“We are experiencing a financial meltdown due to a fundamental misunderstanding and mismanagement of modern financial systems, which is generating a crisis of confidence in our core institutions. Today, all our critical infrastructures are reliant on cyber systems that are also misunderstood and mismanaged These vulnerabilities place both our financial and physical security in jeopardy unless we update the method we use to control our cyber systems”
Cyber Liability is one of top four priority security issues– Department Of Homeland Security
The estimated 2004 impact of cyber attacks on business was $226 billion– Congressional Research Service
A new guide from The American National Standards Institute (ANSI) and The Internet Security Alliance (ISA) is available to business executives to assist in limiting the impact of a cyber attack.
Over the past two and a half years, there have been over 225 million reported consumer data breaches. This year alone, there have been more than 30 million reported security breaches of consumer data. No one knows the actual numbers since it is suspected that most security breaches are unreported.
Most tech firms and regular businesses with exposure don’t have insurance to cover this exensive peril. Liability for the following categories of expenses are common in these breaches of security:
*Class action lawsuits
*Regulatory fines, fees, penalties
*Statutory notification expenses
Tech companies that collect confidential information or assist clients that do the same must make sure that their Professional Liability / Errors & Omissions policy is specially endorsed to respond to breach of security lawsuits. Non tech companies with exposure must make sure that their Cyber Liability policy does the same.
Source: S.H. Smith & Company, Inc. E Bulletin, 10-19-08
IT professionals such as computer consultants, web designers, programmers, system integrators, etc. face lawsuit risks from their clients and users of their client’s services. The most common sources and corresponding insurance policies are outlined below:
1. Bodily Injury And Property Damage Liability (General Liability)
2. Personal Injury And Advertising Injury Liability (General Liability or Errors & Omissions Liability)
3. Negligent Acts, Errors, Omissions In Performance Of Professional Services Resulting In Economic Damages (Errors & Omissions Liability)
4. Intellectual Property Infringements such as copyright, trademark, etc. (Media Liability)
5. Breach Of Security (Unauthorized Access, Computer Virus, Denial Of Service)
We were recently approached by a small tech prospect who requested a $10,000,000 Errors & Omissions Liability limit (AKA Professional Liability) to comply with contractual requirements of a project owner. Our primary E&O market for tech accounts is approved to handle limits only up to $5,000,000. Our MGA provided quote indications for an excess layer for an additional $5,000,000 from two carriers. However, the minimum premiums for this excess layer were $25,000 and $30,000 respectively.
Any carrier providing a limit approaching $10,000,000 will be wary of why the project owner would require such a high limit in the first place. This is likely to be a red flag that the type of work is high risk and as a result the underwriters will closely scrutinize such a submission.
