• United States



by Sandy Kendall

Should the government guarantee insurance coverage for computer infrastructure?

Dec 09, 20022 mins
CSO and CISOData and Information Security

Two weeks ago President Bush signed the Terrorism Risk Insurance Act. In a little speech before the signature went down, he said, “Today, with terrorism insurance, we’re defending America by making our economy more secure.”

The logic behind that claim is that large-scale construction has slowed since 9/11, partly because of insurers unwillingness to cover large or high-profile buildings and their occupants in the event of terrorist actions. According to Bushs speech, more than $15 billion in real estate transactions have been canceled or put on hold because owners and investors could not obtain the insurance protection that they think they need. With the government now both requiring the coverage be offered and providing a safety net for insurers in case terrorism-related damages are impossible to cover, stalled projects can get underway and new ones can be broached. When that happens, as the president said, itll “get our hard-hats back to work.”[Applause.] And then they can buy stuff like cars and furniture and shoes and broadband and food, even. Thus spurring the economy. So thats all taken care of.

But what about the rest of us?

CSOs and CIOs have also been facing a dearth of insurance options for their organizations networks, systems and data. When they can find it, its often crazily expensive. Premiums can range from $5,000 to $60,000 per million dollars of coverage, according to Jill Tellez, director of the network risk practice for Aon Risk Services, which provides cyberinsurance. She told the Silicon Valley Business Journal, “It is a fair amount of expense. For a small company, it looks somewhat out of line for $15,000 to $20,000 if their overall property and casualty insurance might cost that much.”

Yes it does. So a lot of companies cant afford to cover their virtual assets to protect them from loss, theft or damage resulting from terrorismor any other cause. But unlike builders, they cant put their projects on hold. This leaves many companies vulnerable to attacks on the nations critical infrastructure or on their own systems.

Should the government take steps to guarantee insurance coverage for computer infrastructure and intangible assets? If you ran the world, how would you set it up?