Nov 17 2004
Murphy’s Law
An IT insurance policy is going to be just like any other insurance policy out there; it’s designed to be unreadable and setup with so many loopholes that it’s going to leave you with your pants down when you most need it. While I have no direct experience with any of the various IT insurances running around, I was Life and Health Insurance licensed at one time (something I’m still paying penance for). Insurance laws are generally written by the insurance company, for the insurance company. Any laws on the books that appear to protect you, the customer, are only there for appearances sake. Not that I’m cynical or anything.
I have to say that I find it comical that the company had 5 different backups of their data, but only one of them, the printout, was in a non-volitale format. Why didn’t they have a copy on CD or something else that could be read from but not written too? I hope they learned a lesson and that any important information they have is a more securely backed up now.
IT insurance of any type is still too new of a field for anyone to feel comfortable with. The insurance companies don’t have enough of a history on the IT field to create a real actuarial table, but they do have enough information to craft a contract that has exclusions for most real world issues. A contact of mine recently asked me about ‘hacking insurance’ for his company. We talked about it and agreed that unless your part of a company that does the majority of business online, the insurance isn’t going to be a good investment. The list of exclusions and requirements on the policy was long, complex and full of escape clauses for the insurance company. I think that IT insurance is still a field for the hucksters, companies trying to make a name for themselves, and businesses who are willing to (or need to) play the luck of the dice. If you’re a main stream company, you’re probably better off taking the money from your insurance policy and investing it in tighter security at your company. Of course, IT security usually doesn’t look as good to a C-level officer.