CNET también está disponible en español.

Ir a español

Don't show this again

Tech Industry

Insurer: Businesses unaware of online risks

As companies adapt to the Internet, most still don't understand the risks that can arise from conducting business in a digital world, according to St. Paul Companies.

    As companies adapt to the Internet, most still don't understand the problems and risks that can arise from conducting business in a digital world, according to St. Paul Companies, an insurance heavyweight.

    Insurance agents and brokers need to educate their clients about e-commerce hazards and the like, and where gaps might lie in their insurance coverage, the company said. St. Paul Companies provides commercial property-liability insurance and non-life reinsurance to a number of Fortune 500 clients.

    Since most traditional insurance policies were created before the Internet, a company's coverage might not extend to such issues as hacking events, denial-of-service attacks, Web site extortion, unintentional release of confidential information and copyright or trademark infringements. And those issues are only becoming more prominent as critical services increasingly go online.

    A study released in May found, for instance, that at least 4,000 denial-of-service attacks happen each week. Denial-of-service attacks attempt to crash computers connected to the Net so people can't access them.

    The growing incidence of network attacks and Internet security glitches highlights the need for companies to consider wider insurance coverage to protect their businesses.

    That protection does come at a cost. Just last month, Wurzler Underwriting Managers upped the price for insuring companies that use Microsoft's Windows NT server software, on the basis that the software has had a series of security problems. Wurzler, one of the earliest agencies to offer hacker insurance, began charging its clients 5 percent to 15 percent more if they use Microsoft's Windows NT instead of Unix or Linux for their Internet operations.

    One analyst points out, however, that it is still unclear how fault would legally be determined in the case of, say, a hacking attack or a Web site outage.

    "There's not a lot of precedence here in terms of (identifying) where responsibilities start and stop," said Preston Dodd, senior analyst with Jupiter Media Metrix. "The lines are getting grayer as we deal with a more digital world, so the point of transfer of information or responsibility is a little bit less clear than it's been in the past."

    Although the need for this type of insurance is not yet widespread, as more and more companies operate on the Internet, "it's a harbinger of things to come," Dodd said.

    The St. Paul Companies, which recently surveyed executives at some 1,500 companies in the United States and Europe, said businesses do not adequately understand the risks posed by technology and lack the tools to manage them effectively.

    The St. Paul, Minn.-based company said it is not raising rates to its standard property and liability insurance contracts to cover the risk of e-commerce, but instead it is offering additional coverage as a supplement to the standard deal, at a higher premium.