In previous posts we discussed how an E&O policy can provide your company with a shield for various liability claims. As with all liability policies, E&O claims that are paid out will always go to a third party: the law firm providing your defense or the claimant if there should be a settlement or judgment made against you. The insurer will never make out a check with your name on it, right? Wrong. Here’s how you can get paid by your own E&O policy:
With the adoption of technology platforms (the Internet) as a source of income and the proliferation of new regulatory guidelines, businesses face many new financial risks. Most of these have, to date, gone unaddressed by traditional insurance policies. For example if your company is selling its products or services either partially or entirely over the Internet, and that channel is compromised by a hacker you will lose revenue. Even if you have business interruption coverage on your company’s standard policy, it will not respond to the loss as there needs to be physical damage to tangible property. Some errors and omissions policies now offer business interruption/lost revenue protection for security breach and other internet related losses. Another example that highlights this gap in 1st party insurance coverage (meaning the policy holder is paid by the insurer, not a third party claimant) has to do with privacy. Suppose you collect data from your clients or users and have a security incident. Almost every State now requires that you notify these users that their personal data may be at risk as a result of your security failure. Some requirements go as far as to require ongoing credit monitoring for several years. For a company with thousands of clients/users this could pose a huge financial burden. Breach notification coverage, available on some E&O policies, will provide you with the necessary funds to cover these expenses.
Errors and Omissions insurance has morphed in recent years to address risks such as those cited in the examples above. This insurance often goes by other names such as “cyber insurance” as the intent is to cover the losses associated with doing business on the Internet. As a Tech company you would be wise to have a hybrid policy that provides the liability protection of an errors and omissions policy along with the first party coverage that is found in cyber insurance. This way you transfer the risk of defense and indemnity (liability) to the insurance company – while also protecting the top line of your balance sheet.
Very often, the first time a company will look into errors and omissions (E&O) insurance will be when it shows up as a requirement in a client contract. The company is still young at this point, and eager to get revenue on the books - the last thing they need is to have a new expense hit the bottom line. However, if they want to close the deal and land the new client, they need to provide evidence that they have this coverage. The box must be checked! Startup E&O insurance, therefore, is purchased out of necessity and the single most important consideration is the cost. A $1million dollar E&O policy, $25,000 deductible, $1,500 premium - check.
If you're insured with Kirkwood, you may not be covered
So let's assume you get what you pay for....the cheapest possible policy will also be the most restrictive and provide the least coverage (not always the case but more on that in a future post). Knowing that, you have to recognize that the policy cannot be expected to provide a wide security blanket if something does go wrong. Privacy claims, intellectual property claims, claims made outside the US and a variety of other shortcomings are typical to "check the box" policies. As long as you're OK with that, the startup E&O policy serves a good purpose - it's just not true insurance.
The Ticking Time Bomb
Each year the company grows, adding clients, growing revenues and expanding operations. During this time the startup E&O insurance is renewed, the nominal cost may have risen, but it corresponds with the growth of your company, no biggie - many boxes have been checked at this point. Maybe you have even increased the limit to $5 million or $10 million to satisfy larger contracts. E&O? Check! But then the claim comes in - and coverage is declined. Kirkwood cites various exclusions in their policy. Now you are looking at possibly millions of dollars in defense and settlements. The future of your company hangs in the balance. You are scratching your head - you paid for insurance right? Isn't it supposed to work??
There is nothing wrong with buying an inexpensive E&O policy to get those early contracts as long as you understand the you may have inferior coverage and you are self-insuring to a great extent. But, as your company matures, you must go back to that policy and see if it still makes sense. You can probably afford to transfer more risk to an insurer, strengthen your corporate shield and protect the longevity of your organization.
By definition, Errors and Omissions (E&O) insurance covers professionals for actual or alleged errors, omissions or mistakes – caused by them or their products & services – which results in another party’s financial harm. Technology and digital media companies secure E&O insurance to safeguard against claims that the services they provide to others did not function properly. Once triggered by a suit or other demand for damages, an E&O policy will pay to defend the policy holder (pay legal defense fees) and any settlements or judgements that are made against them. This is the case regardless of whether the claim has merit or not. Put simply, an E&O policy responds to claims for a “failure to perform“.
