In previous posts we discussed how an E&O policy can provide your company with a shield for various liability claims. As with all liability policies, E&O claims that are paid out will always go to a third party: the law firm providing your defense or the claimant if there should be a settlement or judgment made against you. The insurer will never make out a check with your name on it, right? Wrong. Here’s how you can get paid by your own E&O policy:
With the adoption of technology platforms (the Internet) as a source of income and the proliferation of new regulatory guidelines, businesses face many new financial risks. Most of these have, to date, gone unaddressed by traditional insurance policies. For example if your company is selling its products or services either partially or entirely over the Internet, and that channel is compromised by a hacker you will lose revenue. Even if you have business interruption coverage on your company’s standard policy, it will not respond to the loss as there needs to be physical damage to tangible property. Some errors and omissions policies now offer business interruption/lost revenue protection for security breach and other internet related losses. Another example that highlights this gap in 1st party insurance coverage (meaning the policy holder is paid by the insurer, not a third party claimant) has to do with privacy. Suppose you collect data from your clients or users and have a security incident. Almost every State now requires that you notify these users that their personal data may be at risk as a result of your security failure. Some requirements go as far as to require ongoing credit monitoring for several years. For a company with thousands of clients/users this could pose a huge financial burden. Breach notification coverage, available on some E&O policies, will provide you with the necessary funds to cover these expenses.
Errors and Omissions insurance has morphed in recent years to address risks such as those cited in the examples above. This insurance often goes by other names such as “cyber insurance” as the intent is to cover the losses associated with doing business on the Internet. As a Tech company you would be wise to have a hybrid policy that provides the liability protection of an errors and omissions policy along with the first party coverage that is found in cyber insurance. This way you transfer the risk of defense and indemnity (liability) to the insurance company – while also protecting the top line of your balance sheet.
We know that traditional Tech Errors & Omissions insurance covers failure to perform scenarios. But what about claims that are not related to the performance of a technology product or service? For example suppose you provide an internet platform that allows users to buy comic books online. You post pictures of comic book covers and characters on your website and maybe even allow visitors to read pages of the comic book. And as part of the order fulfillment you collect the home address and credit card info from your shoppers. Now suppose you do this for thousands of people. Everything is going great until the day you get a letter from Marvel's attorney with a request for damages since you were using their images, trademarks and characters without proper authorization. Or maybe the letter is from a law firm representing your irate customers, saying that your site was responsible for a series of privacy violations - and demanding millions in damages. In these scenarios your platform performed perfectly, just the way it was supposed to….so no E&O coverage, right? If you have a typical, basic E&O policy the answer would be yes. However inthe past 15 years E&O insurance policies have evolved to recognize the many additional exposures to claims that are a result of the Internet. So these "non-performance" claims can be covered by an Errors and Omissions policy. The policies provide broad protection for issues such as: privacy, copyright infringement, trademark infringement, trade dress, trade secret (yes, you can get coverage for claims that you stole someone's trade secret) and a full array of media exposure that you have as an internet
based "broadcaster" (disparagement, libel, defamation, false advertising..)
These E&O policies go by many names such as: plain E&O, CyberLiability, CyberInsurance, Internet liability and even Multi-Media insurance - and no two policies are the same. To make it even more confusing most insurers choose to brand their policies with their own names like "pro tech" or "fail safe". They can cover (and exclude) a wide variety of risks making it imperative to match the policy to your companies own unique risk profile.
Very often, the first time a company will look into errors and omissions (E&O) insurance will be when it shows up as a requirement in a client contract. The company is still young at this point, and eager to get revenue on the books - the last thing they need is to have a new expense hit the bottom line. However, if they want to close the deal and land the new client, they need to provide evidence that they have this coverage. The box must be checked! Startup E&O insurance, therefore, is purchased out of necessity and the single most important consideration is the cost. A $1million dollar E&O policy, $25,000 deductible, $1,500 premium - check.
If you're insured with Kirkwood, you may not be covered
So let's assume you get what you pay for....the cheapest possible policy will also be the most restrictive and provide the least coverage (not always the case but more on that in a future post). Knowing that, you have to recognize that the policy cannot be expected to provide a wide security blanket if something does go wrong. Privacy claims, intellectual property claims, claims made outside the US and a variety of other shortcomings are typical to "check the box" policies. As long as you're OK with that, the startup E&O policy serves a good purpose - it's just not true insurance.
