THE NEW economy is creating new opportunities for agents and brokers who are prepared to seize them. That's because while e-commerce businesses might operate in a "virtual" world, the losses to which they are exposed are all too real. Specialized ecommerce policies have been developed to cover them.

Providing such coverage to these businesses has become an important, and growing, mission at Hamilton Dorsey Alston, a large privately held brokerage. HDA's technology practice group, of which I am a member, provides insurance and risk-management services to an array of high-tech businesses, including about 75 e-commerce accounts.

Many of our clients and prospects for e-commerce insurance are "dotcom" start-ups with significant venture-capital backing. They include both business-to-consumer and business-to-business Web sites. We also insure Internet portals, Internet service providers and Web-site hosting services. All of these entities depend heavily on their virtual-business models. In other words, if they lose their presence on the World Wide Web, their business comes to a halt.

Our main way of prospecting for such clients is by obtaining referrals from centers of influence, including venture capitalists, accountants, consultants and attorneys. I've also obtained referrals from an organization that provides the services of an interim chief financial officer to start-ups looking for such assistance. These centers of influence are of great importance to new e-business concerns, and they are viewed as extremely credible sources of advice about a range of issues, including insurance.

Cultivating relationships with the centers of influence often starts with a bit of cold-calling. We introduce ourselves and offer to take the attorney, accountant or other professional to lunch. Subsequently, we provide information demonstrating our expertise in providing risk-management and insurance services to technology accounts, including e-businesses. Venture capitalists, in particular, have a vested interest in ensuring that their clients have proper coverage. Often, they sit on the boards of the start-ups they are helping to finance. Consequently, they want to be certain that these businesses have quality directors and officers liability insurance, and all other necessary coverages and risk-management services. We're in a position to provide them. Of course, a relationship with a center of influence is a two-way street, so we provide referrals as well as receive them.

In the course of cultivating relationships with centers of influence, Hamilton Dorsey Alston sometimes hosts or sponsors social activities or other events. When we host such an event for, say, an accounting firm, we attempt to introduce all of the producers of the technology practice group to as many of the firm's partners or associates as possible. Our objective is not to have individual producers develop exclusive relationships with these organizations, since they typically are in a position to refer more business than any one broker can handle. Rather, we try to acquaint each member of the firm with the entire technology practice group, so he or she can make referrals to the appropriate producer at the appropriate time. Once a month, all the producers in the technology practice group get together to compare notes about our interactions with our centers of influence and to determine how we can make better use of this important resource.

We don't just rely on having centers of influence contact us when they think of or discover e-commerce prospects. We sometimes also show them lists of potential prospects to see if they recognize any of the businesses and know anything about them. There are many sources to which we can turn for such leads. For starters, there is more information about local e-businesses in trade publications and on Internet sites than we have time to read. As we gather the leads, we load them into a sophisticated database management program. Any lead being pursued is appropriately coded. Before approaching a new prospect, each producer first checks the database to make sure one of the other producers isn't already calling on it. As producers identify "unclaimed" prospects that appear to have potential, they try to determine whether one of our centers of influence knows the prospects and can arrange a referral. That approach is more productive than simply picking up the phone and calling the prospect for an appointment.

In addition to working with our centers of influence, we try to promote our brokerage and its producers in various other ways to e-commerce prospects. We advertise in a number of regional technology magazines and are active in local technology associations. (I sit on the board of one of them.) The other producers and I also speak before ecommerce groups, where our brokerage's name typically is highlighted on the program. For instance, I recently spoke about e-commerce insurance at a meeting of the Georgia Electronic Commerce Association.

We attempt to qualify our e-commerce prospects before approaching them. Our objective is to partner up with businesses that are good candidates for growth. (For instance, one of my accounts has increased its workforce to 60 employees from three in the past 12 months and is expecting to generate $25 million in revenue this year.) To meet our objectives, we look for businesses that already have attracted venture capital and that have credible business plans. Naturally, the opinions of our centers of influence often determine whether we will pursue a particular account. We also look for prospects that regard insurance and risk management as more than a commodity business. Most good brokers can quickly tell whether a prospect's focus is strictly on price rather than on such factors as product, service and a broker's professionalism.

In setting appointments, we try to get as high in the organization as possible. Consequently, we most often meet with the CEO or CFO. Typically, our referral sources contact prospects in advance to introduce us, which helps us secure appointments. Our success in setting up meetings with, and subsequently obtaining the accounts of, e-commerce prospects is probably better than it is with other types of businesses, not only because of the help of our centers of influence but also because we often get in on the ground floor. We are in contact with many of these start-ups before they actually commence operations. Consequently, we often are arranging the prospect's first insurance program, rather than proposing to replace an existing one.

For businesses that already have relationships with other brokers, we sometimes find that the prospects nonetheless have not been consulted about their e-commerce exposures. In those cases, an offer to discuss e-commerce insurance can be our entree to a new account.

