This is Part II of our feature on IT Liability Insurance
IT liability and cyber risk
Tech providers must constantly grapple with the potential vulnerability to cyber attacks of the software and systems they provide; these attacks can obviously lead to data theft, loss of customers and business income.
“‘Privacy by design’ is a phrase used more and more commonly, implying that at the design phase technology companies should be building in data privacy to their products and solutions,” says Rye.
“Data is the new commodity, and the power of big data, when harnessed correctly, can be impressive, but of course collecting large volumes of data through technology applications, products and services is by no means without risk, and consumers are becoming aware of that.”
Rye therefore strongly recommends that IT participants consider taking up cyber coverage together with their IT liability insurance.
And popular new data storage methods, such as cloud solutions, also raise issues for tech providers to consider.
“Worldwide information security legislation is changing,” he says. “In the EU … data laws used to state that the perceived holder of the data would be responsible for said data, [but] new legislation will make the data storage provider responsible.”
The question is, where should brokers begin in their efforts to ensure IT clients have proper protection?
Rye says the conversation should start with the broker ensuring the client provides full disclosure of their business activities.
“The broker needs to be certain that the underwriter is aware and understands the full scope of the insured’s activities due to the sometimes complex and fast-moving nature of the tech industry,” he says.
Making sure they go the extra mile to properly understand a client’s business – and the full range of its activities – is paramount for IT brokers. That includes understanding the extent of a business’s international reach.
“Where the insured has overseas operations, domiciled or not, [the broker] needs to confirm the policy will respond. Are there local regulatory issues in play, and is the insurer licensed to write business within the particular territory?”
Rye emphasises the importance of brokers paying special attention to policy wording, ensuring a product will actually provide the required coverage.
“[Brokers] should make sure that coverage isn’t given under the heads of cover section, only to be removed or significantly restricted in the exclusion section of the policy wording. This does happen!
“In a similar vein … attention needs to be paid to sublimits – just granting the cover in name doesn’t mean a great deal when that particular head of cover is dramatically sublimited.”
Rye also talks about establishing the extent of the geographical risk footprint.
“Where data storage is concerned, there could be a considerable overseas exposure depending on the storage locations and locations of clients who access the data. Even if the jurisdiction coverage is limited, the broker should be looking for expansive geographical coverage as a standard feature.”
Is there anything else brokers’ IT clients can do to assist in reducing their exposures?
Rye returns to the issue of potential contractual liability in situations where a project successfully completes but goal posts have moved mid-project and resulted in outcomes departing from those originally envisaged. Emphasising the importance of changes being reflected in the written contract, he says: “To this end, it’s important for the client to have internal procedures in place so that the changes are recognised and then reported to the correct internal individual or department to be further actioned.”
Even the structural clarity of an IT business can affect the extent of loss or damage for which that business is ultimately liable.
“A clear reporting structure is essential to not only recognise a potential failure in the provision of services or potential confusion as to what defines a satisfactory outcome in any particular project, but to also provide a framework of internal disclosure and subsequent action,” Rye explains.
“The earlier any such issue is discovered, the better the chance of finding an amicable solution. Insurers actually want to know about potential claims as early as possible – we don’t like big surprises!”
There’s no doubt the IT technology industry will remain as Rye describes – fast-moving and complex. Similarly, there’s no doubt the need for brokers to be on top of their clients’ evolving insurance needs will remain pivotal.