You’ve been served
Commonly, claims come from clients who purchased a service/system and then allege that the system didn’t work, resulting in their financial loss. Let’s use the example of a client that purchases a mission critical software system to manage all of their business’s financial functions…..payroll, payables, receivable, taxes, etc…..the software promises to streamline all of these items where the client was previously using multiple platforms and vendors. Just a week after the client “flipped the switch” and started using the new system there was a crash. All of their data is lost and it takes them two full weeks to correct the problem. During this time they lose thousands of dollars recreating data, paying overtime, contacting clients, incurring penalties for non-payment of bills – and the list goes on. They sue the IT provider for all of the financial damages including their legal expenses, lost opportunity costs & loss of future revenue – and they want their money back for the faulty system which they ended up scrapping.
Insurance to the rescue
In this case if the IT provider were to submit the claim to their General Liability (GL) provider, the claim would be denied. General Liability covers claims for bodily injury & property damage – neither of which occurred in this situation. They would also submit the claim to their E&O insurer. While there is no industry standard, off-the-shelf E&O policy (every insurer has their own contract with it’s own terms, conditions, coverages, exclusions, etc) a typical E&O policy will pay the defense expenses incurred by the IT provider, along with the consequential damages claimed by the clients…..but, most likely, not the return of fees paid for the faulty system. More on this in a future post….
In the end, E&O is a risk transfer tool that companies can use to hedge against claims for mistakes made by their people or the products/services they provide.
Errors & Omissions insurance is one of the most misunderstood coverages that Technology & Digital Media companies will encounter – and with good reason. It is a coverage that goes by many different names (E&O, professional liability, cyber liability…), has no industry standard policy form (like a general liability policy, where every carrier is providing essentially the same coverage) and it changes on what seems like a daily basis. To help simplify and demystify Errors and Omissions coverage, we will provide a multi-part series of posts that cover the basics about Errors & Omissions insurance. These are the topics that we will addess in the coming weeks:
- E&O – WTF? (What’s that for??)
- E&O Insurance – Checking the box
- The E&O Trifecta – Covering Intellectual Property, Privacy and Media
- How to GET PAID by your E&O policy
- How Much does E&O insurance cost ?(& secrets to getting the cost down)
- What is involved in getting E&O Insurance?
- How E&O Claims are triggered and what happens when they are?
- The 5 Most Important Considerations for E&O Buyers
Under most Errors and Omissions, Directors and Officers and other liability policies there are certain terms that you must comply with in order for the policy to respond to a claim. The issue that seems to be causing problems for insureds recently is the timeliness of claim reporting. All policies require that the insurer is notified in a certain way, in a specified time frame. And because most people don’t read the “fine print” of their policy, and most brokers do a poor job educating their clients, people tend to sit on potential claims – sometimes until it’s too late. The insurer can deny your claim simply because it was reported too late.
Click Below to see the 7 Common Reasons Why Claims are Not Reported on Time (And As a Result are NOT Covered)
1. “It wouldn’t be covered anyway”
Let the insurance company decide. Another similar statement we often hear is “I didn’t think it would be covered, and didn’t want the insurer to raise my rates if I reported it”. There is no cost to reporting a claim that is not covered. Better safe than sorry.
2. “I referenced the claim on the application”
Under terms of policy indicating on the application isn’t notice
3. “I told my General Liability carrier”
Notice to one insurer is not notice to all insurers
4. “I didn’t have a law suit”
Review your policy’s definition of “claim” (not always a suit)
5. ”We were going to work out the problem”
That means that you knew about the potential claim or should have – and reported it. You can’t decide after your own negotiations fell apart to then hand off the carnage to the insurer
6. ”People are always asking for their money back”
This is often first sign of an unhappy customer and a resulting claim. Check your policy’s definition of “claim”
7. “I protected the insurance company’s interests, too, by engaging my current lawyer who knows my business best”
Don’t assign your own counsel to a claim. Insurers don’t like that! I can’t tell you how many times we get calls from insureds and their lawyers who are months or even years into a claim that we were not aware of – and only decide to look into insurance when they realize how much it is going to cost
Proper notice is critical for coverage to be applicable. All too often policy holders take their coverage for granted and in doing so fail to comply with the terms of their contract – jeopardizing or ruling out coverage. Some simple practices, including open communication with your broker, can help preserve your rights to be afforded coverage under your insurance policy.
