Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cyber Risk Insurance?

Posted by Cliff on from the unnecessary-nuisance-or-worthwhile-protection dept.

a little lethargic asks: "I work at a medium sized business (20-25 computer users, out of house web server, in-house Win2k profiles and file server, ADSL connection, firewalled, nightly tape backup - a pretty standard small business-type setup). Our insurance company's 'Technology Risk Group' is trying to get us to purchase 'Cyber Risk Insurance'. The minimum premium for their policies begins at Cd$3500. Management wants to know if we should consider this or not. Has anyone on Slashdot dealt with similar insurance issues and might they have experience or insight to share?" "Here's the pitch, in their words:
New risks have emerged as corporations rely more heavily on information networks and the internet to improve their competitive position, efficiency and quality of service. Corporate governance mandates that principal risks be identified and appropriately managed and senior management be held accountable for the systems put into place to address and mitigate their risks.

A few examples of these risks include:

- Third party lawsuits as a result of a privacy breach and a release of personal or confidential information including identity theft
- Copyright and trademark infringement claims stemming from corporate web sites
- Business interruption as a result of a security breach, virus or network interruption
- Breach of corporate network security policies by an employee..."
Would you spend money obtaining such an insurance policy for your company?

1 of 19 comments (clear)

  1. An analysis by dacarr · · Score: 3, Interesting
    The "corporate governance" line - last I checked, that assumes your company has procedures in place that would do exactly that.

    Back up your data.

    For the examples:

    If you're keeping your client data outside the firewall, you're asking for trouble. Put it behind the firewall. Back up your data.

    Copyright and trademark infringement is a realm best left to the corporate attorney.

    Back up your data.

    Network interruptions for the outside world are inevitable, though hopefully rare; if you loose internet connection frequently, change providers. Viruses and break-ins can be prevented by AV software and firewalls. Frankly, too, if your business relies solely or largely on a website, you should have an offsite mirror.

    Back up your data.

    A breach of network security from inside can be prevented, but it's not impossible to abate entirely. Odds are though they did it so they could get their Kazaa connection going.

    Did I mention that you really, really should back up your data, by the way?

    --
    This sig no verb.