The Four Corners of a Tech/Internet Policy

Virtually every term in an insurance policy is important in its own way, but the foundation of the policy is the coverage grant describing what activities are included and what types of claims will be covered. Technology and internet risks often need four types of coverage on their E&O policy, but not all major carriers offer the four types of coverage in their base policy forms.

Some carriers have avoided offering some or all of the first three coverages listed below to their internet and tech insureds.

(1) security related risks, including failure to prevent introduction of malicious code, unauthorized access, denial of service attacks and repudiation of access,

(2) intellectual property,

(3) personal injury including defamation, invasion of privacy and other torts, and

(4) other garden-variety E&O claims not falling into one of the other categories.

A review of the market would suggest that companies with strong backgrounds in general liability and other standard commercial lines are sometimes more reluctant to offer coverage in their base forms for personal injury and intellectual property.

The base coverage offering is often more complete when coming from surplus lines companies, and particularly when it’s through a product specifically designed for the industry segment, tech or internet, rather than through a miscellaneous product. Some companies that fall short in their base form may be willing, for some insureds, to extend the policy to other key areas of coverage through an endorsement.

Even in the surplus lines market, however, some companies are still wary of security coverage, either excluding it altogether or significantly limiting coverage by either excluding viruses or malicious code or breaches of security by a third party or taking the opposite approach and excluding breaches by insureds. Another limitation by some carriers is to key their coverage on whether the insured’s systems are under their own control or whether they are managed by a third party (outsourced ). Those carriers will cover one, but not the other.

And among carriers that do offer security coverage without the kinds of restrictions described above, the underwriting appetite will turn on whether the applicant focuses on providing technological security vs. companies whose security exposure is a tangential exposure stemming from their other technology activities.

Some clients may not need (or care to pay for) all the types of coverage available in the marketplace, but if they do, the best place to find it is usually from an E&S market or a market that has developed a specialized internet or tech form.