With the ever-expanding ether of data and information in the world, one of the scariest exposures faced by companies nowadays is the vulnerability of online platforms. Hand in hand with that, the expansion of business technology is increasing the potential for claims of financial loss against a company’s professional services and offerings.
We’ve all heard of the big ones; the Equifax and Target breaches left millions of Americans’ personal information exposed and landed the two companies in a world of hurt. But what are the other types of claims covered under Tech E&O / Cyber policies? Why is this such a large exposure for companies of all sizes and operations? Let’s get after it:
1. Failure to Perform or Breach of Contract
You present your services as one thing and deliver another. Failure to perform on your offerings or not meeting your contractual requirements is the most frequent claim we see in professional liability. If you don’t meet the duties promised to a client, you can be liable for their lost income and may be fined for bad faith. These claims could also include open intent not to meet your obligations or for any other reason you are unwilling or unable to complete your agreed-upon requirements.
For example imagine you run a SaaS platform that’s critical to your clients business (e.g. payment gateway or logistics software for E-Commerce clients) and your developer inadvertently causes a system crash that takes days to fix. This crash causes your clients to miss out on a hefty amount of new business that week. E&O would respond to covered claims brought by customers for their lost sales.
Perhaps the easiest and most preventable way by which information is breached is human error – accounting for about 28% of data breaches. Whether or not the professional error or cyber breach was intended or not, clients, stakeholders, and even regulators can come after a company for damages or fines. The grounds? Failure to exercise the appropriate precautions and practices. If your mistake causes a financial loss due to a lack of “best practices” and general oversight, you can be held accountable for rectifying the loss. This coverage can protect your company from lawsuits for victims’ financial loss or breach of privacy.
Let’s say one of your employees is traveling for business and leaves their laptop in a cab. The laptop does not have sufficient protection and is opened by the next cab rider, exposing much of you and your clients’ data. Because your employee was negligent in leaving the laptop in a frequented location, and it was not equipped with the proper software to prevent intrusion, you would be responsible for any expenses for recovering the data, any business disruption and whatever precautions to safeguard your clients’ information.
3. Theft of PII and Failure to Prevent Introduction of Malicious Code
Here’s what most people think of when they hear about cyber insurance. It’s what makes headlines. Theft of Personally Identifiable Information (PII) like credit card info, Social Security numbers, addresses, etc. is scary for clients and consumers but potentially devastating for the company holding the data. The targets (pun) are usually massive institutions (Equifax, Target, Yahoo!) but can also be smaller companies. In fact, according to a survey conducted by the Ponemon Institute in 2017, 55% percent of businesses with less than 1,000 employees experience a cyber attack. Approximately 60% of smaller businesses are out of business within six months of suffering a cyber attack.
(More stats here).
Claims allege it’s the company duty to properly protect the data, and the company is in-turn responsible for restoring the security of their customers/clients confidential information. Many policies will also cover credit monitoring for clients as well as any consultative and forensic services required to help restore their data infrastructure and reputation.
4. Copyright Infringement
For the purposes of this post, copyright infringement refers to software. Of course, you can’t take copyrighted software and use it. Cease. And. Desist. Courts could award a portion of the offender’s profits or punitive damages. These claims can go both ways for a company though. If another individual or entity is encroaching on your copyright, insurance coverage would help you out by bringing in expert council that would end the infringement and collect appropriate damages.
One well-known instance of this is the Oracle v. Google case over Oracle’s Java patent. Oracle is claiming that Google has been running a program so similar to the Java platform that it infringes on their patent of the product. The trial has gone back and forth between litigations over the past 8 years, running up legal fees and causing distractions for the two companies. As of March of this year, Oracle was seeking $9 billion in damages. While Google and Oracle are two of the largest tech firms in the world and have seemingly endless resources, this case represents the exhaustive toll these disputes can take.
5. Defamation in Online Content
Slander, libel, smear campaign – whatever you want to call it, communicating a false statement that harms the reputation of an individual, product, or business will cost you. Anything on or produced for your site that falls under this category would make you and your company responsible for the impact on reputation, lost income, etc.
What’s interesting about these claims is that they typically come about for sites that allow their users to spread information on their site (eg. comments sections, posts, etc.). Coverage is needed for the vicarious liability to defamatory user-generated content. Even if you didn’t produce the content, you could be brought to court over your responsibility as the platform manager.
A simple example of this would be for a business whose survival is heavily reliant on its reputation (even more so than other industries). Let’s say you run an online platform that allows individuals to write restaurant reviews, something that’s commonplace in today’s foodie society. A new restaurant opens up and only a few days into its operations, someone posts on your site that they got violently ill after going, but in fact, the individual hadn’t even eaten there.
Nevertheless, the post gains traction and the restaurant goes out of business. While you did not create the post, your site may be held liable because the content was kept on your site for a number of days and as a result became at least partly responsible for the restaurants sullied reputation.
Who is at risk?
For nearly all tech/consumer-based companies in our contemporary society, Tech E&O and Cyber coverage have become an almost compulsory coverage. As data collection and the fluidity of information increases, so does the exposure. While many people think the real risk is limited to multinational corporations, smaller companies (including startups in their early stages) are also exposed.
The vulnerability of data and sensitivity of 3rd party financial loss due to your professional services represent the necessity and comprehensiveness of this coverage. While the 5 claims scenarios are covered under Tech E&O and Cyber policies, understanding this policy in its totality can be complex. If you have any questions on the full extent of these coverages, please reach out to a member of the team!