Hacker insurance becomes a priority

Insurance firms are hoping for a boom in business as companies scramble to protect themselves against the rise in computer crime.

Internet fraud, email abuse, hacking and viruses are among the crimes set to rise over the next 20 years, according to research commissioned by the Association of British Insurers (ABI).

According to the report - Future Crime Trends in the United Kingdom ? which was prepared by independent research group Building Research Establishment, increasingly sophisticated hacking tools will make these crimes easier to commit, even for the unskilled.

Of even greater concern, it predicts that specialist "hackers for hire" will pose an increasing threat to the security of corporate systems.

Mary Francis, the ABI's director general, said: "I hope the research will help organisations identify some of their vulnerable points, and encourage them to build as much protection as possible into their information systems."

"Insurance products are continually developing to meet the demands of new technology, but, as ever, prevention is better than cure, and we must all do what we can now to prevent these crimes before they have a chance to start," she added.

A spokeswoman for the ABI said that the market for insurance against security breaches, which has until now been restricted to a few specialist brokers, is set to expand.

"In order to be covered, firms will have to improve their security so the risk to be insured against is a genuine risk, rather than a likelihood," she said.

Because of the lack of experience in the industry, she said users should be clear of what is included or excluded in any insurance policy, and stressed the importance of defining their requirements carefully from the start.

Security firms are beginning to team up with insurance brokers to offer policies that protect against loss of revenue and information arising from security breaches. For example, MIS Corporate Defence has today announced it has teamed up with insurers J S Wurzler to provide companies with loss of revenue and virus attack insurance.

The risk assessment is based on a security audit carried out by MIS which is then submitted to Wurzler for approval. The policy carries a premium based on the integrity of a company's IT security infrastructure.

But Andrew Tanner-Smith, an industry analyst at Frost & Sullivan, said that setting up insurance cover for these eventualities is fraught with difficulties for users.

"It's very difficult for firms to put a value on the confidential information which is needed to establish the extent of insurance cover," he said. "There is also a natural reluctance to disclose confidential information about security to any third party because it might affect the share price of firms."