Especially for businesses that depend heavily upon the Internet or function primarily as IT service providers, computer viruses can destroy entire networks of PCs, hard drives and disk drives. The virus may not only affect the business itself but also its customers, making the business liable for any loss of the customer's data and/or equipment. Fortunately, a business can protect itself in case of damage and loss caused by computer virus, but it first must properly be informed of possible pitfalls in its current policy and what choices would provide a better defense in the Internet Age.
Under the usual first party or third party business insurance policy, a business may not be properly insured against virus damage and loss. In fact, in 2001, the Insurance Services Office, Inc. altered the standard form commercial general liability policy to specifically prohibit covering electronic data under "property damage." Therefore, most current business liability insurance policies have continued to follow the narrowly defined terms of "physical loss or damage" and "property damage" to exclude any loss of electronic data due to computer virus. Insurers usually do not imply and will even deny coverage of loss due to virus under property insurance policies. Unless the damaged components relate to the computer's hardware, the usual insurance policy will most likely not cover it, and even trying to prove just physical damage is difficult enough. The courts do not recognize that the loss of data through virus corruption and the loss of data by physical damage to the computer system produce the same harmful cost in the end.
A computer virus can cost a company several hundred thousand dollars in repairs, income loss, public relations mending, lost information and data stolen by unauthorized sources. Companies most at risk are those that provide computer-related services to customers or handle transactions online. Some preventative measures that can be taken to reduce the risk of virus include anti-virus software, firewalls, plus intrusion detection software and security policy implementation. A business should also properly insure this risk through self-insurance, a general business liability insurance policy with the addition of covering electronic data loss and/or a stand-alone e-business or cyber liability policy with the addition of an insurer's duty to defend.
Most importantly before taking any action, a business should assess what parts of the company depend heavily upon Internet usage, how often the Internet is used, the extent of its vitality to the company, what company information is stored electronically, and if the business is focused on providing computer services to customers. It then should understand what its current policy includes and excludes and contemplate if a stand-alone insurance policy would work best to cover the risks that accompany Internet usage. Businesses must realize that while significant advantages exist to e-commerce and communication and its continual expansion, this also means that the risk and cost of computer virus continues to grow as well and should be properly insured.