After we introduce ourselves, prospects sometimes ask for more information about us. When they do, we can refer them to Hamilton Dorsey Alston's Web site, where they can find information about our brokerage and articles that are likely to be of interest.

When we meet with prospects, we attempt to make an initial assessment of their e-commerce risks and, if necessary, educate them about such exposures and the products available to cover them. Broadly speaking, e-commerce businesses face two types of risks: first- and third-party losses. First-party exposures affect networks and other electronic assets that could be shut down or damaged by a breach of security. The resulting expenditures to restore networks, programs and data can be considerable. Such an event easily could result in a significant business-income loss, too. E-commerce businesses also face major third-party exposures. A Web-site host, for instance, could face claims from its customers if its network went down as a result of a security breach or a denial-of service attack, like those that were directed at several major portals and e-businesses last spring. E-businesses also can be sued for posting content that violates copyright, trademark or other intellectual property laws. A couple of years ago, standard property and general liability forms provided no coverage for such losses. While some are now beginning to afford this protection, separate ecommerce policies still are often the better option.

Once prospects determine whether they want one or both lines of coverage, we give them the appropriate application and go over it with them. The application is quite thorough-even more so than one for D&O insurance. We advise a prospect that he or she probably will need the assistance of the company's technology officer to complete it.

For first-party coverage, insurers also invariably require a prospect to undergo an audit to assess the vulnerability of the prospect's computer network. As part of this assessment, the auditors will check not only the network's "fire walls," backup systems and other security measures, but also determine whether the prospect is following appropriate policies and procedures in regard to personnel. That's because while attacks on Web sites by outside hackers have received a lot of publicity, most first-party losses actually are caused by "insiders," including disgruntled workers and departing associates attempting to gain access to customer lists or trade secrets.

Underwriters want to be convinced that prospects take security seriously and make it an ongoing priority, since new viruses and other threats arise continuously. While a prospect may have one or more employees specifically assigned to security, underwriters usually prefer to see an e-commerce company retain an outside Internet security company to monitor the network on an ongoing basis. Such thirdparty firms don't have the motives that employees sometimes have to damage a system. Among the services we can provide to clients are referrals to such firms.

Insurers quote premiums for firstparty coverage subject to a satisfactory audit. Coverage will not be bound until the audit is completed, and the initially quoted premium can be adjusted up or down, depending on what the audit discloses. At the discretion of the underwriter, a new audit may be required at renewal, especially if there have been significant changes in the size or nature of the insured's e-commerce operations.

An audit can cost $10,000 or more, and a prospect pays for it separately from coverage. Consequently, an audit can become a stumbling block to making the sale. To prevent it from becoming one, I stress than an audit is a good "insurance policy" in and of itself. If a company is concerned about the security of its e-commerce business, it should want an unbiased, professional evaluation of its security regardless of whether it ultimately decides to purchase insurance. The audit either will confirm that the company's security is adequate or point out its weaknesses. Either way, the cost of an audit is money well-spent.

Of course, companies that readily agree to an audit obviously are excellent prospects for e-commerce insurance. If the results are favorable, the sale's close maybe more or less automatic.

Depending on the scope of coverage sought, third-party insurance may or may not require an audit. If the concern is security-related-e.g., that an e-commerce company's clients might sue it for interruption of service because of a security breach-an audit likely will be required. If the concern is more related to business practicese.g., that failure to get proper authorization to post content on a Web site could lead to litigation over copyright infringement-an audit might not be necessary.

Most of my clients are fairly new businesses and growing. The largest limit I've written so far has been $5 million on a combined basis. The annual premium for one such account, which has about $25 million in annual revenue, was $65,000, while the cost of the required audit was $15,000.

Most e-commerce coverage is written with self-insured retentions of $25,000 or more. The policies, as I explain to clients, also have "stupidity" exclusions. For instance, damage to a network caused by an insured's own programming errors typically is not covered. Insurers do not want insureds to regard coverage as a substitute for hiring competent staff.

Markets

First- and third-party coverages can be provided in a variety of ways. Some insurance carriers write each coverage separately (or only one or the other); others will package the two in various ways. For instance, combined first- and third-party coverages can be obtained with separate limits in some instances or with a single limit in others.

E-commerce coverage is available from both standard and E&S companies. Some of the E&S insurers simply are new companies that haven't been around long enough to file for admitted status in all states. Although a growing number of carriers and intermediaries are getting into the field, the marketplace for e-commerce insurance is still limited. Among the markets that we often check for e-commerce insurance are American International Group and INSUREtrust. com, an intermediary.

E-commerce insurance can be a profitable coverage to sell. Often, it leads to sales of other products, too, including property, D&O and E&O. It's vital, however, that a producer in this field thoroughly understand the coverages and be able to explain them to clients and prospects. An agency or brokerage also must do the necessary research to identify, and establish relationships with, the markets that can cover e-commerce risks. The upshot is that both the producer and the brokerage must be committed to this field. That's the key to netting desirable 'Net business.