Crisis in Cyber Space: The New Battle Front

CyberAttack_400"Cyber Attack", "Hackers", "Malware" and dozens of other new words attempt to identify 21st Century high-tech burglars.

Since computers now control much of our daily lives, this threat is constant and potentially financially devastating.

Most users have one or more programs to fight computer viruses.  But the cyber burglars work from remote locations in Russia, India and hundreds of other untraceable places to attack servers with programs designed to extract data from individual computers.

The main target of attacks are any entity that has financial data.  The objective of these new burglars is the same as old-time burglars --- get the money!

Of course, federal and state laws strictly prohibit all forms of cyber burglary but how can they be caught much less prosecuted hiding in their remote corners of the world?

Congress continues to work on the problems as does Homeland Security, FBI, Secret Service, CIA and dozens of other public and private agencies.  But the problem continues to grow.

And the victims are citizens and businesses just trying to use the marvels of new technology.

The losses and potential losses have birthed a whole new form of insurance --- cyber risk insurance.



  • If you store or process identifiable information of customers or employees
  • Have a company website
  • Advertise online
  • Do online sales and marketing
  • Have company email
  • Issue laptops or smart phones to employees

A recent study by the Ponemon Institute found the cost of a data breach has reached over $204.00 per record.  A breach of 1,000 records would mean $204,000.00 etc.

Traditional property and liability insurance products may cover some level of protection.  However, there are limitations in the policies that need to be examined.  Traditional limitations for such theft include:

1.  Computerized or electronically stored data programs or software which may be excluded as "tangible property".

2.  Standard insurance may erode quickly due to the potential for high-dollar losses.

3.  Policy exclusions for media or Internet-type businesses, electronic chat rooms or infringement upon intellectual property rights.

4.  Certain standard policy provisions provide only limited coverage for lost data that is published "such as defamation, invasion of privacy or infringement-type claims.

There also is generally no coverage to notify those affected and no coverage should they suffer monetary losses.

The newer cyber liability policies can cover:

  • Network information security liability
  • Communication and media liability
  • Regulatory defense expenses coverage.

The best way to develop a cyber security risk plan is to meet with both your insurance agent and attorney to assess your risk. You can manage cyber risk by:

1.  Developing an incident response plan just like a disaster recovery plan

2.  Make sure firewalls and antivirus programs are regularly updated

3.  Develop appropriate segregation of responsibilities within companies with multiple users

4.  Safeguard personal information of employees and customers

5.  Develop system security procedures and conduct periodic staff training to support the procedures

6.  Safeguard laptops and other mobile devices

7.  Use appropriate encryption for electronic confirmation.

Even doing all this, in today's world there is no way to protect your information 100 percent of the time so having cyber insurance could mitigate against loss just like you insure against loss for fire, storms and other perils.