Thank you for sharing!

Your article was successfully shared with the contacts you provided.
Without insurance to protect against lawsuits, disasters and error, few entrepreneurs would take the financial leap of faith and launch a new venture. But in the emerging electronic marketplace, business is exposed to peculiarly modern risks. Criminals use the Internet and critical business information systems to commit credit cart fraud, identity theft or even extortion. These systems control sensitive customer data and company finances, yet suffer from poor electronic security. Some of these crimes-such as credit card fraud and identity theft-have become so common that they rarely command media attention. There is also a rising tide of legislation that has created new duties of care for businesses that trade in sensitive customer information, and hence enhanced exposure to civil liability for negligence. For at-risk businesses that have appropriate insurance coverage, however, the risks of malfeasance in connection with computer-housed data can be reasonably controlled. Some skeptics view such insurance as unnecessary or dubious as a matter of public policy, arguing that insurance does not address the inherent problems, such as weaknesses in computer security or terrorism, that created the need for it in the first place. And threats to computer security change continually, which makes actuarial predictions difficult to calculate. Yet in the absence of better information, cyberinsurance may add cost to the bottom line but could be well worth it for those at the greatest risk. No longer the purview of teenage hackers or the techie underworld, sophisticated criminals, working individually or as part of larger syndicates, use the disparate and anonymous nature of cyberspace to hide their identities and activities. Enforcement and apprehension can be costly and difficult. Thus, while businesses are now more likely to be victims of cybercrime, they are less likely to find their victimizers, let alone win court-ordered restitution or other monetary reimbursements. When hackers compromised 8 million consumer credit card accounts in February, zero-liability policies protected consumers, leaving credit card companies to foot the bill for unauthorized charges. Compliance issues, too Information security breaches that result in the disclosure of a consumer’s personal information may also create new legal liabilities. California’s Security Breach Information Act, which took effect on July 1, requires businesses and state agencies to notify citizens if their personal information is compromised, typically at the hands of thieves operating in cyberspace. Failure to warn a customer can result in company liability. For California’s largest businesses-enterprises with giant customer databases and an active trade in information-the law may be a litigation nightmare. Non-California companies also face information security requirements created by new federal laws, such as the Health Insurance Portability and Accountability Act. These obligations transcend state boundaries. Companies that provide insurance aimed at liabilities connected to computer data are selling a reasonable supposition: that the various risks and exposures of malfeasance on the Internet can be identified and controlled. Such insurance by itself does not prevent the security breaches, but it usually sets in motion a process of risk assessment and exposure mitigation, as well as cushions the financial fallout from a criminal incident. Since business insurance generally does not cover the novel risks associated with cybercrime or information-technology compliance, cyberinsurance complements traditional policies, covering a range of possible scenarios including denial-of-service attacks, network liability, cyberextortion and cyberterrorism, among others. Business interruptions caused by viruses or denial-of-service attacks need no longer result in lost revenue and mounting opportunity costs, especially for Internet retailers. By helping the most vulnerable online businesses minimize their risks and recoup dollars that would have been otherwise lost, cyberinsurance makes victimization easier to accept. The growth and importance of this type of insurance comports with public policy. The Terrorism Risk Insurance Act of 2002 is a federal response to terrorism in the real world. Cyberinsurance could do the same in the virtual world. Businesses that elect terrorism coverage for the loss of physical structures now have the option of similar financial protections for their virtual risks. In the long run, the presence of such insurance will encourage greater prevention of crime in cyberspace by assessing insurance risks. Steven E. Roberts, a homeland security consultant, is an NLJ columnist. He can be reached at [email protected].

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]

Reprints & Licensing
Mentioned in a Law.com story?

License our industry-leading legal content to extend your thought leadership and build your brand.


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.