|
The short knocked out computers and telephones, and wiped out the short-term memory in the mainframe computers that run Ingram's online sales system. After 90 precious minutes, Ingram technicians had the mainframes back up and running. But the trouble didn't stop there. The network continued to act up, and more than six hours later Ingram finally returned to normal operations after technicians bypassed a malfunctioning switch. The outage, which started at 8 a.m. and concluded at 4 p.m., effectively ruined a full day's sales. Worse still, some Ingram customers went to competitors to fill their rush orders. All told, Ingram claims the outage cost the company $3.2 million in revenues. Money down the drain? Ingram begged to differ. In October, 1998, the company had purchased from a subsidiary of Swiss insurance giant, Zurich Financial Services, a property-damage insurance policy that covered certain business interruptions. In a novel interpretation of damages, Ingram claimed the temporary outage was a physical event as defined in the policy in the sense that the patterns of electrons that represent stored data were wiped out or altered. Zurich balked, claiming that temporary loss of functionality doesn't constitute true property damage. Filing suit and countersuit, the companies headed to court after recriminations -- but little negotiation. Ingram has won Round One. And the decision has piqued the interest of many businesses that fear damage from hackers. U.S. District Court Judge Alfredo C. Marquez handed down a summary judgment in April, siding with Ingram's argument. MAJOR TEST. The inadvertent beneficiaries of this precedent could be the scores of businesses that hope to get compensated under existing policies for damages caused by hacker attacks. The wording of Marquez' summary judgment could have wide-ranging implications for businesses operating on the Internet. Wrote Marquez in his finding: "The court finds that 'physical damage' is not restricted to the physical destruction or harm of computer circuitry but includes loss of access, loss of use, and loss of functionality." No-brainer, says Ingram. The judge "didn't declare or create some right where one had not existed before. He was simply confirming something that would be evident to any businessperson -- that information or programming in a computer has value," says Ingram Senior Vice-President Larry C. Boyd. Adds Mark K. Slater, the San Francisco attorney who represented Ingram: "This [decision] is recognition of what has been going on in the criminal context for a while now, where you have laws against hacking into computer systems and damaging them. Those infractions have major penalties attached to them." This new, evolving view of damages will become doubly important as even more businesses migrate to the Internet, further heightening vulnerabilities. The so-called Love Bug virus could prove to be a major testing ground for the new theory. Insurance insiders say companies are gearing up for big claims in the wake of that fiasco, which gummed up computer networks and caused business stoppages that resulted in hundreds of millions, if not billions, of dollars in lost sales or work efforts. The insurance companies, naturally, hope this legal assault can be headed off at the pass. Zurich plans to appeal the ruling, which could be overturned at the U.S. Circuit Court level or higher. But the Arizona judge's decision makes that a less-than-likely prospect: A summary judgment is the equivalent of a slam dunk in the legal profession. And, says Slater, fewer than one in three district court decisions get overturned on appeal. Zurich chose not to comment for this article. BEHIND A FIREWALL. Whether they prevail or not, the insurance companies should take notice. While the easy and cheap way to deal with the rise of the Internet would be to write exclusions into policies, that could prove a bad move long term. It would effectively put the insurance industry behind a firewall -- cut off from the fastest-growing sector of the economy. Some early opportunists already have picked up the scent of potential profits. About a half-dozen insurers currently offer coverage geared toward companies that rely on the Internet to do business. They have put together actuarial tables that they believe provide ways to accurately measure losses from computer interruptions and hacker attacks. True, the newcomers could lose their shirts. But they could also corner a profitable business that the industry mainstream continues to ignore. At Atlanta-based Insuretrust.com, revenues are doubling every six months, says founder and CEO Steven H. Haase. "We did more business this March than we did in the entire year before," he says. Where Haase sees opportunity, so should his bigger, more traditional brethren. The slumping insurance industry has long needed a shot in the arm, and the Internet could prove to be a hot new business transfusion. And for companies doing business on the Web, now might be an opportune time to find a lawyer and prepare for the new legal vision of property damage. Salkever writes about technology and privacy issues for Business Week Online EDITED BY BETH BELTON |
