A Threat of 'World War Web'

Risk & Insurance, Dec, 2001 by Lori Widmer

"Visualize a virus coming in and destroying a whole building full of people. That's what technology terrorism can do (to a company's infrastructure)," Taffae says. "A lot of companies are dependent on business-to-business exchanges. Most are dependent on supply distribution and supply inventory on exchanges. What happens if they break in to the New York Stock Exchange? Imagine if terrorists broke into the Social Security Administration and wiped out the data bank. The Internet is the roadway into company records. We talk about the next world wan It might just be the World War Web."

Insurance Issues

Coverage for cyber-terrorism is dicey. While many insurers offer specific cyber-risk policies that cover denial-of-service and hacker attacks, cyber-terrorism has not been addressed fully in these policies, insurance companies that Risk & Insurance spoke with are evaluating the risk and its implications. Some policies for cyber risk have no exclusion for cyber-terrorism, such as those offered by e-perils.com and InsureTrust.com. Some specifically exclude cyber terror, such as those offered by Liberty Mutual, and others exclude acts of war, such as those offered by e-Sher, InsureTrust, and Zurich.

Some indicate that cyber-terrorism may or may not be covered, depending on the circumstance. Officials with Chubb say the company's CyberSecurity policy may exclude terrorism under certain conditions.

That's creating a problem finding affordable coverage, according to Ben Adler, account executive and practice leader of the technology risk management practice at Mathog & Moniello Cos., Inc., East Haven, Connecticut. Adler says that as the tech risks from new threats increase and become high priority, insurance will become more difficult to obtain at a reasonable cost.

Cyber security will undergo a shift m importance, says Laykin. "The whole concept of computer or cyber-security is not some far-off, intangible concept that will not have an implication or a direct impact on your life or your business's viability. The sense now is that IT security is transcending information technology. The correlation between IT security and general protection security is also being made. Online security will be indistinguishable from general security. Having IT security has been a step on the ladder to a fully integrated security mindset. In the future, one will not distinguish between the two."

Security Measures

Even with the very real existence of terrorism in America, security experts say their phones aren't flooded with calls from anxious customers. "The atmosphere is almost as if we're in the eye of the hurricane," says Laykin. "After September 11, with the exception of disaster-recovery work, the telephones in the security industry have stopped ringing. There's been this wait-and-see attitude on the client side. People are very concerned about making the right moves."

Laykin says that the start of assaults in the Middle East resulted in a small surge in business. "Corporate America now knows the direction we're going and we can now adjust and implement security in the new fashion."