COMPANIES URGED TO TAKE HOLISTIC APPROACH TO CYBER-SECURITY

FOR IMMEDIATE RELEASE

Contact:
Frank Catanzano
(412) 374-2574
catanzf@westinghouse.com

--Internet Security Alliance Conference Addresses Total Risk Management, Loss Prevention--

WASHINGTON, DC, May 29, 2002 -- In a presentation at the recent Internet Security Alliance (ISAlliance) Conference, held in Myrtle Beach SC, Robert D. Wice, AIG eBusiness Risk Solutions, urged companies to take a more holistic approach to cyber-security.

Cyber-security problems have cost companies billions of dollars due to lack of a clearly defined and implemented Internet security policy, according to Wice, AIG`s Manager of Underwriting. A CSI/FBI 2001 study reported that the average company loss is $2,000,000 due to vandalism and denial of service attacks.

Wice believes specific strategies can help companies avoid cyber-security breakdowns. He recommends that companies concentrate on specific building blocks of risk management. Personnel must be educated about Internet security and familiar with the company`s security policies. A crisis management team should be in place and active. Ensuring that the company`s technology is up to date can prevent security problems. By strengthening foundations within the company, security breaches can be avoided.

According to Wice, enforcing a total risk management program greatly reduces the chance of a security problem within the company. By enforcing a loss prevention service the company can analyze, mitigate and prevent legal liability and damage from a cyber-attack.

Wice considers uninsured companies extremely vulnerable to cyber-security breaches as the number of risks increase and become more severe. Some of the first-party losses include corruption or loss of data, business interruption, repair costs, extortion costs, damage to reputation and loss of market capitalization. Additional risks that have resulted with the "new economy" include web content liability such as libel, slander and trademark infringement; professional errors and omissions liability and network security and liability loss.

The use of traditional insurance concerning cyber-security has created widespread problems. Nearly every court has ruled that data is not tangible property, leaving companies who have invested in traditional insurance financially devastated. By acquiring specific cyber-security risk insurance the company takes the financial loss off of its balance sheet and onto a third party`s.

IRCE 2008 Conference Multi-Media CD-ROM

According to Wice, Internet risk insurance is expected to grow to $2.5 billion by 2005. Over 90 percent of risk managers believe that network security is a risk management issue, which must include insurance.

The conference was the ISAlliance`s first gathering of its more than 30 members to focus on a number of key policy items to form a member-driven legislative and advocacy agenda. Discussions addressed the Patriot Act of 2001, data sharing legislation, public sector investments in information assurance, Internet crime legislation, international collaboration, and liability and risk management issues. In addition, the ISAlliance is working to identify the proper role for industry to play with regards to Homeland Defense and other related agencies (CIAO, DOD, etc.) Future meetings for the Internet Security Alliance will take place in the coming months.

About the Internet Security Alliance
The Internet Security Alliance (www.isalliance.org), was created to provide a forum for information sharing and thought leadership on information security issues. It represents industry`s interest before legislators and regulators and aims to identify and standardize best practices in Internet security and survivability. The alliance is a collaborative effort among Carnegie Mellon Universitys Software Engineer Institute (SEI) and its CERTO Coordination Center (CERT/CC) and the Electronics Industries Alliance (EIA), a federation of trade associations. For more information, visit www.isalliance.org, call Don Skillman at (703) 907-7093 or send e-mail to dskillman@eia.org.

# # #