It's time for ASPs to start looking out for themselves and
their futures, and one sure way to do that is to purchase an
insurance policy that covers losses from lapses in service
and breaches in security. Now that service level agreements
(SLAs) have become a standard of negotiations for hosted
services between customers and service providers, ASPs are
finding it necessary to protect themselves in the event of
downtime, failure to deliver a specified service, or other
problems which would cause a gap in service delivery to
their customers. In fact, many customers are even demanding
that their service providers carry coverage, and are
negotiating it as a provision of the SLA.
The ASP Industry
Consortium recently announced an insurance program
specifically for ASPs, and several insurance companies are
also beginning to offer protection for this growing market
segment. The program sets up a framework for some of the
important areas of coverage for any ASP, and works in tandem
with InsureHiTech,
a brokerage specializing in protecting "New Economy"
companies against the inherent risks of Web-based
enterprise. Coverage is provided through AIG
netAdvantage, a product suite offered by American
International Group (AIG). The netAdvantage suite of
liability insurance offers an option to complement existing
errors and omissions coverage, which protects against
wrongful acts committed in the performance or
non-performance of services. It also provides an option that
includes actual errors and omissions coverage. Policies
range from $1 million to $25 million, and deductibles begin
at $50,000. Consortium members receive a discount on
premiums.
Key coverage areas of the netAdvantage suite include:
- Media liability coverage for protection against
liability from Web content;
- Professional liability coverage, including errors and
omissions;
- Security liability for protection against computer
attacks, unauthorized use or access, and malicious code;
- Extortion coverage for protection against threats to
commit a computer attack or security breach for
financial gain;
- Asset and income protection;
- A criminal reward fund, offering rewards of up to
$50,000 for information leading to arrests and
convictions of cyber criminals; and
- A crisis management fund for coverage of up to $50,000
for public relations expenses related to claims covered
by the policy.
The Consortium also plans to sponsor annual security
seminars that will feature sessions on insurance, as well as
publish white papers and insurance-related articles to
educate Consortium members.
OTHER OFFERINGS
While most ASPs carry property and general liability
insurance policies, losses caused by hackers, security
breaches, and third-party lawsuits for denial of access or
service are often excluded from those policies. A network
security policy, on the other hand, covers those types of
losses as well as those caused by viruses, cyber extortion,
and professional errors. J.S.
Wurzler Underwriting Managers offers a Web Site
Insurance & Security Program (WiSP), developed for
syndicates of Lloyd's of
London, which covers loss of revenue, extra expenses,
additional operating costs, intellectual property recovery,
public relations fees, computer virus cleanup, and theft of
credit card data. WiSP Crime and Intranet Insurance may also
be added, covering employee dishonesty, malicious acts,
intruder theft, and extortion.
The Chubb Insurance Group
also offers policies protecting against first-party losses
from virus damage and business interruption, as well as
third-party losses like lawsuits based on hosting problems
or denial of access or service. And BMC
Software recently announced an agreement with INSUREtrust.com
to offer an e-vailability insurance program for ASPs. The
program addresses the ability of customers and partners to
access e-business applications when desired and receive a
response from those applications. The insurance coverage,
developed and underwritten by INSUREtrust.com, is available
to ASPs that have received BMC's OnSite certification, as
well as meeting INSUREtrust.com's technical and underwriting
requirements. A risk assessment is also required to apply
for insurance.
Qualified ASPs may also apply for the ASSUREtrust
Contractual Obligation insurance policy, enabling them to
broaden their commitments to SLAs through warranties to
their customers, backed by insurance. ASPs will then be able
to accept responsibility for making payments to customers
for losses from failure to meet e-vailability guarantees.
Network outages, lapses in service, and security problems
are facts of life for ASPs. And while service providers may
not be able to address and correct these problems on the
spot, it's clear that the time has come for them to accept
responsibility for these issues. As service level agreements
and guarantees become more complex and the realm of hosted
services continues to grow, ASP insurance makes sense as a
means to not only protect service providers, but to protect
their all important customers.
[ Return
To The September/October 2001 Table Of Contents ]
|