- Do not make assumptions
- Talk to your broker
- Remember that a demand for service or money could trigger a notice requirement
- They should know the difference between claims made and claims made and reported
- Look at your policy’s definitions of Claim, Wrongful Act and requirements related to notice of claims or circumstances
- NEVER assign counsel, or try to settle a claim on your own without talking with your carrier
Note: Assist from Chubb presentation at 2010 TechAssure national conference
As an entrepreneur/executive of an early stage tech company one of the decisions you need to make is who to use to help you insure your company. For some reason many people go to great lengths to do due diligence when selecting an attorney or accountant, but then spend thirty seconds deciding who should handle their insurance. Those people tend to do business with one (or more) of five “people”. So here are the five people you meet in heaven when you buy insurance – and how these people impact your company:
Why: You’ve just set up your company and you need the basics – General Liability, Workers Comp, Property, etc. The guy on your whiffle ball team, who also helped you with your homeowners insurance, says he can hook you up! He has no experience working with other companies like yours, no relationships with insurers that are familiar with your industry. But he’s a great guy and he assures you it’s a no brainer. He sends you some applications to fill out. The questions seem odd, don’t really apply to your company – and most of all it takes a sh*$! ton of time for you to complete. You fax them back, wait a couple of weeks and he surfaces with a policy and a bill.
The Result: No thought went into anticipating what you may need next (like E&O when you sign your first client contract, D&O when you get your first round of financing, global coverage when you open a sales office in the UK, etc). The insurer you are with – let’s call them Thunderbird Mutual – can’t provide any of those coverages. So when they come up, which will be sooner than you think, there will be a mad scramble to find these policies with different insurers, costing you time and more money. You end up with a disjointed, patchwork insurance program with multiple insurers and no economies of scale by having everything in one package. Since your buddy has no experience in your industry, he has no ability to provide services that may drive down your cost and reduce the likelihood of your having a claim. Now you can get away with the buddy’s insurance program for a while – but if you have a claim, or need advice on a contract or industry specific issue you will find out the hard way that he was not the right broker for you.
The Biggest Broker in the World!
Why: Your company is the next Facebook. You have some high profile VC board members. You need to work with the Biggest Broker in the World! In fact, one of those board members knows one of the top executives from the Biggest Broker in the World! from his country club.
The Result: The Biggest Broker in the World! handles the insurance for companies like Microsoft, Dell and Cisco. Their best talent handles those accounts. Their average account brings in $50,000 of revenue in both commissions and other fees. All of your policies combined will throw off a total of twelve hundred bucks of income. You will have a lot of questions and need a lot of hand holding. Your company will change a lot over the next couple of years – hiring and firing, adding locations, new products, new client contracts, etc. The Biggest Broker in the World! assigns you to their D team – maybe a recent college grad, maybe a service center…..until you can be more profitable for them. Like when you are about to have your IPO. You’ll wait won’t you? And will you also please let them know when you are bigger, cause no one at their company even knows they insure you.
The Butcher, the Baker and the Candle Stick maker
Why: You already bought a policy from the Buddy (for this segment let’s call him the Butcher). Now you open an office in San Jose. The Butcher doesn’t have a license in CA and suggests that you contact someone local out there. He knows a guy from insurance school, the Baker. You call the Baker and he is happy to set you up with a set of new policies for your California office! Next, you land that big round of VC money and the term sheet says you need Directors and Officers (D&O) insurance. The Butcher and Baker both say they can do it for you but you’re not so sure. This one seems a little more sophisticated. The VC suggests a broker that they use, that specializes in D&O insurance, the Candle Stick maker. This guy drives his Benz to your office, tells you about how he handles the D&O insurance for the last four IPO’s in the country and assures you that you are with the right broker (NOTE: some brokers specialize in specific types of policies as opposed to industry segments where they can handle all types of insurance for that niche. This happens a lot with D&O as the premiums are usually high, and there is little or no service work involved – so they throw off a lot of income to a broker. Hence the Benz.). He sets you up with a state of the art D&O policy. It is the most expensive insurance policy you have ever seen.
