Today, infrastructure encompasses computer technology and key business processes and is increasingly web-based. Thus, the availability and security of computer networks and web sites have become a critical component of an organization’s risk profile. Even though preventative security steps can be taken by companies, there is no silver bullet that can make businesses completely secure. Insurance companies have to develop new insurance policies to provide coverage for online risks.
Cyber insurance covers a number of areas not normally spelled out in traditional policies. Failure to attend to information-security issues may result in contractual liability through material adverse effect clauses as well as representations and warranties regarding security, due diligence and compliance. The optimal model to address the risks of Internet security must combine technology, process and insurance.