Partner With Us

It may be impossible for even the most fortified Internet companies to ensure their Web sites will not be hacked, but they can always insure themselves against losses from unwanted intrusions.

That's right: hacker insurance.

Such policies have been available for almost as long as the Internet has been a commercial medium, but they are now seeing a burst of interest from popular Internet sites sobered by a series of attacks earlier this month.

Most Internet companies like the popular portal Yahoo Inc. already carry insurance for disruption of business resulting from a power outage or an earthquake. Yet many of the same companies have to date gone without policies covering security breaches, perhaps on the theory they had built the best cyber-fortresses money could buy.

"I'd say activity is up four or fivefold this month," said Phil Hart, vice president of technology underwriting at American International Group Inc. . AIG in January began offering insurance for losses of up to $25 million resulting from hacking incidents, but initially got a lackluster response from companies that seemed convinced their sites were impervious to hacker attacks.

That changed abruptly early this month when Yahoo, eBay Inc., Amazon.com Inc. and other blue chip Web sites were shut down by hackers who have yet to be found.

While a number of these sites have maintained publicly that there was no financial impact from the shutdowns, they are quietly racing to supplement their coverage.

Sources in the insurance industry say that few if any of the Web sites shut by the "denial of service" attacks two weeks ago carried hacker insurance, but that all of them are now rushing to compare policies, currently offered by about five insurance companies worldwide.

If the Web sites that were hacked have been low-balling estimates of money lost from the shutdowns, a closer look suggest many hidden costs that have not yet been considered. Yahoo, for instance, says it was able to reschedule all the ads that were taken down with its site. However, it has not yet said anything about the investments it will likely have to make to help protect against future attacks.

Yankee Group analyst Matthew Kovar estimates that the lost business, ad revenue, and additional security investments resulting from the high-profile hacker attacks of the past month may have cost the industry as much as $1.2 billion.

And while those attacks did not involve any data theft, insurers warn that intrusions in which some sort of proprietary information is stolen are also common, and can result in costly litigation.

Also receiving new interest is coverage for actual damage by hackers to a company's own systems. Garrett Koehm, an executive vice president for the San Francisco-based Tri-City Brokerage Inc., says such losses are not always covered in a company's primary insurance package, and that Internet businesses are taking a closer look at precisely what their existing coverage includes.

Tri-City, which offers coverage through Lloyds of London and other insurance, also advises Internet companies to protect themselves against corporate espionage and sabotage to their systems by disgruntled employees.