NEW PROGRAM AIMED AT RISKS IN E-COMMERCE

A new insurance and loss control consulting program is aimed at helping companies doing business on the Internet minimize the risk of disruption to electronic commerce.

Sedgwick Inc. and International Business Machines Corp. announced a joint effort last week that will tie first- and third-party insurance coverage placed by Sedgwick around a broad array of IBM consulting services.

Sedgwick and IBM are in negotiations with a national insurer to underwrite the risk transfer portion of the comprehensive program and hope to announce which company it is within the next 30 days.

The program will be marketed by late October to U.S.-based companies wanting to sell products or services on the Internet, as well as technology companies servicing the Internet. The program will be rolled out in Canada and Europe by the end of the year.

Ronald J. Kutella, president and chief operating officer for Sedgwick Inc. in Memphis, Tenn., said in a teleconference that he anticipates the limits of coverage will be between $5 million and $15 million with the ability to layer blocks of excess coverage above that.

The Internet holds "enormous opportunity" for companies wanting to conduct business in cyberspace, Emily Q. Freeman, senior vp of Sedgwick of Oregon Inc. in Portland and product development specialist for Sedgwick Technology Group, said during an interview. Along with that opportunity, however, comes a new array of risks for employers.

"Computer viruses are only the tip of the iceberg," Ms. Freeman said. While the traditional insurance marketplace provides some coverage for business interruption and liability associated with computer security breaches, there are many gaps in these policies.

"Traditional policies just don't bring this all together," she said.

The Sedgwick/IBM program provides insurance coverage for first-party and third-party losses arising from such security breaches as network hacking, viruses and electronic thefts, and also includes a broad array of risk assessment and risk control services, which can be bundled or unbundled, Ms. Freeman explained.

Initially, IBM will preform an e-commerce "health check" on prospective clients, evaluating a company's Internet-based activities and internal computer network to define the scope of its exposures.

Depending on the severity of those exposures, various services will be recommended that may or may not include risk transfer, Ms. Freeman said.

In addition to the "health check," IBM also is offering Internet exposure workshops, claims processing guidelines, periodic e-commerce security checks, Internet emergency response, business recovery plans, investigative and forensic work and "hot site" recovery services, which ensure that if a company's Web site is down due to a security breach, a backup is immediately available.

The potential for computer security breaches came into the spotlight last month when a group calling itself HFG -- Hacking for Girlies -- hacked into The New York Times Web site, forcing the newspaper's electronic edition to shut down for nine hours.

The New York Times Co., which owns the paper, declined to comment on any losses due to the downtime or whether it had insurance to cover it (BI, Sept. 21).