INTERNET SAFETY.

• Author: Davis, Kathy
• Position: Brief Article

Insuring the New World of E-commerce

It used to be all you had to do to make sure your credit card was safe was check your wallet or tear up your carbons. Now you have to worry about e-crooks stealing it off the internet.

"Theft is not [of] hard goods anymore," says Tom Watson, president of Gastonia-based Watson Insurance Agency Inc., "it is information and intellectual property."

This phenomenon is especially troublesome for business. Whether your organization is a young, high-tech enterprise offering cyberspace products and services or an established, "bricks and mortar" company venturing into e-commerce, it is facing a new set of risks due to the interactive nature and widespread accessibility of the Internet. An airline company, for example, needs to make sure that consumers accessing its information system to make online reservations cannot also access its financial data or human-resources information. Organizations that collect and maintain large amounts of personal and private information on their clients, such as law firms and health-care providers, need to protect that information from confiscation by hackers.

What is the best way to manage this risk? "I don't think you can ever be 100% secure," says John Cugliari, director of marketing for Piedmont Technology Group Inc., a Charlotte-based information technology risk-management firm. "You can only have the mechanisms and procedures in place to keep yourself as secure as possible."

One answer is additional insurance coverage, but the industry is in the early stages of developing policies and procedures to address cyber-risk. "This area is truly evolving for insurance companies," says Bret Grieves, vice president of Scott Insurance in Greensboro. In addition, businesses should be aware that when an insurance company offers a policy to cover cyber-risk, it wants to see that the insured has put appropriate security mechanisms in place.

Where should you start in evaluating whether your company has the insurance protection it needs for its e-commerce activities? Bill Yeager, president of Charlotte-based McNeary Insurance Consulting Inc., suggests looking at what you have in place first. Determine what coverage is provided in your current comprehensive general-liability policy. Then see if it is possible to broaden the list of what is covered or modify exclusions to address your company's needs better.

Make sure that you have worldwide liability coverage, says Jeff Cole, assistant vice president and risk-management consultant at McNeary. The Internet is worldwide, so injured parties may be outside of the United States.

Jim Byrd, vice president of e-commerce at Key Risk Management Services Inc. in Greensboro, cautions that coverage for e-commerce risk can be expensive because it is so new. "It's difficult [for insurers] to price because there is no experience," he says. Businesses need to weigh the expense of such insurance against their financial exposure. Yeager adds that underwriters often give more competitive rates to established companies that are using the Internet as a new distribution channel than to new e-commerce-type companies.

Gene McCarthy is North Carolina business-development leader for the Marsh Technology Group of Marsh Inc., a risk-management and insurance firm with offices in Raleigh and Charlotte. He says a technology risk assessment can help a company identify its exposure and the security mechanisms needed to address them. Conducting an assessment and taking action based on the findings can drive down the premiums for insurance coverage purchased as an additional safety net.

Although a lot of publicity has been given to...