up. They're trying to tell me this is a claim, now.

In summary: Insurance companies are evil.

Re:Insurance...

[Cecil]

No, he didn't. 25 is the magic age where insurance companies decide you become a good driver. Females also get lower rates, all other things equal. End of story.

My suggestion

[Otter]

It discusses a case in which an administrator, who set up back doors in the system with which he was trusted, deleted files to which he could access after he was fired.

Or, after changing his somewhat peculiar syntax: It discusses a case in which an administrator, who had set up back doors in the system with which he was trusted, deleted files after he was fired.

Hey, the imprtant thing is no its/it's errors...

If you are about to be fired...

[hillct]

There are many sighns you are about to be fired, but most of them relate to steps your employer has taken to prevent you from doing damage to their systems in retaliation, like, say, changing the root password, deleting your personal userid, removing you from the company directory, and then there are these:

Top 41 Signs You Are About To Be Fired

The point is, do what you need to do long before you are fired so as to make your exit as painless as possible. If your employer is not competent enough to take the nessecery steps, and so requires anti-employee insurance, then that's their problem, and it probably indicates they're too stupid to deserver to have you working for them anyway. If they havn't earned the respect of their employees, again, this is the mark of a bad employer and it's time to move on anyway.

It's simple, if any of the above events have occurred, plan to move on and if your company has purchased anti-employee insurance, it's time to het the hell out anyway.

--CTH

Re:If you are about to be fired...

[Verteiron]

Yeah. The first sign that I had been laid off from Deere & Co. was that my ID badge would no longer open the door to let me out of the building. Some nice guy used his badge to let me out, and then used it again to let himself out. I heard later he'd gotten in trouble for doing that, too, since the security system flagged him as having left twice. I guess the Proper Action would have been to leave me cooped up in the building overnight until someone got around to telling me I didn't work there anymore.

Re:If you are about to be fired...

[realdpk]

Of course, then the proper action would be for you to go to a lawyer and get them on unlawful imprisonment. :)

Re:If you are about to be fired...

Actually, where I work, the first you hear of your CR is the armed security guard plus manager who arrive at your desk to escort you out of the building and keep an eye on you while you collect your stuff.

Even the people who choose to take VR are usually hussled off site a few weeks early (at random) to avoid last day/week antics.

The joys of working in a top secret environment.

Re:If you are about to be fired...

[acceleriter]

Jesus. Scan to get out? Glad there wasn't a fire! (Yeah, sure, it'll fail open. We think.)

Re:If you are about to be fired...

[billatq]

Jesus. Scan to get out? Glad there wasn't a fire! (Yeah, sure, it'll fail open. We think.)

IIRC, it's fire code that buildings with those sort of doors automatically unlock when the fire alarm is going off. Of course, if someone was plotting corporate espionage, don't be too surprised when your building suddenly bursts into flames..

Re:If you are about to be fired...

[Verteiron]

It would not have made much difference... it was a motorized revolving door, with room for only one person at a time. Even if the badge scanner was turned off and the door solenoid held closed, that's still only one person per second or so going out that door, and that's assuming it's a nice neat line and not a mob of panicking employees. I'm not sure what their fire plan was.

Guido's Insurance Co.

[grub]

Hey.. you behind da keyboard. You need protection.. Things happen. Hard disks crash, software breaks, monitors get shot.. err.. dey break too.

Re:Guido's Insurance Co.

[Ko5mo]

If only I had the mod points... Nice.

Next Insurance Scam

[rodney+dill]

1. Start a shell company that does computer consulting
2. Buy computer equipment
3. Buy lots of computer sabotage insurance
4. Hire a lot of /. hackers
5. Sit back and wait to collect.


It sounded like a good idea at the time, all except for the orange pajama part.

Re:Next Insurance Scam

1. Start a shell company that does computer consulting 2. Buy computer equipment 3. Buy lots of computer sabotage insurance 4. Hire a lot of /. hackers 5. Sit back and wait to collect.

No no, you've got it all wrong!

