Insurance

On July 31^st, 2008, Dan Kaplan published an article in SC Magazine – For IT Security Professionals titled, Senate Oks Revamped Indentity Theft Legisltation. This was a very interesting article about proposed legislation which could make internet liability all that more important, and could raise the premiums some. If you would like more information about how to protect your company with an internet liability or cyber liability insurance policy, please contact me, Andrew Cohn at alcohn@wwfins.com or (305) 666-6636 x. 132. Here is the article from SC magazine's Dan Kaplan:

An amended bill that would impose harsher restrictions on cyberattacks and allow identity theft victims to recoup costs in federal court passed the Senate on Wednesday.

The legislation, known as the Identity Theft Enforcement and Restitution Act, is included in a U.S. House-approved bill that states that former vice presidents would receive U.S. Secret Service protection. The combined bill will now return to the House for consideration.

The bill, co-sponsored by Sens. Patrick Leahy, D-Vt., and Arlen Specter, R-Pa., had unanimously passed the Senate in November but had stalled in the House.

This bill allows ID theft victims to recoup costs associated with the loss of time and money spent restoring their credit standing.

The law also lowers the bar for what is prosecutable as a felony. The bill eliminates the requirement that sensitive information must have been stolen using a computer through interstate or foreign communications, meaning criminals can be more easily prosecuted if they hack a computer in the same state.

The bill also would make it a felony to use spyware or keyloggers to damage 10 or more computers, regardless of the amount of destruction caused. It would eliminate a requirement that attacks resulting in less than $5,000 worth of damage be classified as misdemeanors. This component of the legislation would speak to the growing problem of bots, or zombie computers, that are remotely controlled to send spam and deliver malware.

Under the proposed law, the definition of cybercrime also would be expanded to include cyberextortion cases, where malware is removed or DDoS attacks halted in return for a ransom.

"The Senate's action moves us in the right direction to provide critical tools to combat cybercrime and to protect the privacy of all Americans," Leahy said in a statement released Thursday. "I hope the leadership in the House will quickly act to pass this legislation and send it to the president for signature."

Leahy's optimism may be justified, said Tim Bennett, an independent consultant and former president of the Cyber Security Industry Alliance, a trade group that has since merged with the Information Technology Association of America.

Bennett told SCMagazineUS.com on Thursday that it is a good sign to see legislation pass through the Senate, whose bipartisan nature has served as a major stumbling block for legislation in general this year.

"I think something as nonpartisan as this, there's probably going to be a lot of interest seeing this move through to a presidential signature," Bennett said.

Many IT security-related bills have been stalled during the last few years. Bennett said the reasons vary, from a lack of White House leadership to legislators not making it a priority.

Still outstanding: a federal data breach notification law, which has been recommended by a federal task force.