September/October 2001

BY LAURA GUEVIN

The ASP Industry Consortium recently announced an insurance program specifically for ASPs, and several insurance companies are also beginning to offer protection for this growing market segment. The program sets up a framework for some of the important areas of coverage for any ASP, and works in tandem with InsureHiTech, a brokerage specializing in protecting "New Economy" companies against the inherent risks of Web-based enterprise. Coverage is provided through AIG netAdvantage, a product suite offered by American International Group (AIG). The netAdvantage suite of liability insurance offers an option to complement existing errors and omissions coverage, which protects against wrongful acts committed in the performance or non-performance of services. It also provides an option that includes actual errors and omissions coverage. Policies range from $1 million to $25 million, and deductibles begin at $50,000. Consortium members receive a discount on premiums.

Key coverage areas of the netAdvantage suite include:

• Media liability coverage for protection against liability from Web content;
   
• Professional liability coverage, including errors and omissions;
   
• Security liability for protection against computer attacks, unauthorized use or access, and malicious code;
   
• Extortion coverage for protection against threats to commit a computer attack or security breach for financial gain;
   
• Asset and income protection;
   
• A criminal reward fund, offering rewards of up to $50,000 for information leading to arrests and convictions of cyber criminals; and
   
• A crisis management fund for coverage of up to $50,000 for public relations expenses related to claims covered by the policy.

The Consortium also plans to sponsor annual security seminars that will feature sessions on insurance, as well as publish white papers and insurance-related articles to educate Consortium members.

OTHER OFFERINGS
While most ASPs carry property and general liability insurance policies, losses caused by hackers, security breaches, and third-party lawsuits for denial of access or service are often excluded from those policies. A network security policy, on the other hand, covers those types of losses as well as those caused by viruses, cyber extortion, and professional errors. J.S. Wurzler Underwriting Managers offers a Web Site Insurance & Security Program (WiSP), developed for syndicates of Lloyd's of London, which covers loss of revenue, extra expenses, additional operating costs, intellectual property recovery, public relations fees, computer virus cleanup, and theft of credit card data. WiSP Crime and Intranet Insurance may also be added, covering employee dishonesty, malicious acts, intruder theft, and extortion.

The Chubb Insurance Group also offers policies protecting against first-party losses from virus damage and business interruption, as well as third-party losses like lawsuits based on hosting problems or denial of access or service. And BMC Software recently announced an agreement with INSUREtrust.com to offer an e-vailability insurance program for ASPs. The program addresses the ability of customers and partners to access e-business applications when desired and receive a response from those applications. The insurance coverage, developed and underwritten by INSUREtrust.com, is available to ASPs that have received BMC's OnSite certification, as well as meeting INSUREtrust.com's technical and underwriting requirements. A risk assessment is also required to apply for insurance.

Qualified ASPs may also apply for the ASSUREtrust Contractual Obligation insurance policy, enabling them to broaden their commitments to SLAs through warranties to their customers, backed by insurance. ASPs will then be able to accept responsibility for making payments to customers for losses from failure to meet e-vailability guarantees.

Network outages, lapses in service, and security problems are facts of life for ASPs. And while service providers may not be able to address and correct these problems on the spot, it's clear that the time has come for them to accept responsibility for these issues. As service level agreements and guarantees become more complex and the realm of hosted services continues to grow, ASP insurance makes sense as a means to not only protect service providers, but to protect their all important customers.

[ Return To The September/October 2001 Table Of Contents ]