| Coverage as Complex as the Technology | | | | regard to creation or dissemination of electronic |
| There are a wide range of insurance products within | | | | content, unintentional violation of privacy rights or |
| the generic umbrella of Technology or Cyber Risk | | | | regulations, and network extortion threats." |
| insurance. Some policies provide first-party coverage | | | | Technology Professional Liability Insurance |
| insuring covered losses directly sustained by the you-- | | | | IT professionals provide a variety of |
| the policyholder. Other variations provide coverage | | | | technology-related services encompassing web-based |
| that includes loss to third-parties - your clients. | | | | and technology systems-based services. Liability can |
| Professional liability insurance is the most important | | | | emanate from the ineffectual rendering of the |
| insurance requirement embedded in every IT services | | | | professional services. These claims are generally |
| contract. Menu-driven policies allow selection among | | | | brought as a failure of the provided services to |
| coverage modules to better correlate coverage with | | | | perform as intended. They typically allege the services |
| the IT firm's specific enterprise exposures. Because | | | | caused a client to sustain loss of property and/or |
| this is arguably the most important insurance you will | | | | economic damages due to business income loss. |
| purchase, it's important to not approach the purchase | | | | Some claims allege loss because a client's system |
| of this insurance as that of a commodity. All policies | | | | was exposed to a threat of unauthorized access |
| are not equal. Investing time to compare the available | | | | which could result in privacy issues or the threat of |
| coverage options and the policies' limitations is essential | | | | cyber extortion. It's important for IT professionals to |
| to ensure your enterprise receives appropriate liability | | | | understand that while the scope of coverage |
| protection. | | | | contained within Cyber Risk policies is broad, it is not |
| Exclusions: A good place to start understanding what | | | | all-inclusive. For example, these types of insurance |
| your policy covers. | | | | policies do not provide coverage for claims involving |
| Having a clear understanding of what your Cyber Risk | | | | delays, cost overruns or certain other business-related |
| policy doesn't cover is as important as understanding | | | | disputes. |
| what it does cover. Some of the prominent exclusions | | | | The Checklist - Does Your Policy Cover...? |
| to coverage contained in Cyber Risk policies are | | | | Some questions Technology firms should ask about |
| summarized below. It's important to be mindful a | | | | their Cyber Risk policy... |
| policy's exclusions do not always appear in the | | | | Is Defense fully covered without any allocation of |
| Exclusion section. Many insurance policies often imbed | | | | defense costs between covered and non-covered |
| coverage limitations in other parts of the policy, such | | | | claims if at least one covered allegation is asserted? |
| as within the Definitions section. Similarly, policy | | | | Does Data Breach coverage include both |
| exclusions sometimes contain carve-backs or | | | | first-party and third-party expenses? |
| exceptions to the exclusion which typically make a | | | | Does Privacy Coverage apply to third-parties such |
| portion of an exclusion inapplicable, thereby expanding | | | | as customers and employees of the Insured? |
| coverage under specifically defined circumstances. | | | | Does the policy provide Expense Coverage for |
| Some typical exclusions are: | | | | complying with Consumer Privacy Notification |
| Claims involving the recall, replacement, repair or | | | | regulations and credit monitoring expenses? |
| supplementation of the Insured's product or service. | | | | Are costs of retaining public relations or crisis |
| Claims alleging software failure involving software | | | | management firms and / or law firms in the event of a |
| that is in a test phase or not in general commercial | | | | privacy breach event covered? |
| release. | | | | Are Data Breach claims subject to deductibles, |
| Claims involving fee disputes. | | | | retentions or co-insurance? |
| Claims involving electrical, mechanical or | | | | Are regulatory fines, pre-judgment and post |
| telecommunication failures or interruption, unless the | | | | judgment interest covered? |
| failure was caused by the Insured's covered wrongful | | | | Does Business Interruption coverage include costs |
| acts. | | | | to enhance information assets beyond their pre-loss |
| Claims alleging invalidity, misappropriation or | | | | status? |
| infringement of a patent, trade secret, copyright, | | | | Are consequential damages covered? |
| trademark or service mark unless arising from | | | | Is Contractual Liability covered if liability exists in the |
| electronic publishing activity. | | | | absence of the contract? |
| Certain proceedings brought by federal, state or | | | | Does the policy's definition of Legal Proceedings |
| local governmental agencies, licensing authorities, or | | | | include arbitrations? |
| rights organizations, except for network security or | | | | Is Additional Insured coverage available if required |
| privacy-related claims. | | | | by contract? |
| Claims alleging unauthorized collection of personal | | | | Are Independent Contractors covered if the claim is |
| data of third parties with the knowledge of the | | | | also brought against an Insured? |
| Insured's principal partner, director or officer is imputed | | | | Are Defense Expenses covered for Deceptive or |
| to other Insured individuals and/ the entity. | | | | Unfair Business Practices unless a final adjudication is |
| Readers should not be left with the impression that | | | | rendered adverse to the Insured? |
| these policies don't cover much. Quite the contrary, | | | | Will the policy provide defense coverage for claims |
| these insurance policies provide very broad and | | | | seeking solely injunctive relief? |
| valuable coverage. The definition of "Wrongful Act" as | | | | Does the policy offer an option to include |
| found within one of the more prominent Cyber Risk | | | | Professional Liability Coverage? |
| policies states: "...means any error, misstatement, | | | | Whether the IT enterprise is a small, medium or large |
| misleading statement, act, omission, neglect, breach of | | | | firm, when losses arise relative to the scope of their |
| duty, or Personal Injury offense actually or allegedly | | | | respective contracts, they can have a devastating |
| committed or attempted by any Insured in their | | | | effect. Before even considering the potential economic |
| capacity as such:" That clause is followed by a litany | | | | damages, one must consider the cost of defending a |
| of coverage triggers including but not limited to: "failure | | | | technically complex claim. Without proper insurance, |
| of the Insured's Technology Services, Technology | | | | those defense costs can be enough to cripple most IT |
| Products, Electronic Media exposures, product | | | | service providers, or certainly put severe stress on a |
| disparagement, trade libel, public disclosure of private | | | | company's profitability. In addition, there are public |
| facts, plagiarism, piracy, copyright and domain name | | | | relations consequences and other related expenses |
| infringement, service mark infringement, negligence with | | | | that may be incurred in connection with such claims. |