Insurance is a means for sharing a risk. The insured pays the insurer (up front, through a premium, and/or when receiving reimbursement, through a deductible or other copayment) to share his risks; if an adverse event takes place, the insurance policy provides for payment to compensate for the damage or loss incurred. The business community already buys insurance for risks ranging from fire to theft as well as for protection against employee dishonesty (bonding).
To be insurable requires the following:
- A volume base for risk spreading (insurance on communication satellites has a very small volume, something that contributes to its cost);
- An establishable proof of loss;
- A quantifiable loss (e.g., the value of mailing lists and research data cannot be consistently and objectively quantified, according to insurance representatives);
- An ability to tie a loss to a time frame of occurrence;
- An ability to credit responsibility for the loss; and
- A knowable loss base.
Another factor to consider is the nature of the consequences, which influences the liability base: a computer-aided manufacturing program controlling a robot may put lives at risk, whereas a number-crunching general ledger program will not.
- "Overview" section: Computers at Risk: Safe Computing in the Information Age, at 174-75.