Security Becomes A Business Requirement For eCommerce Companies, According To IDC - Industry Trend or Event

EDP Weekly's IT Monitor, May 8, 2000

The well-publicized attacks on Yahoo!, Amazon.com, CNN, and other popular Web sites earlier this year have placed increased focus on the need for Internet security, and generated renewed interest in the Web site insurance concept. According to IDC, the cyber attacks and all the headlines they generated will represent an inflection point in the evolution of Internet security.

"Dealing with security in a reactionary manner is no longer adequate," says Abner Germanow, research manager for IDC's Internet Security research program. "Security is now a core business requirement, and companies that continue to regard security as a necessary evil will be forced out of business by companies who use security technologies to launch high value applications."

The economic impact of a Web site disruption can vary widely. It is clear, however, that organizations relying on Web transactions alone for revenue are vulnerable to potential losses from both lost transactions and an erosion of customer confidence. Regardless if these disruptions are the result of cyber attacks or network problems, the most forward-looking enterprises and service providers are now looking to mitigate their online risks with a comprehensive solution that offers a mix of technology, specialized consulting services, and insurance policies. In fact, insurance underwriters are now beginning to offer policies through a network of agents that enable policyholders to recover verifiable business losses resulting from e-crime.

While insurance policies may be able to minimize the hard-dollar financial loss of a cyber attack, insurance cannot repair the subsequent damage to a vendor's reputation and the erosion of customer confidence that often accompanies such an attack. "An insurance policy alone is not sufficient protection against the wide-ranging risks emanating from today's largely unregulated cyber world," warned Richard Dean, program manager for IDC's Network Support and Integration Services research. "However, a Web site insurance plan supported by a tangible and interrelated security consulting, integration, and monitoring program does provide a maximum level of protection."

In response to customer demands, IT vendors and security firms are now partnering with insurance companies to provide security consulting and management services packaged with an insurance policy. IDC believes security consulting and management services are valuable because security is an ongoing, evolutionary process.

"IDC has long maintained that security must be a consideration at every step of the development process," Germanow said. "Best practice security also demands regular attention to stay on top of the stream of new vulnerabilities that appear almost daily."