In response to the increase in website attacks, the traditional insurance industry has adapted to provide new versions of “cyber insurance”. The insurance, which has been available for several years, has provided protection for network outages and theft in the past, but now can cover payments to website extortionists and security breaches. In an interview with Time Magazine, Kevin Kalinich, managing director of Aon Financial Services, says that written premiums for this new class of insurance exceeded $200 million in 2005.
Before offering this type of financial protection, the insurance companies assess both the likelihood of attack and the monetary damages likely to be incurred from the attack. This not only determines a company’s insurability, but also how much of a premium they will pay. Small and medium sized companies usually just fill out questionnaires detailing their network infrastructure and previous attack history. However larger companies, who may be faced with multi-million dollar extortion attempts, typically have to deal with an independent assessment.
Insurance policies that cover cyberextortion have been available since around the late 1990s. Perhaps the most famous case of extortion from that era was when a group of hackers tried to extort $200,000 from Michael Bloomberg in return for not exposing security holes in his website.