As companies increasingly do battle with hackers, viruses, data privacy leaks and theft and other cyber mishaps, insurers are developing cyber-insurance policies that protect firms across all industries—from financial services to retail to healthcare—against business interruption, data destruction, cyber extortion, cyber-terrorism and other threats to companies' IT systems.

Beginning in 2000, as cyber risks became more prevalent and companies got more involved in e-business, the insurance industry began to develop products that underwrite those risks. Still, only about $100 million in cyber insurance has been sold so far. Says Gartner Inc. research analyst Vincent Oliva: "That's pretty small when you look at the multitrillion dollar insurance industry."

But the market is projected to grow as information security threats to companies increase. The Insurance Information Institute estimates that cyber-insurance policies will generate premiums of $2.5 billion annually by 2005, though Oliva says it will more likely be around $1 billion. The reason? Cost. "For companies looking for cyber insurance now, the perception is that it is expensive," he says. While premiums for small businesses can cost as little as $1,000 for a basic policy, broad coverage for a major corporation can cost up to several million dollars annually, says Oliva. Such policies can include everything from network security to identity theft, cyber-extortion, cyber-terrorism and cyber-related business interruption and data damage.

[ Read more ]