The professional liability exposure of many industries has changed significantly in the past decade or so, and it’s about time the insurance industry catches up.
Many, probably most, companies now have at least some internet/technology risk in association with their business; for some companies it is a substantial exposure. Even companies that aren’t transacting business online, and collecting names and credit card numbers of customers that may be subject to a data breach, can have multiple exposures posed by the internet and their use of technology in the course of providing business services to others.
But many E&O policies, even newer ones, fall down in one or more respects in addressing those risks. Policies that are class-specific are sometimes drafted to address some of the exposures, but the buyer that may be most at risk of not picking up some of these key coverages is the one purchasing a miscellaneous professional liability (MPL) form. Because the form is used to underwrite many different types of businesses, it typically is not tailored and may not offer key coverages, unless they are specifically requested and negotiated.
What are the risks, and where do policies (at least base forms) sometimes come up short?
Risks that may be insured today include liability arising in the areas of:
(1) Internet and network security-related exposures, including failure to prevent introduction of malicious code, unauthorized access and denial of service attacks.
(2) Intellectual property.
(3) Personal injury, including defamation, invasion of privacy and other torts.
(4) Other negligence-based errors and omissions claims not falling into one of the other three categories.
How do MPL base forms sometimes come up short?
· The form may not specifically say it covers the insured’s activities on its website, and it may not cover certain security-related computer exposures such as unauthorized access or use of computer systems, introduction of malicious code into systems or failure to prevent identity theft or credit/debit card fraud.
· The policy may not cover personal injury torts like defamation or invasion of privacy. When offered, the coverages may be narrowly described.
· The form may not offer coverage for infringement of copyright or for trademark violations.