The Result: You have three brokers. None of these characters communicates with the other. You have overlapping coverages and therefore are paying duplicate premiums. None of them feel like they are “in charge” of your account, so they don’t make any recommendations, review/update coverage or take much of an interest in your company. None of them realizes you have salespeople working from their homes in 6 States and now each State’s insurance department is fining you for non-compliance on Workers Comp. You have bills coming in from 3 agents, at least 3 insurers and your bookkeeper can’t figure out which bill is for which policy. A new client contract calls for evidence (a certificate) of insurance. Hmmmmm, guess you gotta call all 3. You have a claim and are unsure which policy would cover it, so you call all 3 brokers, none of whom think their policy will cover it. But go ahead and send it in the insurers will fight it out. Ahhh, music to your ears while your company is getting sued…
So, when it comes time to get insurance – maybe the bank, landlord or VC is requiring it – rather than just hiring anyone so you can check a box and move on, spend a little extra time selecting your broker. It will pay dividends down the road. Here are some questions you should consider asking a prospective broker:
- What other companies in my industry/like mine do you work with?
- Can I call someone at those companies and ask about your work?
- My company is poised for growth an we expect a lot of moving parts – and insurance is not our main consideration. How will you help us stay on top of these changes so we don’t miss anything?
- Do the insurers you work with specialize in my niche and offer industry specific coverage?
- What special services do you provide that will help me save time, reduce my premiums and minimize the possibility of us having a claim?
- How much time should I expect to spend on completing applications?
- Can you describe are your smallest and largest clients?
- Do you handle all areas of insurance for companies like ours or just one type of coverage?
- Do you have any group buying programs where I can leverage the power of a bigger group in my industry?
At InnovationGuard we are all about simplicity. We want to provide the best insurance solutions in the least amount of time – so you can stay focused on growing your own company. As part of that approach, we are very excited about the launch of our new online Errors and Omissions platform which will allow you to obtain a quote and bind coverage by answering a few simple questions. And as long as your phone doesn’t ring, this whole process should take you less than 5 minutes. In an upcoming post we will walk you through the platform using a short video tutorial. Until then, you can find the link below as well as in the iGuard MarketPlacepage of the blog. The platform is in a Beta mode (we are still tinkering with aesthetic issues) but it is fully functional and ready to roll!
NOTE – This policy is offered only to companies in New York State. InnovationGuard is not an insurance agency. This policy would be placed by The Rollins Agency, Inc.
In a previous post I provided a few links to articles on “cyber liability insurance”. The whole reason that this has become a hot risk management topic is because the evolution of business insurance has been out paced by our usage and dependance on technology. The standard policy for Property and Liability, that every company has today, is virtually the same as the policy that they would have had 25 years ago. Sure there have been minor updates, but for the most part, some of the biggest risks businesses face today are not covered by their insurance. Basically every business uses a computer system to manage its finances and billing, store customer information, control marketing and PR programs, communicate with clients, store client data, manage human resources and employee info – and on and on…..and the fact is that traditional business insurance policies don’t address the significant impact there would be on a company if their systems were compromised.
The insurance industry has recognized some of the shortcomings for many years (loss of data not being covered by property insurance – because property as defined in insurance policies must be tangible to qualify to be covered – has been a heated topic for as long as I can remember). A few insurers have offered cyber policies to address these concerns for many years. However, only recently have more carriers followed suit and produced their own cyber liability insurance coverages. Eventually standard business policies will have to address their shortcomings, but until then, a separate insurance policy must be considered as you evaluate your overall corporate risk.
What Does Cyber Liability Cover? Well, each insurer that offers Cyber Insurance does it a little differently, but six key coverage areas seem to be consistent:
- Data Loss & System Damage – Your current property policy covers damage to the computer itself – but not the data stored on them. Doh!
- Business Interruption - Loss of Revenue from downtime after a hack, denial of service, virus…that causes a temporary or long-term shutdown in your operations.
- Notification Expenses – Almost every State has notification requirements – your company must disclose any breach to parties whose private information was, or is reasonably believed to have been, acquired by a person without valid authorization. You may also have to provide ongoing credit monitoring. This could generate significant expenses to your organization.
- PR/Crisis Management - You’ve experienced a security breach, been out of business for a week, notified thousands of clients, vendors, etc of the breach…..better do some spinning Stat! Hire a PR firm and do some marketing and public relations to minimize the damage to your brand.
- Content Liability – Anything associated with the content of your website, blog or other web presence from copyright and other IP claims to slander to invasion of privacy.
- Regulatory Investigation Expense – With the new notification laws having been enacted and privacy legislation constantly changing, there is always the chance that you could get a knock on the door from a friendly civil servant. Most policies exclude governmental or regulatory investigation costs. Bummer. Make sure your cyber policy includes it.