1. Start a shell company that does computer consulting
2. Buy computer equipment
3. Buy lots of computer sabotage insurance
4. ????
5. Profit!

Read the fine print

[batobin]

I guess the lesson here is to read the fine print. The important thing to look for here is when the "dishonest employee" commits their dishonesty. From a logical standpoint, any malicious acts committed through the back-door should be covered by the insurance, merely because the back-door only existed because of dishonesty. But I'm sure the insurance company tried to argue, and support with the fine print, that the actual exploitation was the dishonest act, and occurred only after the employee was fired.

Here's something to make you think: what would happen if the dishonest employee created the backdoor, quit, and someone else from outside the company exploited the back door? Then who would have won? I'd love to examine the actual insurance policy to find out.

Re:Read the fine print

[realdpk]

Then who would have won?

The security audit firm that the employer then hires and places on retainer for future audits/work? :)

Re:Read the fine print

Here's something to make you think: what would happen if the dishonest employee created the backdoor, quit, and someone else from outside the company exploited the back door? Then who would have won?

Hmm, the lawyers? Or is this a trick question?

Earlier Article

Here is an earlier article on this exact subject

"Cyber-insurance comes into its own

The problem here is obvious

[niom]

His company had insurance against dishonest acts by employees

They should have bought insurance against dishonest acts by the insurance company.

Re:The problem here is obvious

[vegetablespork]

No insurance company is stupid enough to insure against a certainty!

Re:"Acts of root" (was: "Acts of god")

[Malfourmed]

"Acts of root" just doesn't have the same ring to it...

In other words an insurance policy won't get your system out of a sticky situation.

It's the insurance company's fault

[Proaxiom]

They should have better worded the policy.

I wouldn't be surprised if this kind of thing happens a lot over the next little while, until insurance companies (and in particular, the actuaries) can get their heads around the liability associated with network security.

As a developer in the security industry, I look on this as great news. I've been saying for a long time that what data security companies really need is for the insurance companies to start tying premiums to security infrastructure. When that happens there will be a clear ROI on security investment, and companies will learn quickly how to cover their asses better from these kinds of vulnerabilities.

Situations like this motivate the insurance companies to start assessing risk, and when they start assessing risk they start charging their customers for it, and when the customers are getting charged for it they start mitigating that risk. Right now, that just isn't happening.

Re:Could someone translate?

Since when is the article summary off-topic?

Insurance is NOT legalized gambling

[freeweed]

Besides the fact that gambling hasn't been illegal in many places for decades, this comparison really irks.

Insurance is about the *spread of risk*. If one in every 100 houses burns down every year, then everyone pays 1/100 of the cost of a new house annually. No single homeowner is burdened with the cost of a new house, but everyone pays a little to protect their investment.

Insurance, simply, is putting in something small on the off chance something bad happens that would otherwise cost you money. Gambling, on the other hand, is putting in something small, on the slight chance that you may come out of it with more than you put in. Yes, there is a difference. Mainly, in that insurance is not, and never has been, intended as a way to make money - only to help you not lose it.

As for insurance companies trying to 'get out of paying', you should know that by far, most claims get paid without question, once reasonable proof of loss is put forth by the insured (in Canada we're at something over 90% of all claims are not challenged). Fraud statistics, on the other hand, show anywhere from 10-50% (depends on who you ask) of all insurance claims are either bogus or inflated. Personally, I'm very happy that my insurance company investigates suspicious claims - it keeps my premiums down for when I actually DO need to use it.

Re:Insurance is NOT legalized gambling

[rmezzari]

Yeah, but the problem is that you are not paying 1/100 of the price of the house, instead you are paying for something like 5/100 of the price of the house. Of course they must have some profit and have they expenses too, but the insurance companies are a bunch of greed bastards. And try to get your car properly fixed after an accident - They will try to fix your car spending the less money possible, doesn't matter if the repair sucks. The insurance companies make deals with the worse and cheapest body repair shops that they can find, and you can't take your car to the mechanic that you trust because he is "not affiliated". Bastards! I speak from experience because I have a few accidents (not my fault) and have to deal with the bastards. Did I mention that they are bastards?