The Ticking Time Bomb
Each year the company grows, adding clients, growing revenues and expanding operations. During this time the startup E&O insurance is renewed, the nominal cost may have risen, but it corresponds with the growth of your company, no biggie - many boxes have been checked at this point. Maybe you have even increased the limit to $5 million or $10 million to satisfy larger contracts. E&O? Check! But then the claim comes in - and coverage is declined. Kirkwood cites various exclusions in their policy. Now you are looking at possibly millions of dollars in defense and settlements. The future of your company hangs in the balance. You are scratching your head - you paid for insurance right? Isn't it supposed to work??
There is nothing wrong with buying an inexpensive E&O policy to get those early contracts as long as you understand the you may have inferior coverage and you are self-insuring to a great extent. But, as your company matures, you must go back to that policy and see if it still makes sense. You can probably afford to transfer more risk to an insurer, strengthen your corporate shield and protect the longevity of your organization.
By definition, Errors and Omissions (E&O) insurance covers professionals for actual or alleged errors, omissions or mistakes – caused by them or their products & services – which results in another party’s financial harm. Technology and digital media companies secure E&O insurance to safeguard against claims that the services they provide to others did not function properly. Once triggered by a suit or other demand for damages, an E&O policy will pay to defend the policy holder (pay legal defense fees) and any settlements or judgements that are made against them. This is the case regardless of whether the claim has merit or not. Put simply, an E&O policy responds to claims for a “failure to perform“.
You’ve been served
Commonly, claims come from clients who purchased a service/system and then allege that the system didn’t work, resulting in their financial loss. Let’s use the example of a client that purchases a mission critical software system to manage all of their business’s financial functions…..payroll, payables, receivable, taxes, etc…..the software promises to streamline all of these items where the client was previously using multiple platforms and vendors. Just a week after the client “flipped the switch” and started using the new system there was a crash. All of their data is lost and it takes them two full weeks to correct the problem. During this time they lose thousands of dollars recreating data, paying overtime, contacting clients, incurring penalties for non-payment of bills – and the list goes on. They sue the IT provider for all of the financial damages including their legal expenses, lost opportunity costs & loss of future revenue – and they want their money back for the faulty system which they ended up scrapping.
Insurance to the rescue
In this case if the IT provider were to submit the claim to their General Liability (GL) provider, the claim would be denied. General Liability covers claims for bodily injury & property damage – neither of which occurred in this situation. They would also submit the claim to their E&O insurer. While there is no industry standard, off-the-shelf E&O policy (every insurer has their own contract with it’s own terms, conditions, coverages, exclusions, etc) a typical E&O policy will pay the defense expenses incurred by the IT provider, along with the consequential damages claimed by the clients…..but, most likely, not the return of fees paid for the faulty system. More on this in a future post….
In the end, E&O is a risk transfer tool that companies can use to hedge against claims for mistakes made by their people or the products/services they provide.
Errors & Omissions insurance is one of the most misunderstood coverages that Technology & Digital Media companies will encounter – and with good reason. It is a coverage that goes by many different names (E&O, professional liability, cyber liability…), has no industry standard policy form (like a general liability policy, where every carrier is providing essentially the same coverage) and it changes on what seems like a daily basis. To help simplify and demystify Errors and Omissions coverage, we will provide a multi-part series of posts that cover the basics about Errors & Omissions insurance. These are the topics that we will addess in the coming weeks:
- E&O – WTF? (What’s that for??)
- E&O Insurance – Checking the box
- The E&O Trifecta – Covering Intellectual Property, Privacy and Media
- How to GET PAID by your E&O policy
- How Much does E&O insurance cost ?(& secrets to getting the cost down)
- What is involved in getting E&O Insurance?
- How E&O Claims are triggered and what happens when they are?
- The 5 Most Important Considerations for E&O Buyers
I didn’t see the A-Team movie this Summer, but have to admit as a child of the 80’s I was a big fan of the TV show. I remember vividly watching the pilot as a 13 year old after the Redskins beat the Dolphins in Super Bowl XVII. I know BA hates flying, I know the crack commando team went to prison in 1972 for a crime they didn’t commit, and I know that Hannibal (George Peppard, the only Hannibal) is a cigar smoking, master of disguise.
