When thinking of protecting a tech company’s exposures, agents and brokers immediately look to address both its E&O and cyber risks. But too often these exposures are written on two separate policies –an E&O policy and a Cyber policy – which can result in coverage gaps for clients.
Tech companies are in a unique position because of the services they provide. Which of the two policies would respond in the event of a loss depends on the cause of the loss, causing potential disputes and the possibility of a lack of coverage. To alleviate problems and provide adequate coverage, a Tech E&O/Cyber policy that addresses both a client’s E&O and cyber risks is the smart solution.
The Blurred Line of E&O and Cyber Exposures for Tech Companies
“A tech company, whether a software development company, cloud-computing provider, network provider, or a social media platform, requires an E&O policy to protect against potential financial losses to their clients as a result of the services they provide and the work they perform,” explains Adam Connor, RPS Producer.
“For example, a tech company is hired to install a new e-commerce system for a retail client with a deadline of six months. To meet the agreed-upon deadline, the tech company rushes its quality assurance process, causing the system to crash. Clients are unable to purchase products online and the retailer loses revenue during this business interruption. This is a clear E&O exposure.
“But let’s say that while the tech company was working on the e-commerce component in the client’s network, a breach occurs and information is compromised. Was the breach the result of the tech services being provided or was it caused by a malicious code that was passed from the tech company’s network to the client’s system? Is this an E&O or cyber issue? It’s unclear.”
And therein lies the rub.
A Combo Policy Is the Way to Go
A combined Tech E&O Cyber policy will cover the loss whether it’s deemed to be a result of the services being provided or due to a cyberattack, eliminating the gray area that exists when you have two different policies.
“This policy covers both first- and third-party cyber risks for tech companies,” Connor says. “It’s designed to respond to exposures to the technology company’s own system if its data is breached or compromised via a virus, phishing, ransomware, extortion, etc. The policy is also designed to respond to third-party cyber-related exposures if the tech company is sued by its client for financial loss and is found responsible.”
Inside the RPS Tech E&O Cyber Policy
Target industries include communications, social media, software, technology services and technology manufacturing. Available limits are up to $5 million for companies with revenues up to $25 million. Additional services include access to the carrier’s cyber center, cyber risk-mitigation tips, and preventive cyber services.