Just released: How to raise venture capital in 2023


Top 5 Tech E&O and Cyber Claims


Key Takeaways

With the ever-expanding ether of data and information in the world, one of the scariest exposures faced by companies nowadays is the vulnerability of online platforms.  Hand in hand with that, the expansion of business technology is increasing the potential for claims of financial loss against a company’s professional services and offerings.  

We’ve all heard of the big ones; the Equifax and Target breaches left millions of Americans’ personal information exposed and landed the two companies in a world of hurt.  But what are the other types of claims covered under Tech E&O / Cyber policies?  Why is this such a large exposure for companies of all sizes and operations?  Let’s get after it:

1. Failure to Perform or Breach of Contract

You present your services as one thing and deliver another.  Failure to perform on your offerings or not meeting your contractual requirements is the most frequent claim we see in professional liability.  If you don’t meet the duties promised to a client, you can be liable for their lost income and may be fined for bad faith. These claims could also include open intent not to meet your obligations or for any other reason you are unwilling or unable to complete your agreed-upon requirements.

For example imagine you run a SaaS platform that’s critical to your clients business (e.g. payment gateway or logistics software for E-Commerce clients) and your developer inadvertently causes a system crash that takes days to fix. This crash causes your clients to miss out on a hefty amount of new business that week. E&O would respond to covered claims brought by customers for their lost sales.

2. Negligence

Perhaps the easiest and most preventable way by which information is breached is human error – accounting for about 28% of data breaches. Whether or not the professional error or cyber breach was intended or not, clients, stakeholders, and even regulators can come after a company for damages or fines.  The grounds? Failure to exercise the appropriate precautions and practices. If your mistake causes a financial loss due to a lack of “best practices” and general oversight, you can be held accountable for rectifying the loss.  This coverage can protect your company from lawsuits for victims’ financial loss or breach of privacy.

Let’s say one of your employees is traveling for business and leaves their laptop in a cab. The laptop does not have sufficient protection and is opened by the next cab rider, exposing much of you and your clients’ data.  Because your employee was negligent in leaving the laptop in a frequented location, and it was not equipped with the proper software to prevent intrusion, you would be responsible for any expenses for recovering the data, any business disruption and whatever precautions to safeguard your clients’ information.  

3. Theft of PII and Failure to Prevent Introduction of Malicious Code

Here’s what most people think of when they hear about cyber insurance. It’s what makes headlines. Theft of Personally Identifiable Information (PII) like credit card info, Social Security numbers, addresses, etc. is scary for clients and consumers but potentially devastating for the company holding the data.  The targets (pun) are usually massive institutions (Equifax, Target, Yahoo!) but can also be smaller companies. In fact, according to a survey conducted by the Ponemon Institute in 2017, 55% percent of businesses with less than 1,000 employees experience a cyber attack. Approximately 60% of smaller businesses are out of business within six months of suffering a cyber attack.

CyberSecurity Infographic e

(More stats here).

Claims allege it’s the company duty to properly protect the data, and the company is in-turn responsible for restoring the security of their customers/clients confidential information. Many policies will also cover credit monitoring for clients as well as any consultative and forensic services required to help restore their data infrastructure and reputation.

Top 17 Cyber Breaches of the 21st Century

4. Copyright Infringement

For the purposes of this post, copyright infringement refers to software. Of course, you can’t take copyrighted software and use it.  Cease. And. Desist. Courts could award a portion of the offender’s profits or punitive damages. These claims can go both ways for a company though. If another individual or entity is encroaching on your copyright, insurance coverage would help you out by bringing in expert council that would end the infringement and collect appropriate damages.

One well-known instance of this is the Oracle v. Google case over Oracle’s Java patent. Oracle is claiming that Google has been running a program so similar to the Java platform that it infringes on their patent of the product. The trial has gone back and forth between litigations over the past 8 years, running up legal fees and causing distractions for the two companies. This case is a prime example of patent litigation, which can be protracted and costly. As of March of this year, Oracle was seeking $9 billion in damages. While Google and Oracle are two of the largest tech firms in the world and have seemingly endless resources, this case represents the exhaustive toll these disputes can take.

5. Defamation in Online Content

Slander, libel, smear campaign – whatever you want to call it, communicating a false statement that harms the reputation of an individual, product, or business will cost you. Anything on or produced for your site that falls under this category would make you and your company responsible for the impact on reputation, lost income, etc.

What’s interesting about these claims is that they typically come about for sites that allow their users to spread information on their site (eg. comments sections, posts, etc.). Coverage is needed for the vicarious liability to defamatory user-generated content. Even if you didn’t produce the content, you could be brought to court over your responsibility as the platform manager.

A simple example of this would be for a business whose survival is heavily reliant on its reputation (even more so than other industries). Let’s say you run an online platform that allows individuals to write restaurant reviews, something that’s commonplace in today’s foodie society.  A new restaurant opens up and only a few days into its operations, someone posts on your site that they got violently ill after going, but in fact, the individual hadn’t even eaten there.

However, despite the post gaining traction, the restaurant eventually faces closure. Even though you weren’t the author of the post, your website might bear some responsibility due to the content lingering on your platform for an extended period. This could potentially impact your insurance retention limit and contribute to the tarnishing of the restaurant’s reputation.

Who is at risk?

For nearly all tech/consumer-based companies in our contemporary society, Tech E&O and Cyber coverage have become an almost compulsory coverage.  As data collection and the fluidity of information increases, so does the exposure. While many people think the real risk is limited to multinational corporations, smaller companies (including startups in their early stages) are also exposed.

The vulnerability of data and sensitivity of 3rd party financial loss due to your professional services represent the necessity and comprehensiveness of this coverage. While the 5 claims scenarios are covered under Tech E&O and Cyber policies, understanding this policy in its totality can be complex.  If you have any questions on the full extent of these coverages, please reach out to a member of the team!

Related Articles

commercial insurance claim
February 20 • Claims

What a Commercial Insurance Claim Reveals About Your Business

Filing a commercial insurance claim isn’t usually a fun endeavor but often a necessary one. Let’s reflect on what leaders can learn from filing a claim.

Insurance risk management
September 28 • Claims

Using Insurance As A Critical Risk Management Tool

Many business leaders assume insurance is merely a fallback or plan B. However, used wisely, insurance is a risk management tool that sets successful companies apart. Here’s how.

September 28 • Claims

Understanding the Anatomy of a Commercial Insurance Claim

It’s often tough to make sense of a commercial insurance claim, with its deductibles, limits, and confusing language. In the first post of our 4-part series, let’s set the record straight.

commercial insurance claim
September 28 • Claims

What to Do When You Have a Commercial Insurance Claim

Filing a commercial insurance claim can seem intimidating. After all, many of us have only dealt with personal auto claims. Still, as a leader, it’s necessary to understand the business insurance claims process. We have the inside scoop.

risk retention groups
November 10 • Errors & OmissionsRisk Management

What Are Risk Retention Groups & What’s Their Role?

Risk retention groups provide affordable and customized solutions for groups facing similar liabilities. Will it work for you?

young asian lady nurse giving covid flu antivirus vaccine shot senior male patient
September 21 • Claims

Vaccination Mandates and EPLI Claims: What You Should Know

Although the US has a long history of vaccine mandates, the recent initiative has caused a stir. Here’s the role EPL insurance plays for mid-market companies.