By Vincent J. Curatolo —
To get the best pricing and coverage for your tech firm in this hard insurance market, it’s important to partner with an insurance broker who has expertise in the sector. Your broker can help identify and analyze your exposures, and develop a risk mitigation strategy before meeting with an underwriter.
Whether a startup or an established enterprise, tech companies with a solid risk management plan will get better terms and pricing for Errors & Omissions (E&O), Cyber and Directors’ & Officers’ (D&O) liability insurance coverage.
Today’s commercial insurance market is challenging, with prices rising by an average of 40% in most lines of coverage. Rate hikes are even higher for many technology company placements. And, each insurer uses slightly different policy wordings, making it difficult to compare the various product offerings.
Assess Risks Before Talking to the Underwriter
Long before a tech company presents its case to an insurance underwriter, it should consult with a broker experienced in reviewing contracts to ensure they include provisions that mitigate and transfer risk where possible. Having appropriate contractual risk controls already in place will make the company a more attractive risk to underwriters.
Among other things, a tech firm’s risk management strategy should address who is developing the software, and ensure that all contracts contain proper indemnification language and protect intellectual property.
Tech firms are always concerned with protecting intellectual property, as well as being careful to not infringe on the copyright of other companies’ software code. Start-ups and smaller tech firms often hire independent contractors to develop products. In some cases, these contractors may copy code from another source. If it turns out that a subcontractor has used code owned by another company without permission, the tech firm that hired the contractor could face a lawsuit filed by the owner of the code.
Regardless of whether employees or independent contractors are developing products, tech companies should consult with intellectual property attorneys to make sure that they don’t violate any copyrights.
If a company uses independent contractors, it should make sure all contracts contain indemnification language to shield the company from any liability. All contractors should be required to purchase professional liability insurance with the company named as an additional insured.
Tech firms’ risk management programs should also include:
- A comprehensive and well-documented strategy for compliance with applicable rules and regulations concerning data privacy and security.
- Vetting procedures for the protection of, and compliance with, IP rights and licensing requirements.
- Disaster recovery and business continuity plans to mitigate operational shutdowns and interruptions.
Other Risks Tech Companies Face
The tech industry is a major target of cybercriminals, and insurers are continually refining their coverage in response to claims due to cyberattacks. Tech companies need to keep abreast of these changes to ensure they are always covered, especially if they store third-party data. Also, tech companies should ensure that all systems, software and data are properly stored, backed up and safeguarded with data security and identity verification protocols to minimize the risks of unauthorized access and cyber-crime.
Because many start-up firms operate on tight budgets, they’re often looking for financial backing from outside investors. Management needs to be aware of notification requirements in their D&O liability policies in the event of a change in company ownership, either through a management buyout or divestiture by majority shareholders. Otherwise, the D&O insurer may void coverage for any claims stemming from ownership change.
Cyber Policy Language Varies
Every E&O, Cyber and D&O insurance policy is unique, and overlooking these subtle differences may leave your firm with unintended gaps in coverage.
For example, one policy may provide $2 million in cyber liability coverage for the cost of notifying individuals whose personal identifiable information or protected health information has been breached, while another policy might provide $5 million. However, the $2 million may be provided within the overall policy limits while the $5 million may be on top of policy limits.
Another example is “bricking coverage”, which pays to replace computer hardware or electronic equipment that is rendered useless due to unauthorized reprogramming of software/firmware. One insurer might provide coverage for this loss under a cyber liability policy, while another may not.
Exclusionary wording is also a concern. Some policies contain wording that excludes coverage if an insured “failed to ensure that the computer system is reasonably protected by security practices and systems maintenance procedures that are equal or greater to those disclosed in the proposal” or for “failure to continuously implement the procedures and risk controls identified in the insured’s application.”
Risk Management, Coverage Expertise are Key
Professional liability, cyber liability and D&O liability insurance policies designed for tech companies vary widely, making it difficult to make a true comparison of the various insurance products. An insurance broker with expertise in the tech business sector can help discern between the subtle differences in insurance policy language that creates gaps in coverage. They also can help identify and analyze exposures and recommend a risk mitigation strategy.
Tech companies that demonstrate they’ve taken steps to mitigate their risks will get better pricing and terms from insurers than those that do not. In many cases, implementing some simple procedural changes and contract terms will make risks much easier to insure.