Re:Insurance is NOT legalized gambling

[rifter]

The insurance companies make deals with the worse and cheapest body repair shops that they can find, and you can't take your car to the mechanic that you trust because he is "not affiliated". Bastards! I speak from experience because I have a few accidents (not my fault) and have to deal with the bastards. Did I mention that they are bastards?

This is what you get for believing the insurance company. They cannot legally bar you from using any repair shop you choose. Of course they will try to get away with anything, especially if you do not involve a lawyer. That is the worst thing about the US, you have to defend your rights with money guns and lawyers or you get none at all. The government does not protect you here even though they pass the laws.

Insurance companies are some of the worst criminal organizations in the US. I noticed the one person who came to their defense was a Canadian and therefore of suspect sanity ;). But seriously, maybe things are different there.

It goes far beyond the problem where they make money with premiums then fail to pay because they don't feel like it. They routinely weasel out of paying, which in turn raises the cost of getting $SERVICE for which they are supposed to pay (hospitals, body shops, etc) besides the routine practice of charging more up front because $SHOP knows the insurance agency will require them to negotiate down from whatever price they charge, so if they charged a reasonable rate up front they would get screwed. People who pay directly usually pay this higher rate. YMMV.

Car insurance is even nastier, because often even though you pay for $KICK-ASSINSURANCECO the guy who hits you may have $SLEASEBAGSINC which charges $100/month and runs to Canada if they have to pay a claim. This is why I generally get uninsured motorist insurance. But so far I have been lucky and not had to fight the hellish battle of getting my car fixed after an accident.

Don't even get me started on the insurance companies that now get to be banks, and invest their (well actually it is *YOUR*) money questionably, possibly losing the lot.

I think if there were some kind of oversight agency for insurance, and the attorney general prosecuted insurance companies for fraud if they dared not pay their claims, it would be better, but then the insurance companies would whine that it is not profitable. You will notice the US government, in support of capitalism, will support any weasels who pay them money (even telemarketers and spammers). It would be neat if there were some kind of escrow fund where everyone pays $FACTOR * 1/100 of the cost of the house/boat/whatever (depending on some statistical analysis of the likelihood of claiming, etc) and that fund was used to actually pay out when it was needed, but that is not what is happening.

The endorsement said "computers and media"

[Beryllium+Sphere(tm)]

It's worth asking your insurance company whether they'll pay for losses from destruction of data. The bits on the media are almost certainly more valuable than the physical media. "Computers and media" coverage might not necessarily cover data erasures or alterations. A restore from backup could cost serious money even with no physical damage.

Back door? How about 40 foot tall electric fences?

Bah! This is just money and some gibberish files. Accounting lies, marketing hype, and that all so useful "boss memo" action. Who cares? What you NEVAR want to do is to whizz off or fire the admin who can leave the electric fences turned off in your monster island Jurrasic Park and YOU can't turn them back on. Now THAT is a dangerous "back door". I hate when that happens!

Insurance

[stalinvlad]

How much?

HINT:-Its price sensitive

Is insurance enough?

[razmaspaz]

If you have a really good cyber insurance policy, and you do the minimum required to not be found negelgent, is it enough to buy insurance and not "Secure" your computer assets? This assumes your insurance covers lost profits or reputitioon damadge and all taht other stuff that happens? Is it cheaper?

Not surprising

[jhylkema]

I'm frankly surprised that the insurance company actually agreed to pay. Keep in mind that the whole idea of an insurance company is NOT to pay.

Just like they did after 9/11, companies will probably start writing exclusions for this type of loss into their policies. If they don't, the price of the insurance will go sky high to the point that companies will simply go bare as the insurance costs more than the asset it's protecting.

a right or a privelage???

[LuckyLeprechaun31]

Should we have to pay for cyber insurance? Is protection from cyber fraud a right or a privelage? I'd like to say that it is owed to every internet user, but thats probably a little unrealistic....