It seems a major data breach takes place every day, making cybersecurity a topic of great interest to businesses and consumers alike—and for good reason. But while large, household-name companies are the focus of publicity when a breach occurs, the tech companies that provided the system that was breached seldom get much attention, despite the fact that they could be held responsible for what went wrong.
For example, what if a tech business supplied a piece of software to a client, and that software was later attacked or malfunctioned, resulting in a massive data breach or loss of business? Being on that side of a breach can be detrimental as well, especially if the proper insurance coverage is not in place.
Because many technology companies provide services or products to clients, from designing, installing and maintaining software systems to providing the infrastructure necessary for the client’s business to function, they have unique risk exposures should issues occur as a result of their work or product. If a company provides a piece of technology that their client uses to bring in income, and that system malfunctions, the client could potentially sue the tech company for damages suffered as a result of the failure of the product or work provided to that client.
If the malfunction of the product or service results in a data breach for a retail customer, for example, the retail customer will often incur the initial costs and potential reputational damage associated with the breach. These costs can be significant, and the customer may seek compensation from the technology company that provided the product or service.
Imagine the case of a small technology company, for example, that is hired to review a network for security purposes. The network is eventually hacked and experiences a serious data breach—shortly after the client installs the antivirus software and firewalls recommended by their technology consultant.
Or, take the case where a technology company maps out a database maintenance process for a client. The client’s employee accidentally erases irreplaceable sales data when following the newly outlined process—right at the start of the client’s most important sales season.
These scenarios may not have a happy ending for either company if the proper plans and insurance coverage are not in place. A well-written contract is the first line of defense. However without the appropriate errors and omissions (E&O) coverage, a small technology business could sustain a serious financial loss or even face the threat of bankruptcy in trying to respond to this type of claim.
Any business that provides a service to a client for a fee has E&O exposure, so it is important that risk managers bring this to the attention of the company. There is no standard policy that covers all E&O exposures, so it may be helpful for risk managers to consider certain questions to help them identify the business’ particular risks. For example, what could happen if the service is not performed correctly or fails, or if the product they provided to a client malfunctions?
These questions may help the business better understand the value of E&O coverage. Risk managers should also encourage companies to consult with an independent insurance agent about what level of errors and omissions coverage is needed to cover their specific needs as part of an overall risk management strategy.
Are Your Tech Products Setting You Up for Exposure?
|