Each year, he added, more and more agents are embracing e-risk as being “in the set of standard risks that they need to think about when giving good advice to a client.”

But the agent needs to be prepared to walk the client through the thought process, he said.

“First of all, agents need to raise the whole issue of e-risk with the risk manager [or insurance buyer or finance person] because a lot of times its not even on the table,” he said.

The agent can say to the client that its important to think about the risk and at least talk about where the buyers operations may be exposed, he added.

David ONeill, vice president, e-Business Solutions, Zurich North America, Baltimore, affirmed the first step in the risk management process is awareness.

“A lot of people in the past thought, Hey, we dont really sell anything online,” he said. “Thats completely wrong. Its not only about online sales, although that can be part of it.”

Once a company has a network and has “connectivity to the outside worldthe most rudimentary form being e-mailit has exposure” and could be hit financially if its systems go down, Mr. ONeill said.

“One of the things that were seeing is a growing reliance of even the smallest entity upon their computer systems,” said Robert Parisi, chief underwriting officer for American International Groups eBusiness Risk Solutions unit in New York.

Mr. ONeill said another step in the risk management process is risk assessment, which involves understanding the causes and losses related to their exposures. Then once the assessment is complete, Mr. ONeill said its important to categorize exposures. “Some companies may want to self-insure and some may want to transfer the risk.”

If the client wants to transfer the risk, then the risk handling must be ascertained, he continued. “Do you want to do that with an insurance policy? Do you want to try to rely upon your existing insurance policies for coverage?”

He emphasized, however, that while some people tend to believe they have coverage with other policies this may not be the case and a standalone e-commerce policy may provide more certainty in the coverage.

Chris Cotterell, director of Safeonline, a London-based broker and wholesaler with an office in Mason, Mich., said its important that a companys e-risk is properly assessed so the right coverage can be purchased. For example, a company with simple e-mail access, which is only exposed to e-mail liability and e-mail abuse, wont want to buy the same coverage as a company that sells products or services online or one that relies totally on the Internet for its business.

Mr. ONeill said another step in the risk management process is loss control (a process that is facilitated initially via a security check provided by some carriers, including Zurich, online).

“Depending upon how extensive the network is, we would also require an independent third party IT (information technology) security audit,” Mr. ONeill said. “The goal for us is to have as much information [as we can] so we can put our hands around the exposure and to structure the best insurance policy we can.”

In the loss control area, St. Pauls Mr. Latto said the agent can help the risk manager and the company view e-risk not just as a technical issue.

“Its not just for propeller-head software coders in the backroom configuring the firewalls,” he said. “Its about softer issues too, like employee awareness and training, and the development of corporate policy to guide employee conduct in use of computer internet e-mail resources.”

While there are some technical aspects connected to those kinds of programs, theyre principally “educational and communicational,” he said. “Lets say you go out and spend $1 million on the latest security-related IT infrastructure and you think youre all set. If youve got employees doing stupid things like not securing their workstations at night or using dumb passwords, it doesnt matter that youve spent that money. You might as well not even have the security system.”

He said its akin to getting a steel reinforced front door and failing to lock it. “You might as well have a screen door.”

Mr. Latto noted that agents can also help break down the silos that tend to exist between risk management, insurance people or the finance people on the one side of the company and the IT people on the other side of the company.

“Our studies have found that there tend to be those silos in companies and that the people in the silos tend not to talk to each other and tend not to work together, even though at the end of the day theyre really doing the same thingthat is protecting the company against risk and loss and lawsuits and down time, etc.,” he contended.

The agent can help the client see that e-risk is a senior executive or a boardroom level issue, he suggested, given the recent emphasis on corporate governance and the greater personal accountability of executives and board members.

Mr. ONeill at Zurich affirmed that the e-risk analysis process is very collaborative. He said that brokers should work not only with the people involved in insurance buying decisions at client companies, but also with other people within the operation as well, such as IT professionals, who may have different views on risk management when it comes to the network.

Reproduced from National Underwriter Property & Casualty/Risk & Benefits Management Edition, June 30, 2003. Copyright 2003 by The National Underwriter Company in the serial publication. All rights reserved.Copyright in this article as an independent work may be held by the author.