Insuring Security

As the risks of lost data and buggy systems increase, underwriters are offering cyber-insurance policies. But what exactly are you paying for?

As companies increasingly do battle with hackers, viruses, data privacy leaks and theft and other cyber mishaps, insurers are developing cyber-insurance policies that protect firms across all industries—from financial services to retail to healthcare—against business interruption, data destruction, cyber extortion, cyber-terrorism and other threats to companies IT systems.

Beginning in 2000, as cyber risks became more prevalent and companies got more involved in e-business, the insurance industry began to develop products that underwrite those risks. Still, only about $100 million in cyber insurance has been sold so far. Says Gartner Inc. research analyst Vincent Oliva: "Thats pretty small when you look at the multitrillion dollar insurance industry."

But the market is projected to grow as information security threats to companies increase. The Insurance Information Institute estimates that cyber-insurance policies will generate premiums of $2.5 billion annually by 2005, though Oliva says it will more likely be around $1 billion. The reason? Cost.