Sorry about the length of this message...It makes interesting reading... _______________________________ Hacker Insurance By Rick Johnson The recent torrent of break-ins has companies looking for any way to protect themselves, and we all saw this day coming. Hacker insurance has finally hit the mainstream. The truly interesting part is that some companies are actually charging more depending on your operating system. J.S. Wurzler Underwriting Managers, one of the first companies to offer hacker insurance, has begun charging its clients 5 percent to 15 percent more if they use Microsoft's Windows NT software in their Internet operations. Although several larger insurers said they wouldn't increase their NT-related premiums, Wurzler's announcement indicates growing frustration with the ongoing vulnerability discoveries in Microsoft's products. A policy covering revenue lost due to hacking costs about $4,000 per year for each $1 million in coverage. Some industry observers believe other insurers may follow Wurzler's lead, which could affect the overall hacker insurance market ? a sector that the Insurance Information Institute estimates may generate $2.5 billion in annual premiums by 2005. "We saw that our NT-based clients were having more downtime [due to hacking]," says John Wurzler, founder and CEO of the Michigan-company that has been selling hacker insurance since 1998. Wurzler said the decision to charge higher premiums was not mandated by the syndicates affiliated with Lloyd's of London, who underwrites the insurance he sells. Instead, the move was based on findings from 400 security assessments that his firm has done on small-and midsize- businesses over the past three years. Wurzler found that system administrators working on open source systems tend to be better trained and stay with their employers longer than those at firms using Windows software, where turnover can exceed 33 percent per year. That turnover contributes to another problem: System administrators are not implementing all the patches issued for Windows NT, Wurzler said. Several insurers offer discounts to clients that use managed security service providers or put certain security devices on their networks. For example, last week, AIG said it would cut premiums up to 10 percent for clients that use a new security device made by Invicta Networks, a Virginia company headed by Victor Sheymov, a former KGB agent. Invicta claims its device, which uses an Internet Protocol address-shifting technology, is impossible to hack. Insurance can be a great selling point to potential clients. Do you really need it? Probably not. Ideally, you'll never need to cash in the policy, but insurance is there to cover the "what if" scenario. Sure, you will get a big fat check in the event that something bad happens, but the damage is still done. _____________________________________ ============================================================= Avenir Web's Linux Discussion List List info: //www.freelists.org/cgi-bin/webpage?webpage_id=13 To unsubscribe: email linux-discussion-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject line. Administrative contact: weez@xxxxxxxxxxxxx =============================================================