Company offering computer hacker insurance
November 23, 1998
Imagine this: A dissatisfied technology worker at a mutual fund complex computer network hacks into the company website, disabling it for hours or even an entire day. Investors who rely on the Internet to make transactions and get information about their accounts will be frustrated and furious, overloading the customer service phone lines. Money and loyalty will be lost; investors will take their invested assets elsewhere.
This is a scenario that some familiar with the mutual fund industry are now painting. As computer and network technology gets more sophisticated, so too does the know-how of hackers. And people knowledgeable about computer networks agree that the most successful hackers will be from inside a company, with a knowledge of its particular computer system. While many companies have created products to defend against hackers, CIGNA Property & Casualty has gone one step further and created what may be the first hacker insurance. The product, introduced last month, is called CIGNA Secure Systems Insurance, and can insure up to $25 million in computer-related theft, damage or business interruptions.
Since he believes that property and general liability insurance does not cover hacker crimes, Nick Economidis, director of CIGNA's Information Asset Protection group, says this type of insurance might be important to mutual fund companies. Hackers pose a threat to a fund company's ability to calculate the net asset values of its funds each day and to execute transactions through its website, he says. Even minor disruptions in the flow of information or service can alienate investors, he says.
"Consumers are beginning to rely on their ability to go in and do transactions... this could really create a bad impression," Economidis said. Another example of the kind of havoc a hacker can wreak is to make it impossible for the fund to calculate daily net asset values for its funds by disabling its network.
"If the system is down, they're not going to be able to calculate that," Economidis said. Economidis says there are three types of hackers: the unsophisticated hacks that are out to have fun; the politically motivated that will target groups of businesses - companies that sell fur, for example - and the very sophisticated hacker who is targeting a specific company. He is usually an insider, and typically the most dangerous.
"They're the ones that you really need to worry about," Economidis said.
CIGNA released the new insurance after working on its development for about a year. Those who purchase the insurance must have installed computer security devices. CIGNA has formed alliances with NetSolve and Cisco Systems to help businesses meet underwriting criteria by setting up security systems. The insurance does not cover any breakdowns associated with the so-called Year 2000 problem.
The Computer Security Institute, located in San Francisco, says computer crime is costing U.S. businesses hundreds of million of dollars annually. According to its Computer Crime and Security Survey, which used Federal Bureau of Investigation data, 64 percent of the 500 companies which responded to the survey experienced computer security breaches over the past 12 months. That is up from 16 percent in the 1997 survey. Of the participating companies with calculable costs, they estimated total losses of $136 million.
Patrice Rapalus, director of the institute, said that the increasing use of the Web by businesses, including mutual funds companies, is making the threat more serious.
While the dangers hackers pose to all businesses is evident and appears to be increasing, mutual fund industry officials say they are confident that they are doing all they can to prevent such crimes.
Ric Weinstein, technical director for Global Investment Systems which licenses its mutual fund accounting software MFACT to mutual fund companies, says any of its systems are susceptible to internal hacking. But, GIS's software has built- in systems to detect data corruption so that any hacking can be easily spotted and thwarted, he says.
At Strong Funds, Byron Vielehr, vice president of electronic distribution, does not believe that hacking has been a major problem at Strong's website.
"We haven't had a lot of problems with (hackers). We're feeling really good with our overall security," Vielehr said.
Matthew Kovar, a senior analyst with The Yankee Group in Boston said that most large mutual fund companies like to control risk themselves and create their own in-house computer security systems. Smaller companies are more likely to buy third-party security systems, he says. He claims that the market for these computer and information technology systems has gone from $45 million in 1997 to $160 million this year. Although these and other mutual fund companies seem confident they can do without insurance against computer hackers and none has bought such insurance, Cigna Property & Casualty says that inevitably, the mutual fund industry will become a customer.