news

Why to Rethink Liability Insurance for IT

admin
Spread the love

We live in a litigious society. The past few years have seen increased litigation against IT departments and technology companies. The lawsuits continue to pile on as more data breaches, ransomware attacks, attacks on security and systems and IT errors and omissions occur.

To illustrate:

  • This year, Scripps Health System in San Diego is facing class-action lawsuits stemming from a ransomware attack in April.
  • This year, fuel stations from Florida to Virginia ran dry and prices at the pump rose after Colonial Pipeline voluntarily shut down its operations after a ransomware attack in May.
  • And in a landmark case few of us will forget, Target paid $10 million to consumers and $39 million to banks after hackers broke into its systems and stole personal information in 2013. The CIO lost his job.

The increase in lawsuits indicates that organizations that are hacked are no longer limited to simply redressing injuries with reimbursements to people who had their data stolen. In today’s world, companies are also being sued for derivative damages that go well beyond a heightened risk of identity theft or credit card fraud — such as a downed medical system that causes a patient’s operation to be delayed and that results in death or complications.

The increase of risk (and loss) attributable to technology compromises and malfunctions has many CIOs and insurance campaniles thinking about what kind of liability protections can be obtained to combat losses — and it’s been a difficult road.

On the technology side, there have been challenges because CIOs must now think beyond the simple business liability risk protection insurance that falls under the auspices of the general liability Insurance that companies have had for years. On the insurance side, understanding the issues of cyber and ransomware attacks have been equally challenging. Because of their limited experience with new technology exposures, insurers aren’t always confident as they attempt to determine the types of insurance and coverages they should be providing for technology incidents, or even whether they should offer technology-specific insurance at all.

Despite these challenges, there are insurance options and products available on the market that CIOs and risk managers can regularly assess and discuss with their insurance providers. In some cases, multiple insurance policies may be required to fully cover IT risks, and in other cases insurance companies can offer bundled insurance packages that combine the coverages of what normally would be multiple coverages, which is usually a more economical way to go.

Regardless of how CIOs and risk managers evaluate and obtain liability coverages, there are several insurance liability categories that these decision makers should review.

General Liability Insurance

General Liability insurance covers bodily injury, property damage, injury from defamatory advertising, infringements on copyrights, and reputational harm. In other words, if your company places an advertisement that is deemed to defame an individual or another company, you are covered. If a customer slips and falls and sustains an injury in your data center, you are covered. If there are court and attorney costs associated with a claim against your company, these are covered, too.

The first liability insurance policy for business originated in 1886, so general liability insurance is nothing new. Insurance companies are comfortable underwriting these policies, and many states require even small businesses to carry some type of general liability insurance.

The question is, how much IT does general liability insurance cover? Will it cover damage from a hurricane to your data center? Yes. Will it cover a fall Cyber and Data Breach Insurance

There are many variations of cyber and data breach insurance, so it’s important to evaluate the types of risk you are most concerned about before you go shopping for cyber insurance.

Here is the range of cyber insurance:

  • You can insure yourself against a data breach In short, there are many different permutations of cyber insurance that you should assess against your own company’s risk profile. You can then work together with your insurer to come up with the best package of options.

    Errors and Omissions (EO) Insurance

    These days, technology-intensive companies also carry errors and omissions insurance that is a kind of malpractice insurance for IT.

    For example, if your technology company is hired to get a company’s e-commerce store up and running Typically, an EO policy covers legal fees, court costs, court fees, settlement payments, and legal judgments. This is important coverage for technology startups that are bringing new and innovative products to market that also carry some risk.

    Summing it Up

    The need for cyber insurance and other IT coverages has complicated the insurance picture for both companies and insurers.

    This is why it’s critical for CIOs and others in IT leadership to get together with the company’s risk management group, review the liability insurance that the company currently has, perform a “gap analysis” of risks that current insurance doesn’t cover — and then fill those gaps.

    There are still companies in the SMB space that do not carry cyber insurance. With cyber insurance policies available for as little as $500/year for very small companies, adding cyber insurance to existing general liability insurance makes sense. For mid- to large-sized organizations, carrying ample cyber insurance is an imperative. The only open question is, which types of cyber risks you want coverage for?

    Related Content:

    What You Need to Know About Ransomware Insurance

    What Lawyers Want Everyone to Know About AI Liability

    7 Security Practices to Protect Against Attacks, Ransomware