The SQL Slammer attack in January demonstrated once again the kind of damage a computer virus can cause in an information economy. It froze many of the Bank of America's ATM machines, disrupted the Web sites of American Express Co. and Countrywide Financial Corp. and caused problems in Continental Airlines' ticketing system.

Such viruses aren't uncommon. Ninety percent of companies surveyed in 2002 by the Computer Security Institute and the FBI had detected computer security breaches in the preceding 12 months. But so far, there's been little demand for insurance that covers the damage such attacks could do to companies' systems and data or the data of their customers. Brokers estimate that in 2002, companies bought just $100 million to $200 million of such insurance, in contrast with estimates on potential losses in the billions.

Brokers say the rising premiums companies are paying on existing commercial property and casualty policies have discouraged them from considering new coverage, and some actually incorrectly assume those policies cover them for cyber loss, despite recent efforts by insurers to add wording to make it clear that those kinds of losses were not covered. Brokers also cite a lack of communication between information technology personnel and risk managers and the fact that executives often fail to realize how much of their company's business now depends on computers and the Internet.