05 June 2009

Insurance

Posts relating to the category tag "insurance" are listed below.

05 June 2009

E-Commerce and Insurance - The Definitive Guide

On Tuesday I attended an e-commerce insurance book launch by the Insurance Institute of London in the Old Library at Lloyd's of London.

Partial image of the cover from 'Insurance Aspects of E-Commerce' by the Research Study Group 256 of the Insurance Institute of London showing part of the cover photo - a single key labelled 'help' above the keyboard hanging on its spring

Insurance Aspects of E-Commerce was drafted by members of the Insurance Institute of London (IIL) Research Study Group 256. It's worth pointing out that "e-commerce" here refers to doing business electronically, rather than the narrower concept of online payments i.e. payment by debit and credit cards. The publication has chapters about:

  • the effect of IT on the London insurance markets
  • brokers' views on e-risks and e-trading initiatives
  • security of e-commerce
  • experience in underwriting e-risk insurance
  • online third party risks
  • first party risks
  • regulation of online insurance
  • the effects of the Electronic Commerce (EC Directive) Regulations 2002
  • review of the current London (i.e. UK) market.

So it not only explores the issues and challenges to underwriters of e-commerce insurance (sometimes also referred to as cyber liability, internet liability insurance, online insurance or e-trading insurance), but also the effect of IT on insurance (e.g. streamlining, standardisation and e-trading), the regulatory background, issues of e-trading for insurers and a thorough, yet jargon-free, explanation of the information security issues. The latter correctly highlights that e-commerce security is not just related to technology—it's a combination of technology, people and culture.

The e-risk factors for businesses seeking e-commerce insurance are described and include the organisation's activities, locations, turnover, number of staff and the scale of its online activities such as direct revenue and traffic (e.g. web site visitors numbers). Increasingly the organisation's risk management framework and disaster recovery plans are a consideration in whether insurance can be obtained and what the premium is.

The publication is worth reading by anyone responsible for a transactional web site—regardless if they are seeking any form of cyber insurance—they have ownership, marketing, compliance, governance or information system responsibilities. Perhaps only the 25 pages of Chapter 7 concerning regulation of online insurance would not be of interest to non-insurance readers.

The 170-page A5 book is available from the IIL for £59+postage, with a discount for IIL and Chartered Insurance Institute (CII) members. ISBN 978-0-900493-88-1.

Posted on: 05 June 2009 at 08:45 hrs

Comments Comments (2) | Permalink | Send Send

02 June 2009

Are We Approaching the Age of Software Liability?

The European Commission has been discussing whether software developers, and companies providing digital services, should be liable if things go wrong for consumers.

The articles Is Software Liability Part of the [Security] Solution? and EC Wants Software Makers Held Liable for Code discuss the concept of extending the current physical product liability laws the software and digital services. There is certainly a strong consumer protection ethos in the EU which doesn't necessarily exist in other parts of the world. Will we be seeing software product recalls and consumer software litigation sometime soon?

Photograph of a UK shop window with two food product recall notices and an incorrect labelling notice posted

Will this affect online web applications aimed at the consumer market? If this idea becomes reality, then it would probably apply to all types of software regardless of whether it's only accessed on a desktop or over the internet. So web sites would be affected.

Of course, liability for software already exists. Many contracts place requirements on software and software service providers, but this is mainly within the commercial sector. The issue of low-cost, or free, software and services, or software that has been developed as a community project would have to be considered in any legislation. I'm sure we've all heard about cake stalls being banned due to lack of insurance. Let's hope reasonableness prevails and we don't kill off our creative industries.

Have you discussed this with your MEP? Have your say in the European elections on Thursday!

Posted on: 02 June 2009 at 07:48 hrs

Comments Comments (0) | Permalink | Send Send

30 January 2009

Cyber Liability Insurance

Nowadays many organisation's main assets are their information and networks rather than physical things like office buildings. Also, the protection of the privacy of employees, customers and the public is a growing issue.

At a talk organised by the Insurance Institute of London, Emily Freeman of insurance brokers Lockton explained why conventional insurance policies such as general commercial liability, professional indemnity, errors and omissions (E&O) liability, criminal damage, privacy and property protection are very unlikely to cover the effects of information damage or loss. If you want insurance to offer worldwide protection against damage and consequential losses, possibly with the involvement of insiders, you need an explicit policy—typically called cyber liability insurance.

Not all cyber liability insurance products are the same and the package should be discussed with your existing broker or one that specialises in cyber insurance. The aspects to consider are:

  • data network availability and damage
  • loss or damage to sensitive data
  • internet defamation, copyright and trademark infringement
  • data breach notification and crisis management
  • regulatory investigations, fines and penalties.

Apparently there is now a trend in litigation moving on from omissions and correctness, to "is it doing it securely?".

Chart containing a pyramid with 'Did we receive it?' at the base, 'Does it work?' above and 'Is is safe?' at the top, and an upward pointing arrow with the label 'We are heading this way'

Something, then, to be considered more in web application specifications and acceptance testing.

Web site operators (especially those that collect personally identifiable information, rely on the web site for critical business processes, operate in a more highly regulated environment, or who allow users to contribute content) should investigate the risks and possible benefits of cyber liability insurance. No web-enabled system can be completely secure, but you'll need to demonstrate that you are applying and monitoring security best practices—otherwise you might not be able to transfer any risk at all to an insurer.

The recent data breach at Heartland Payment Systems in the United States reminds us that compliance is not security. It seems the data was copied using a technique requiring a high level of system access. Take care!

Posted on: 30 January 2009 at 08:34 hrs

Comments Comments (1) | Permalink | Send Send

Insurance : Web Security, Usability and Design
http://www.clerkendweller.com/insurance
ISO/IEC 18004:2006 QR code for http://clerkendweller.com

Page http://www.clerkendweller.com/insurance
Requested by 38.107.191.117 on Wednesday, 10 March 2010 at 15:33 hrs (London date/time)

Please read our terms of use and obtain professional advice before undertaking any actions based on the opinions, suggestions and generic guidance presented here. Your organisation's situation will be unique and all practices and controls need to be assessed with consideration of your own business context.

Terms of use http://www.clerkendweller.com/page/terms
Privacy statement http://www.clerkendweller.com/page/privacy
© 2008-2010 clerkendweller.com