Your insurance policy gives you peace of mind and helps to ensure that you can stay in business — even if you are threatened by a lawsuit or experience a natural disaster. Sometimes your policy may not cover you — or provide enough coverage — against certain risks. We have evaluated many tech companies’ insurance programs and found many common hidden risks. Here’s your guide to knowing — and planning for these.
1. Plan for the worst
You can’t predict what will, or won’t happen, in the future. But there’s a good chance something bad could happen. According to recent studies, 60% of U.S. companies are underinsured. That’s a big reason why 60% of companies that experience a catastrophic event never reopen for business.
60% OF SMALL BUSINESSES NEVER RECOVER FROM A CATASTROPHIC EVENT
As a tech company, you have a high exposure because of investments in computer equipment and the associated high cost to re-create or restore lost data. Weather causes more damage than ever — wildfires, floods, earthquakes, and wind damage are all reasons to make sure your business has a disaster plan in place.
What can you do to reduce your risk?
- Create a business continuity plan to help you prepare before a disaster occurs and reopen sooner — it’s too late to plan when a weather event is imminent. The Insurance Institute for Business & Home Safety’s Open for Business site offers many planning templates.
- Include remote locations, key vendors and suppliers in your business continuity plan. Test your plan by establishing relationships with alternate vendors and suppliers.
- Since business interruption can occur due to a network or server being down at one of your facilities, or with one of the vendors you rely on, ensure that your insurance policy covers the loss of income due to downtime caused by covered events at dependent properties. Understand that your business income is calculated based on profit for the purposes of business interruption insurance. Start-ups can modify their business interruption coverage with some carriers.
- Consider your insurance policy an investment in your company’s financial health. Saving a few dollars is not worth the risk of being underinsured. Even if you lose power for a day the financial cost of closing can be significant. Disaster strikes without warning and investing a few extra dollars to properly insure your business will give you the peace of mind that your business can recover if the unexpected occurs.
2. Look for potentially costly gaps in your policy
As a tech company, you’re not interested in becoming an insurance expert, but you should know some basics, particularly about liability coverage. General liability covers bodily injury, property damage and personal injury, while professional liability protects your company against claims that your products or services don’t work as advertised or don’t meet specifications.
Companies need to worry about the threat of baseless lawsuits, which could come from litigious end-users or customers. You could still incur significant costs to defend even frivolous lawsuits. In this age of litigation, if something goes wrong with a product for which your company supplied a component or piece of code, you could be sued, even if your software is error-free.
One problem for tech companies: general liability policies often exclude claims arising from software or programming. Depending on what you do, this has the potential of exposing you to costly uncovered claims.
As with general liability, traditional professional liability policies contain exclusions that could create serious risks for tech companies. Many typical professional liability policies exclude information security breaches, and copyright infringement of computer code, which are common exposures for tech companies. However, policies created specifically for tech companies can close this gap.
33% OF SMALL BUSINESSES HAVE FACED A LAWSUIT IN THE PAST THREE YEARS
What can you do to reduce your risk?
- Choose an agent who understands the risks, including emerging risks, facing tech companies, and has expertise in building programs for tech companies.
- Select an insurer with products specifically customized for tech companies. Often, there are special coverages for different tech sectors, such as information technology, electronics manufacturing and telecommunications.
- Ensure that your general liability policy does not exclude professional services (e.g. bodily injury, property damage, and personal and advertising injury arising from software or programming).
- Look for a professional liability policy designed for tech that includes coverage for information security, breach of warranties and representation, virus transmission, and copyright infringement of software code.
3. Avoid cyber liability confusion
Cyber incidents are becoming increasingly common: 46% of companies experience a data breach annually. The causes can include viruses/malware, physical theft of laptops or mobile devices, denial of service attacks, insider abuse or negligence.
ONLY 3 IN 10 BUSINESSES HAVE CYBER LIABILITY COVERAGE
Yet, only three in 10 businesses have cyber liability coverage. What would happen if data was stolen or suspected to be lost, stolen, or accidentally released? The picture becomes more complicated when the data breach includes customer data. States require notification if a breach occurs or is suspected to have occurred, which can cost thousands.
Cyber liability coverage is not a standard coverage and varies significantly among carriers, so make sure you know what you need, and it’s clear what you’re buying.
What can you do to reduce risk?
Invest in learning about cyber liability coverage, including data breach coverage. This valuable coverage typically includes:
- Data breach services, including consulting, fraud alert, and identity restoration.
- Data breach expenses, including cost of notification, forensic analysis, and proactive monitoring services.
- Legal services, public relations, data breach ransom, and more.
As a tech company, it’s also important to have third-party liability coverage that can be provided on your errors and omission policy. Coverage features will vary significantly among insurers. But your errors and omissions insurance policy should have broad cyber liability coverage, including protection for:
- Transmission of a computer virus.
- Failure to protect a third-party’s data or information, including unauthorized access, use, or theft.
- Inability of an authorized party to gain access to products and services.
- Coverage for media and content infringement including software and computer code (extends to coverage typically not provided by CGL).
4. Think of data privacy broadly
Phishers, extreme hacktivists, and other menacing cyber criminals dominate the news when it comes to data breach, and top the list of businesses’ security concerns. In one case, Seattle hackers’ attacks cost 53 small- and medium-sized business $3 million in damages.
In reality, external and internal cyber criminals caused only 38% of data breaches, according to The Post Breach Boom by the Ponemon Institute, while 47% were non-malicious — caused by employees or contractors who made a mistake.
Errors that lead to breaches can be low-tech: an employee’s laptop is accidentally left in a cafe; someone dumps confidential docs in the trash; a file box of records is left in a worker’s car overnight — and stolen by an opportunist.
47% OF DATA BREACHES WERE CAUSED BY NON-MALICIOUS INSIDERS
What can you do to reduce your risk?
- Tech companies and security consultants often focus on reducing risk with increased network security. However, training employees about data security is one of the lowest-cost, most effective risk management techniques. Periodically remind workers of policies and best practices.
- Secure data physically. Make sure to secure laptop and devices containing access to data. Lock file drawers and other places containing hard copies of sensitive data. Shred sensitive documents.
- Encrypt data on all devices.
- Ensure that you have data breach coverage for both cyber- and non-cyber incidents.
5. Understand your claim reporting obligations
Not every insurer treats claims the same way. Depending on how your policy is written, you may be required to report a professional liability claim within a 60- to 90-day window, and if you fail to do so, your claim may not be covered.
That’s pretty clear. However, where it gets confusing is that insurers may have different definitions of what constitutes a claim.
Some may require you to report a threat of a lawsuit, or a heated exchange with a customer, for example, even if that conversation never reaches a manager or executive. The insurer may start the reporting clock ticking based on that conversation, even though it was not fully known to management.
What you can do to reduce your risk?
- Choose an insurer with a clear definition of a claim. Typically, this is limited to the receipt of a written demand for damages. Better yet, receipt of that demand has to reach a senior executive before the reporting clock starts ticking.
- Implement procedures and policies to ensure that lawsuits or other written demands get escalated to appropriate individuals quickly.
DID YOU KNOW IF YOU MISS THE REPORTING WINDOW YOUR CLAIM MAY NOT BE COVERED?
Let’s start a conversation
Nobody knows more about designing coverage for today’s technology companies than your agent and The Hanover team. Contact your Hanover agent today.