The real A Team
So what does this all have to do with insurance? Probably not alot…but here’s a shot:
We work with many VC’s as part of our role in managing the insurance program for members of the NVCA. And we have found that, like most innovators, Venture Capitalists are so focused on working IN their business that they sometimes don’t spend enough time working ON their business. This is evidenced with our frequent discovery of poorly structured insurance placements for VC’s, on even the simplest of insurance policies. (Clarification – it’s not a policy holder’s fault if their insurance is not up to par….that is their broker’s job. The policyholder is only responsible for choosing the right broker) Take a General Liability (GL) policy for example: every company has one of these babies. It covers your business for claims that you, your employees or products/services caused someone else bodily injury or property damage. But it also covers a wide variety of personal injury issues that could come into play for a VC. Since most insurers (I’m not aware of any) don’t have a specific classification in their policies for a VC firm, they will categorize them as investment advisors or some other similar financial organization. And in doing so they will also receive a myriad of exclusions that are typical for financial organizations….inluding ones that will severly limit their ability to cover personal injury claims. Insurers also worry about picking up vicarious risks stemming from activities of portfolio companies….hence, more exclusions.
Another problem in this scenario is the pricing. Since most insurers shy away from insuring smaller financial organizations (due to perceived high risk trading/transactional risk that could spill over onto a GL policy) they don’t even offer a small business policy. So most VC’s are placed on a policy that is designed, and priced, for larger firms.
Recognizing these issues and shortcomings our crack team at TechAssure set out with NVCA to build a solution for Venture Capital companies. The result, which is exclusively available to it’s members, corrects the coverage problems, removing almost every exclusion, and has reduced the average venture capital firm’s costs by more than 20%. The policy recognizes VC’s as a “small business” as it pertains to risks covered by basic insurance – the way it should be.
Ready for the tie-in?? As Hannibal Smith said best- I love it when a plan comes together.
Under most Errors and Omissions, Directors and Officers and other liability policies there are certain terms that you must comply with in order for the policy to respond to a claim. The issue that seems to be causing problems for insureds recently is the timeliness of claim reporting. All policies require that the insurer is notified in a certain way, in a specified time frame. And because most people don’t read the “fine print” of their policy, and most brokers do a poor job educating their clients, people tend to sit on potential claims – sometimes until it’s too late. The insurer can deny your claim simply because it was reported too late.
Click Below to see the 7 Common Reasons Why Claims are Not Reported on Time (And As a Result are NOT Covered)
1. “It wouldn’t be covered anyway”
Let the insurance company decide. Another similar statement we often hear is “I didn’t think it would be covered, and didn’t want the insurer to raise my rates if I reported it”. There is no cost to reporting a claim that is not covered. Better safe than sorry.
2. “I referenced the claim on the application”
Under terms of policy indicating on the application isn’t notice
3. “I told my General Liability carrier”
Notice to one insurer is not notice to all insurers
4. “I didn’t have a law suit”
Review your policy’s definition of “claim” (not always a suit)
5. ”We were going to work out the problem”
That means that you knew about the potential claim or should have – and reported it. You can’t decide after your own negotiations fell apart to then hand off the carnage to the insurer
6. ”People are always asking for their money back”
This is often first sign of an unhappy customer and a resulting claim. Check your policy’s definition of “claim”
7. “I protected the insurance company’s interests, too, by engaging my current lawyer who knows my business best”
Don’t assign your own counsel to a claim. Insurers don’t like that! I can’t tell you how many times we get calls from insureds and their lawyers who are months or even years into a claim that we were not aware of – and only decide to look into insurance when they realize how much it is going to cost
Proper notice is critical for coverage to be applicable. All too often policy holders take their coverage for granted and in doing so fail to comply with the terms of their contract – jeopardizing or ruling out coverage. Some simple practices, including open communication with your broker, can help preserve your rights to be afforded coverage under your insurance policy.