As a business owner, you really need to think about the insurance dollars that you are spending to transfer your biggest risks - would the premiums you are paying for traditional business interruption coverage be better spent on a cyber policy? Where are you more likely to have a loss? And I know what you’re thinking – OK, how much does cyber liability cost. The costs will vary based on the type of business, the sensitivity of the data in your possession, the controls you have in place and the limits of coverage that you select. The lowest premium I have seen for this type of policy has been $1,500.
One final note: insurance policies are just one way to transfer risk……for example we provide our clients with access to a proprietary, internet platform with tools and resources to help them prepare for cyber risks. Anticipation and preparedness can go a long way toward mitigating losses. Included on this platform is a simple online assessment to test your vulnerability, a hotline to speak with a security expert and an incident roadmap to guide you through your response to an adverse cyber event.
Snow everywhere! I often post links to relevant articles and information on my twitter account. And since some of that material doesn’t make it here, I thought I would consolidate the most relevant with a “Best of Twitter” blog post on InnovationGuard. Below are a few tweets in reverse chronological order….if that such a thing? These all have to do with the issue of Cyber Liability.
- Cyber Soldier reporting for duty: http://is.gd/86mo6 (good article on cyber insurance) 8:51 PM Feb 10thfrom web
Emerging companies require unique insurance coverages during each stage of their development. While each company will have it’s own specific risks (which must be evaluated independently) there is a pattern of typical coverages that most companies will require at each stage. We have categorized the stages into the following four areas:
Stage 1 – Research & Development
Stage 2 – Growth Phase
Stage 3 – IPO
Stage 4 – Mature Company
Outlined below are the typical insurance coverages, itemized by stage.
Stage 1 – Research & Development
The first stage is usually when the company is being conceptually formulated, partnerships are established, and funding is sought. There are usually few employees in a small office. Insurance needs are somewhat minimal, and typically driven by lease requirements or required by law.
• General Liability for office space (possibly an Umbrella depending on lease requirements)
• Property Coverage for Physical Assets
• Business Interruption coverage including loss of R&D materials
• Workers Compensation & Disability as required by law
Stage 2 – Growth Phase
Typically this stage will be when outside funding is received, products are launched to market, employees are hired and there is possibly some International expansion. Insurance issues take on a bit more complexity. Client contracts often trigger the placement of these coverages.
• Errors & Omissions for intellectual property, privacy, and Internet services negligence which causes financial or other no-tangible loss to a third party
• Directors and Officers liability to protect from shareholder and employment related suits
• Crime coverage for employee theft, forgery, computer fraud, ERISA requirements
• Global Companion Policy to expand all coverages to a worldwide basis
• Employee Benefits including medical, dental, life and disability coverages
• Key Man Life insurance for founders or other key employees (often a VC requirement)
Stage 3 – IPO
The biggest change in a company’s insurance program at this stage is the enhanced protection required to fend off shareholder/class action suits. This takes the form of a restructured D&O policy, and negotiating the correct coverage is a very specialized practice. Additionally, most liability coverages should be increased as the higher profile of the company may translate into claims susceptibility.
• Restructured Directors and Officers Liability insurance which may include several carriers to achieve an appropriate coverage amount
• Separate Employment Practices Liability coverage
• Employed Lawyers coverage for in-house counsel
• First Party “loss of revenue” protection for denial of service, loss of data, breach notification costs and other web specific losses
• Loss Control services such as website assessments and monitoring, employee ergonomic evaluation
• Patent infringement coverage
Stage 4 – Mature Company
At this point a solid risk management foundation should be in place and monitoring the company’s growth and diversification becomes the biggest concern. Acquisitions can cause material changes to the company’s business risks. As the company has reached maturity and the insurance costs have subsequently increased, there is often room for creativity at this point in terms of the funding of the risk management program.
• Merger and Acquisition policies to protect against acquired and assumed liabilities
• Self-funding considerations
• Participating Workers Compensation policies (which pay dividends based on favorable loss experience)
• Local policies placed in foreign countries for subsidiaries and owned locations
• Loss Mitigation policies explained to management for any suits that are non-insurable (this is an insurance backed funding mechanism)
This entire post can be found in the document library. Or, if you can’t fall asleep, you can listen to an interview on this subject that I did with Dave Lavinsky of Growthink (Dave is great, I sound like I died three weeks ago).