Security Becomes a Business Requirement for eCommerce Companies, According to IDC

FRAMINGHAM, MA – MAY 3, 2000 – The well-publicized attacks on Yahoo!,, CNN, and other popular Web sites earlier this year have placedincreased focus on the need for Internet security, and generated renewed interest in the Web site insurance concept. According to IDC, the cyber attacks and all the headlines they generated will represent an inflection point in the evolution of Internet security.

"Dealing with security in a reactionary manner is no longer adequate," said Abner Germanow, research manager for IDC's Internet Security research program."Security is now a core business requirement, and companies that continue to regard security as a necessary evil will be forced out of business by companies who use security technologies to launch high value applications."

The economic impact of a Web site disruption can vary widely. It is clear, however, that organizations relying on Web transactions alone for revenue are vulnerable to potential losses from both lost transactions and an erosion of customer confidence. Regardless if these disruptions are the result of cyber attacks or network problems, the most forward-looking enterprises and service providers are now looking to mitigate their online risks with a comprehensive solution that offers a mix of technology, specialized consulting services, and insurance policies. In fact, insurance underwriters are now beginning to offer policies through a network of agents that enable policy holders to recover verifiable business losses resulting from e-crime.

While insurance policies may be able to minimize the hard-dollar financial loss of a cyber attack, insurance cannot repair the subsequent damage to a vendor'sreputation and the erosion of customer confidence that often accompanies such an attack. "An insurance policy alone is not sufficient protection against thewide-ranging risks emanating from today's largely unregulated cyber world," warned Richard Dean, program manager for IDC's Network Support and IntegrationServices research. "However, a Web site insurance plan supported by a tangible and interrelated security consulting, integration, and monitoring program doesprovide a maximum level of protection."

In response to customer demands, IT vendors and security firms are now partnering with insurance companies to provide security consulting and management services packaged with an insurance policy. IDC believes security consulting and management services are valuable because security is an ongoing,evolutionary process.

"IDC has long maintained that security must be a consideration at every step of the development process," Germanow said. "Best practice security also demands regular attention to stay on top of the stream of new vulnerabilities that appear almost daily."

IDC recently published two reports that discuss Web site security and insurance. When Bad Things Happen to Good Web Sites (IDC #B21900) analyzes how the increased attention to security will impact corporate Internet strategies, the software industry, and the hacker community. eBusiness Security Strategies: Can an Insurance Policy Manage the Risk of Cyber Terrorism? (IDC #B21837) analyzes the Web site insurance concept and the partnerships developing between insurance companies and security services vendors. The report includes snapshots of, J.S. Wurzler, and insurance available to Hewlett-Packard's mission-critical customers. To purchase either report, please contact Cheryl Toffel at 1-800-343-4952, ext. 4389 or at

About IDC

IDC delivers dependable, relevant, and high-impact data and insight on information technology to help organizations make sound business and technologydecisions. IDC forecasts worldwide IT markets and technology trends and analyzes IT products and vendors, using a combination of rigorous primary research and in-depth competitive analysis. IDC is committed to providing global research with local content through more than 500 analysts in 43 countries worldwide. IDC's customers comprise the world's leading IT suppliers, IT organizations, and the financial community. Additional information can be found at

IDC is a division of International Data Group, the world's leading IT media, research, and exposition company.

All product and company names may be trademarks or registered trademarks of their respective holders.


Recent News

If you would like to interview an IDG employee or quote an article in your news coverage please fill out the form below: