ISO Introduces Cyber Risk Program to Help Cover $7 Trillion E-Commerce market in USA

JERSEY CITY, N.J. (Jan. 11, 2005) — ISO has introduced a new line of insurance to cover cyber risk, a growing threat to the world’s nearly $7 trillion in electronic commerce. The new insurance program, including policy contract forms, underwriting rules, loss costs (projections of future claims) and an advisory application supplemented by an advisory underwriting guide, has been filed in 54 jurisdictions and has already been cleared for carriers’ use in 15 jurisdictions.

While some cyber risk insurance protection has been available as sub-coverage in some lines, such as inland marine and general liability, or in the specialty markets, ISO’s Internet Liability and Network Protection Policy brings e-commerce coverage into the standard market.

“Every business using computers to store critical data, interact with customers or suppliers, or perform other essential processes is exposed to cyber risk,” said Kevin B. Thompson, senior vice president of ISO’s Insurance Services unit. “The Internet and web are fueling extraordinary productivity growth but also make invasion of privacy, cyber extortion and business interruption possible on an unprecedented scale,” noted ISO’s executive.

“Developing a standardized program to address cyber risk is a natural step in the evolution of insurance markets. Now, through the Internet Liability and Network Protection Policy, coverage is available for cyber risk like that available for traditional risks,” he said.


The menu-based policy comprises five separate agreements:

  • Website publishing liability provides coverage against Internet-related publishing perils, including libel against a person or organization, and copyright, trademark, and service mark infringement allegations arising out of content published by the policyholder on its website.
  • Network security liability covers the policyholder against claims for failing to maintain the security of a computer system resulting in unauthorized access and publication of personal information, such as credit card numbers or personal medical information.
  • Replacement or restoration of electronic data provides coverage for the cost of replacing or restoring electronic data lost or rendered inaccessible because of an e-commerce incident, such as a virus, malicious instruction or denial-of-service attack.
  • Cyber extortion provides coverage for extortion expenses incurred and ransom payments made because of an extortion threat. Extortion is defined as a threat to commit an e-commerce incident, disseminate the policyholder’s proprietary information, reveal a weakness in its source code or publish personal information belonging to policyholders’ clients.
  • Business income and extra expense provides coverage for loss of business income or extra expenses incurred as a result of an extortion threat or e-commerce incident.

Special provisions and endorsements

Each agreement has its own aggregate limit of insurance, subject to an overall policy limit. Under the liability insuring agreements of ISO’s program, the insurer has a duty to defend its policyholders in litigation. Defense expenses are payable within the limits of the policy.

Moreover, the agreements are written on a claims-made basis, providing coverage only if a claim is made during the policy period or any applicable extended reporting period. The ISO program also provides various endorsements that permit insurers to cover policyholders anywhere in the world.

“We developed this policy to protect companies from the rapidly evolving risk of using the Internet as a business tool,” said Thompson. “Our program is designed for eligible commercial enterprises, including nonprofit organizations that have a presence on the web.

“By developing a program consisting of five agreements, we allow companies to tailor coverage for individual businesses based on the way they use the Internet,” said Thompson. “This new program will open a growing cyber risk market — whose premiums are projected by some analysts to reach $1 billion in 2005,” Thompson said.

About ISO

ISO is a leading provider of products and services that help measure, manage and reduce risk. ISO provides data, analytics and decision-support solutions to professionals in many fields, including insurance, finance, real estate, health services, government and human resources. Professionals use ISO’s databases and services to classify and evaluate a variety of risks and detect potential fraud. In the U.S. and around the world, ISO’s services help customers protect people, property and financial assets.