In today’s technology-driven business environment, companies of all sizes are subject to risks that weren’t imaginable just five years ago. Every company today relies on the Internet. As a result, all companies are Internet companies.
As businesses have become more dependent upon technology, the risks have increased exponentially. In most cases, these liabilities are not addressed by traditional insurance policies. Consequently, insurers have developed new types of policies to respond to technology risks.
Traditional Policies Rule Out Tech Risks
It’s important to realize that, in most cases, the traditional commercial general liability (CGL) policies stop short of addressing technology risks. Likewise, first party property damage policies, crime policies, and business interruption policies were not created to protect companies from risks associated with technology. These types of policies are geared toward covering the loss of tangible property. With rare exceptions, traditional policies do not cover losses of computer data, no matter how catastrophic or debilitating that loss might be.
These policies are also limited in that crime policies generally do not cover damages caused by employees of the business. Damage caused by those outside of an organization – most notably “hackers” – is also not covered by traditional crime policies.
A close look at property and business interruption policies will frequently show that they cover very specific losses. These policies may not respond to a technology related liability claim that can’t be linked to perils named in the policies like fire, theft, or windstorms.
In addition, a business interruption policy usually doesn’t cover losses unless the business suffers a total and complete interruption. These policies do not cover the substantial losses when critical servers crash for just an hour.
Liability coverage for lawsuits also falls short of addressing technology risks. For example, the CGL covers bodily injury or tangible property damage suffered by others. While it is possible to conceive of a technology-related bodily injury claim, such as the website visitor who takes negligent medical advice from an Internet site and suffers injury as a result, such a claim would be rare. More common would be intangible claims such as invasion of privacy claims.
Technology Risk Insurance Policies: What Do They Cover?
All technology businesses would be wise to seek advice about the following types of coverage:
* Network Security
* Media Liability
* Extortion and Crime
* Intangible Property Loss
* Business Interruption and Loss of e-Revenue
These coverages have become available as the technology risk insurance market has grown. Insurance is now available for the following risks:
Hacker Coverage: Primarily covers the unauthorized access or use of the insured’s systems causing damage directly to the insured. This includes the unauthorized access or use of the insured’s computers, transmission of computer viruses to others, and the improper acquisition, destruction or disclosure of private client information to third parties.
Third party network security claims: Third party network security claims often result from inadequate network security. Such claims include third parties who suffered a denial of service or virus originating from the insured’s system. Coverage would also be afforded to the insured for third party claims where systems were used as a conduit by outsiders for a denial-of-service attack or virus transmission.
Media coverages: These include third party defamation claims for libel or slander, but go further to provide a defense and indemnity in connection with claims involving privacy violations. Some cyber-liability policies also provide coverage for intellectual property claims, such as patent, copyright and trademark infringement claims against the insured. In light of the fact that intellectual property litigation can be time consuming and expensive, the value of such coverage for businesses cannot be over estimated.
Cyber-extortion and crime coverage: This has become a feature of many policies, especially since the incident earlier this year involving CD Universe. In the case of CD Universe, a hacker obtained access to the database of customer names and credit card numbers maintained by this e-tailer of music CDs. The hacker then held this information hostage. When his ransom demand was not met, the hacker published this information on the Internet. If CD Universe had a policy providing crime and cyber-extortion coverage, it would have paid for the expenses of private investigation and a reasonable ransom demand. Some cyber-liability policies will post a reward for information leading to the arrest of a cyber-criminal, and also allocate funds for public relations and crisis management services in the wake of incidents such as the one involving CD Universe.
Coverage for loss of intangible property: This recognizes the importance of information to businesses relying upon technology. Loss of critical accounting information and trade secrets, including customer and supplier information, due to power interruption, catastrophic data loss or other cause may be a feature of a technology risk or cyber-liability policy. Business interruption coverage is also much broader than under traditional policies. Business interruption under most cyber-liability policies covers direct business interruption where the insured loses revenue generated from on-line transactions due to an attack on its system, as well as dependent business interruption where the insured is unable to transact business due to an attack or failure of a business dependency. In addition, business interruption coverage can apply to an interruption that falls short of a total and complete interruption to the business for an extended period.
Choosing whom to consult for technology risk insurance is an important decision. These policies are new and confusing to insurance agents who are used to selling traditional property or automotive coverage. The policies differ substantially, and coverages vary. It is critical that technology companies seeking insurance to cover their technology risks consult with a broker or agent that understands this new area of insurance.
Companies should look for a broker with a portfolio of technology accounts. The agent should also have access to policies offered by several different companies who are underwriting technology risk insurance. Of course, an understanding of the risks presented by the Internet and technology is essential for any agent who sells this insurance.
It is important to emphasize that technology risk insurance coverage is not a substitute for certain traditional insurance policies such as directors’ and officers’ insurance, or employment practices insurance. However, where traditional insurance falls short in today’s economy, a technology risk policy can complete the picture and guard against loss in ways that traditional insurance cannot.
Joel B. Rothman is a shareholder of Seiden, Alder, Rothman, Petosa, & Matthewman P.A., a Florida law firm, and is also the founder of techrisk.org, a discussion group on technology risk management and insurance. This column first appeared on Newmedia.com, an internet.com site.