Recently, some insurers have been excluding all losses due to computer virus and system penetration (hacking and denial of service attacks) from their property coverage forms. The word on the street is that many other insurers may follow suit over the next six to twelve months.

Any property policies with these exclusions would not provide coverage for damage to hardware, software, loss of data, extra expense, and loss of business income caused by a computer virus or a system penetration. Viruses, such as Melissa, Code Red, and the latest Goner Virus have caused millions in property damage over the last several years, and experts predict further attacks are just a matter of time. System penetration attacks, also known as denial of service attacks, are also on the rise causing millions in damages to web-based businesses.

Computer-related exposures were not contemplated by the insurance industry when standard property forms were originally developed decades ago. Even Electric Data Processing coverage (EDP), a property form developed specifically to cover computers and related property, did not originally take viruses and system penetration into consideration. However, with the emergence of technology at an exponential rate, these exposures are now very much a reality. Insurers have found themselves paying out billions in claims that they had not taken into consideration at the time of underwriting. Furthermore, the insurance industry is looking to recover from the staggering losses associated with the September 11th terrorist attacks.

Information technology impacts almost all businesses, regardless of whether they are an online retailer or a manufacturer of wire coat hangers. Any networked computer system with access to the Internet has a real exposure to potential loss from a computer virus or system penetration attack. The costs associated with damaged hardware, data recovery, loss of income, and extra expense can be of disastrous proportion, depending on the level of loss prevention practiced by an insured.

The good news is that several insurance companies have developed EDP coverage forms to cover losses due to computer viruses and system penetration attacks, in addition to hardware & software. These insurers have also extended their forms to provide such coverage as internet-related personal & advertising injury. As these are non-standard forms, they will vary greatly between insurers, so businesses will need to work closely with their agents to choose the most appropriate insurer.

Moving forward, the key for businesses in addressing these issues will be to identify the potential loss exposures faced, practice solid loss prevention such as data backups and network fire walls, and to carefully select the appropriate insurer with coverage forms designed to cover these exposures. The risk, is most certainly a reality.