With Technology, the One Constant is Change

Keeping up with rapid developments is a challenge for professional liability experts

If anything is certain in the world of technology, it’s that it is always changing — rapidly. Electronic and Internet communication devices that were unheard of 10 years ago, maybe even five years ago, are so prevalent now that many businesses would find it difficult to conduct essential commerce without them.

The use of technology for communicating locally, as well as globally, and for facilitating business transactions enhances the ease of doing business but brings with it certain risks that are causing professional liability experts to reevaluate how to protect their clients.

For instance, technology errors and omissions related risks formerly were covered by general liability and property forms, while professional liability forms traditionally covered “any service for a fee,” says Jennifer Smith, vice president of Lockton Companies, the nation’s largest agency. “Now that’s changed quite a bit and it’s morphed into technology E&O coverages, which are really a myriad of insuring agreements” addressing a range of risks, including products, services, media, privacy related concerns and network security.

Content, Distribution Channel Explosion

There has been an explosion in the number of communication devices and the content they are able to seamlessly distribute, says Brian Brown, vice president of Marsh’s National Technology Practice. Through the use of devices such as cell phones and Blackberries, “content is available throughout the world — whenever.” As such, there are huge risks from an international standpoint with the tremendous increase in content and how it flows, Brown said.

“You can get information off your computer, off a cell phone, off a Blackberry. … And you have different companies that are distributing that; whether it’s an ISP, newspapers, radio stations, TV stations,” Brown says.

Exposure may come from any number of sources: blogs, video and audio streaming, network security, unauthorized access, Web sites and even internal security and the passing of trade secrets, Smith says. And some companies may not know their corporation has even been exposed.

Additionally, according to Brown, most companies do not realize the amount of intellectual property they have. “In 1975, for instance, 80 percent of the market cap for companies in the United States was tangible property. … In 2005, that completely flipped, so that 80 percent of the market cap of companies in the United States is based on intellectual property: thoughts, ideas, concepts, patents, copyrights, trademarks, brands.”

Information is an intangible product, says Brown. “You are really working with thoughts, ideas and concepts — as opposed to insuring duct tape, for instance. You know what duct tape is: you can pick it up; you can unroll it; you know what it feels like.

“But when you are insuring a service, like an IT consultant, that is a little harder to get your hands on what they do and how they do it.”

Focus on the Client

Smith says that in order to address the technology risks faced by your client it’s necessary to “really understand what your client or your insured does and how they do it so that you can better protect them.”

One way to do that is to “bridge the disconnect between the information technology people, the legal people and the finance people,” she says.

Smith said underwriters often just deal with “the finance person — the guy who writes the check.” But she finds often that person doesn’t communicate, from a risk and insurance perspective, with the legal or information teams. The financial person may understand that the company has a firewall, but they may not understand that “if that firewall fails, they may be on YouTube the next day.”

So, she said, it’s important to talk with the various divisions within the company. “You may find that they really have great protections in place and that they’re not all that concerned with what’s happening with the company from a technology risk related perspective. Or you may, as I found out one day with one of my clients who shall remain anonymous, their network security was taking their hard drive home with them on the weekends, which concerns me greatly, as you can imagine, especially since they’re in financial services.”

Smith said when it comes to E&O coverage for technology, there’s almost always exposure but the extent of the coverage needed depends on the risk.

“Every business uses technology, so it’s important to understand how your client or how the insured uses technology. Is it just a warehouse for data for them or an administrative platform or a billing platform? Or are they handling e-commerce and personal consumer information and personal identifiable information?”

Managing risk for smaller companies or for those not using technology in a sophisticated way can be facilitated through “other methods of risk transfer … contractual risk transfer, license agreements,” she said. “But again, having that conversation with legal and bridging them to finance will help you answer those questions when you’re in the underwriting process.”

Increased competition

Smith and Brown agreed that like other lines of insurance the market for technology professional liability coverage has become increasingly competitive over the past couple of years.

“In my own personal experience I’ve seen the rates fall rapidly, and sometimes really not commensurate with the type of risk that’s out there,” Smith said. “I think we’ve seen premiums dropping upwards of 20 to 30 percent in many cases.”

Brown said more markets have stepped into the coverage area that was previously dominated by Chubb and Travelers. Standard markets now writing the package-type business include The Hartford, Zurich, CNA and OneBeacon. Additionally, he said, there is more capacity from mono-line E&O players, such as Beasley, Ace and MediaPro, that have melded E&O and network security.

Emerging Issues

One of the biggest issues currently is network security and privacy related concerns, Smith says. Any company that handles personal consumer information (PCI) is going to have exposure. The federal government and the states are continuing to create legislation aimed at protecting personal consumer information, she said. Smith speculated that some 34 states have laws requiring companies to notify those affected if there is a breach in security of personal consumer information.

A perfect example, she said, is “the missing laptop scenario where one laptop may have the Rolodex of an entire organization, and their HR information; … now you have HIPAA exposure and PCI exposure.” But, she said, carriers have responded to the problems, offering coverages for regulatory actions and coverages for required privacy notices. “So the insurers are responding but it is difficult to keep up with the legislation.”

One of the areas Smith would like to see addressed in the technology area is patent infringement. “I am sure that virtually every underwriter on the planet will disagree with me because it has never worked, but I would love to see patent infringement coverage. And I would love to see a more detailed coverage for trade secrets or misappropriation of trade secrets.”

While it is against public policy to insure against a known bad act, companies don’t always know if a misguided or ex-employee, a rogue employee, “is going to inadvertently or on purpose or maliciously, give away that information or that trade secret,” she said.

Another gap in coverage Smith would like to see addressed is business interruption created by technology failures.

“What happens to that company if the software brings them down or a satellite signal brings them down, a GPS signal? That does happen and it happens frequently,” she said. “It can bring on class action litigation, it can bring on SEC litigation and there is ostensibly no coverage for those actions because it wasn’t a physical damage trigger.”