The Hartford Financial Services Group, which specializes in insurance for electronic commerce companies, says that business owners who think they're immune to cyber exposures because they don't operate an Internet site are making a dangerous assumption.

"The reality is that you don't need a website to have significant technology-related exposures, all you really need is one or more employees who use a computer," said Toby Levy, program manager for technology and communications for The Hartford.

Levy made his comments in a speech to insurers and agents in San Francisco last week about what he called "common electronic business insurance myths."

"If your employees access e-mail from work, or store data on a disk, you're incurring some risk," said Levy, noting that smaller businesses are particularly vulnerable because they tend not to have the systems support that larger companies have. An e-mail virus that wipes out a customer database could interrupt business for days or even weeks while that database is reconstructed, he explained.

"The good news for businesses is that some of these exposures may already be covered under a standard business insurance policy, so it's important for them to check with their insurance advisor to clarify exactly what's covered vs. what isn't, and then address those coverage gaps," said Levy.

However, not all risks can and should be mitigated by insurance, he cautioned. "Insurance is just one component of an integrated risk-management program, which also involves various loss-control practices."