Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor!

The Hartford-sponsored Business Insurance Risk Perspective

Clearing up misunderstandings on tech E&O

Specialized professional liability coverage differs from cyber

When people hear the words “cyber” and “technology,” they frequently consider those to be synonymous. In a risk and insurance context, however, they mean different things. One of the common misunderstandings about insurance for technology businesses is where cyber starts and stops, and professional liability begins. The differences may not be clear right away, so it helps to look closer.

Cyber risks – and the insurance solutions that cover them – can involve first-party and third-party losses as a result of ransomware attacks, data breaches, lawsuits, regulatory proceedings, and other incidents. Virtually all businesses handle data to some degree, especially those that are engaged in e-commerce, and therefore have cyber exposures. Cyber risks are becoming as commonplace as directors and officers liability and employment practices liability. If a business is connected to a computer and the internet, chances are that business needs some type of cyber insurance.

Technology errors and omissions liability risk is a bit more nuanced. One significant difference between that and cyber is E&O risk arises from performing professional services. Tech E&O liability can come from providing a technology product or service, such as information technology consulting, or from a contractual arrangement, or even an intellectual property exposure.

A risk history lesson

Decades ago, technology E&O coverage emerged to respond to novel types of risks that general liability insurance was not designed to cover. GL policies offer important protection, to be sure, but they are intended to protect businesses against loss arising from property damage and bodily injury. The digital technology revolution that began in the 1960s and accelerated during the rise of the public internet led to intangible losses that didn’t involve property damage or bodily injury, so a new form of coverage was needed. Technology can cause losses for a business, and tech E&O solved a need that traditional property and casualty coverage could not.

Generally, helping a business with its technology needs and selling something intangible, such as software or services, falls into the domain of technology E&O. Once a business gets involved in handling data and transmitting and/or receiving data over the internet – that is, using technology – the risks fall into the cyber category. During the past 10 years or so, the lines defining the technology sector have become blurred, with many companies forming that expand from using data and technology to also offering services. One way to look at this convergence: even if company’s name lacks the word “technology,” that entity could still be a tech company. These kinds of organizations therefore should consider cyber insurance and tech E&O coverage; these coverages are distinct but not substitutes for each other.

Contractual risk in technology

Fast-forward to the present day, and most technology business is governed by some form of contract. Technology contracts range from IT services to licensing agreements, and often include many other contract types. While contracts should protect each party’s interests, they can also expose providers of tech products and services to complex risks when things don’t go as planned, as well as financial losses.

In an ideal world, technology works as intended and everyone benefits from it. Unfortunately, our world is far from ideal. All technology contains vulnerabilities, and the types of vulnerabilities are almost endless. They exist in code, poor configuration, design, people, and processes. Similarly, professional services are delivered by human beings, who are prone to making mistakes and sometimes overlooking necessary steps. Technology businesses – those that manufacture tech products as well as those offering services related to such products –should have processes to identify these vulnerabilities and a plan to address them. Identifying and fixing these vulnerabilities should be a focus area in the underwriting process, especially for tech companies.

Business contracts frequently transfer risk. For example, software licensing agreements may limit the liability of the manufacturer, transferring a significant portion of the risk of loss to the end user. Service contracts, on the other hand, may require service providers to assume certain risks, such as responsibility for replacing computer hardware that is lost, stolen or damaged while undergoing repair. It’s critical for technology businesses to understand the obligations they accept when agreeing to the terms of a contract. Often, financial responsibility requirements in a contract can be met through insurance.

Having the right insurance for cyber and tech E&O risks is a matter of clearly understanding what the business does. Working with a trusted risk advisor and an insurance company partner that has a deep understanding of technology risks – and whose underwriters are specialists in this area – is a good way to stay protected.

 For more information about The Hartford’s Technology E&O solutions, please visit The Hartford.

 

Anthony Dolce is the Head of Professional Liability & Cyber for The Hartford Financial Services Group. During his more than 25-year career, he has held executive positions in cyber and professional liability underwriting and claims. At The Hartford, Dolce oversees an underwriting unit that encompasses lines including cyber and technology errors and omissions liability, miscellaneous professional liability, architects and engineers, and allied healthcare. 

Andrew Zarkowsky is Technology Industry Practice Leader for The Hartford. He has more than two decades of experience in insurance, holding various leadership roles in underwriting. At The Hartford, he focuses on underwriting growth, profitability and product innovation for technology industry companies.