A new Web site insurance plan is seeing a boom in business in light of recent hacker attacks against large e-commerce businesses.
WISP (Website Insurance and Security Program), offered by J.S. Wurzler Underwriting Managers of Lansing, Mich., will cover revenue losses as a result of hacking or cracking, plus compensate for loss of intellectual property and virus infection clean up fees, according to founder and president John Wurzler.
“We insured eight companies in 1999. In January of this year, we’ve insured 44,” Wurzler said, adding that company analysts foresaw both the need for this insurance and an increase of attacks. “I don’t wish ill will on anyone, but it’s going to keep happening.”
He noted some companies who decided against insurance have since called, after seeing what happened to Visa, where 2,500 credit cards numbers were stolen, E-Bay, whose second-quarter 1999 revenue dropped by up to US$5 million due to the 22-hour outage on its Internet site, and Yahoo!, which along with others was flooded with information requests by crackers.
Wurzler works with SNCI (Secure Network Consulting Inc.), a subsidiary of Axent Technologies in California, which assesses the Web sites of potential customers and conducts reviews once the site has been insured.
Charlie Johnson, SNCI vice-president and general manager, said there is no such thing as 100 per cent security, but SNCI assesses what measures are in place, including firewalls and an information security policy.
“We assess and then suggest changes. We will train staff on awareness. Will people notice an anomaly?” he asked. ” We test people to see if they notice when the computer is doing something strange and we check to see if they notify anybody.”
He added the WISP program helps his company because at the end of their assessment, they can tell their clients their sites are now insurable.
T. Shipley, an on-line and print office supply catalogue vendor based in Maitland, Fla., has been insured for 90 days now.
CEO Thomas Shipley said it just made good business sense.
“I’d recommend it the same way I’d recommend business insurance,” Shipley noted. “No one wants the extra expense, but we need it.”
According to Shipley the rates are reasonable when based on the “magnitude and severity of the problem.”
Wurzler noted the rates range between US$4,000 and US$250,000 depending on the amount of insurance provided. The policies will not be paid out if there is a violation of the warranty. For example, a company claiming a loss due to virus damage has to actually use the detection software it claims to employ. Wurzler said claims would also be denied if loss is created by the claimant, “just like home insurance.” He added the rates are higher because in the e-commerce business that kind of loss could go undetected.
“If companies are up front with us there won’t be any problem,” Wurzler said.