- Do not make assumptions
- Talk to your broker
- Remember that a demand for service or money could trigger a notice requirement
- They should know the difference between claims made and claims made and reported
- Look at your policy’s definitions of Claim, Wrongful Act and requirements related to notice of claims or circumstances
- NEVER assign counsel, or try to settle a claim on your own without talking with your carrier
Note: Assist from Chubb presentation at 2010 TechAssure national conference
At InnovationGuard we are all about simplicity. We want to provide the best insurance solutions in the least amount of time – so you can stay focused on growing your own company. As part of that approach, we are very excited about the launch of our new online Errors and Omissions platform which will allow you to obtain a quote and bind coverage by answering a few simple questions. And as long as your phone doesn’t ring, this whole process should take you less than 5 minutes. In an upcoming post we will walk you through the platform using a short video tutorial. Until then, you can find the link below as well as in the iGuard MarketPlacepage of the blog. The platform is in a Beta mode (we are still tinkering with aesthetic issues) but it is fully functional and ready to roll!
NOTE – This policy is offered only to companies in New York State. InnovationGuard is not an insurance agency. This policy would be placed by The Rollins Agency, Inc.
In a previous post I provided a few links to articles on “cyber liability insurance”. The whole reason that this has become a hot risk management topic is because the evolution of business insurance has been out paced by our usage and dependance on technology. The standard policy for Property and Liability, that every company has today, is virtually the same as the policy that they would have had 25 years ago. Sure there have been minor updates, but for the most part, some of the biggest risks businesses face today are not covered by their insurance. Basically every business uses a computer system to manage its finances and billing, store customer information, control marketing and PR programs, communicate with clients, store client data, manage human resources and employee info – and on and on…..and the fact is that traditional business insurance policies don’t address the significant impact there would be on a company if their systems were compromised.
The insurance industry has recognized some of the shortcomings for many years (loss of data not being covered by property insurance – because property as defined in insurance policies must be tangible to qualify to be covered – has been a heated topic for as long as I can remember). A few insurers have offered cyber policies to address these concerns for many years. However, only recently have more carriers followed suit and produced their own cyber liability insurance coverages. Eventually standard business policies will have to address their shortcomings, but until then, a separate insurance policy must be considered as you evaluate your overall corporate risk.
What Does Cyber Liability Cover? Well, each insurer that offers Cyber Insurance does it a little differently, but six key coverage areas seem to be consistent:
- Data Loss & System Damage – Your current property policy covers damage to the computer itself – but not the data stored on them. Doh!
- Business Interruption - Loss of Revenue from downtime after a hack, denial of service, virus…that causes a temporary or long-term shutdown in your operations.
- Notification Expenses – Almost every State has notification requirements – your company must disclose any breach to parties whose private information was, or is reasonably believed to have been, acquired by a person without valid authorization. You may also have to provide ongoing credit monitoring. This could generate significant expenses to your organization.
- PR/Crisis Management - You’ve experienced a security breach, been out of business for a week, notified thousands of clients, vendors, etc of the breach…..better do some spinning Stat! Hire a PR firm and do some marketing and public relations to minimize the damage to your brand.
- Content Liability – Anything associated with the content of your website, blog or other web presence from copyright and other IP claims to slander to invasion of privacy.
- Regulatory Investigation Expense – With the new notification laws having been enacted and privacy legislation constantly changing, there is always the chance that you could get a knock on the door from a friendly civil servant. Most policies exclude governmental or regulatory investigation costs. Bummer. Make sure your cyber policy includes it.
As a business owner, you really need to think about the insurance dollars that you are spending to transfer your biggest risks - would the premiums you are paying for traditional business interruption coverage be better spent on a cyber policy? Where are you more likely to have a loss? And I know what you’re thinking – OK, how much does cyber liability cost. The costs will vary based on the type of business, the sensitivity of the data in your possession, the controls you have in place and the limits of coverage that you select. The lowest premium I have seen for this type of policy has been $1,500.
One final note: insurance policies are just one way to transfer risk……for example we provide our clients with access to a proprietary, internet platform with tools and resources to help them prepare for cyber risks. Anticipation and preparedness can go a long way toward mitigating losses. Included on this platform is a simple online assessment to test your vulnerability, a hotline to speak with a security expert and an incident roadmap to guide you through your response to an adverse cyber event.
Snow everywhere! I often post links to relevant articles and information on my twitter account. And since some of that material doesn’t make it here, I thought I would consolidate the most relevant with a “Best of Twitter” blog post on InnovationGuard. Below are a few tweets in reverse chronological order….if that such a thing? These all have to do with the issue of Cyber Liability.
- Cyber Soldier reporting for duty: http://is.gd/86mo6 (good article on cyber insurance) 8:51 PM Feb 10thfrom web