Insurance Advisory Newsletter: ERROR AND OMISSION INSURANCE POLICY AND THE TECHNOLOGY COMPANIES-June 2021 Vol.2

The liability insurance policy that protects a professional/company/organization or entity providing a professional service, against its legal liability to a third party as a result of any actual or alleged negligent act, error, or omission in the performance of the professional duties undertaken during the course of their business is referred to as Errors and Omission (“E&O”) insurance policy. In the medical field, the policy for doctors, dentists, chiropractors, etc. is often called malpractice insurance. The policy for other professionals such as lawyers, accountants, architects, or engineers, is called professional liability insurance. Whether one calls it malpractice insurance or professional liability, it covers errors and omissions that the entity has made or that the client perceives the entity has made. The E&O insurance policy protects the business entity, its workers, subcontractors, consultants, and professionals against the claims made by its customers against negligent or insufficient work in the performance of professional services. In the case of an entity providing services in the field of technology, the vulnerability on account of the complex nature of services agreed contractually with the customer the E&O insurance policy becomes even more relevant and essential.

MAJOR RISK EXPOSURES FOR A TECHNOLOGY COMPANY

Today, most businesses run on information technology enabled services. If such technology fails, it can have a huge impact on their finances and operations; and, if the entity’s business was the one that supplied that technology, the customer can come after the service provider to recover losses. The companies who cater to the requirements of information technology services and product requirements of various industries are referred as the “Technology Company (ies)”. From the perspective of the E&O insurance policy, the Technology Company could be engaged in any of the following services including but not limited to software development and maintenance, infrastructure management services, research and development work, software product development, staff augmentation services, business process outsourcing, data centre services, computer hardware, infrastructure engineering other information technology and information technology, enabled services and related services. The Technology Companies are susceptible to risks regarding their products or work being questioned by their customers who may file a claim alleging the Technology Company’s services are responsible for causing lost profits or business disruption. Apart from the time involved in responding to such claims, the potential costs to defend the company and to settle a claim could be disastrous to the Technology Company’s business, financial standing, goodwill, and reputation if it does not have the right coverages under the E&O insurance policy.

E&O COVERAGES APPLICABLE FOR TECHNOLOGY COMPANIES

The Technology Company may invoke the E&O insurance policy, to cover the costs or defend a claim when the Technology Company is alleged to have caused losses due to errors, omissions or negligent acts related to the products or services contractually provided by the Technology Company to its customer. The Technology Company must identify and include the following coverages in their E&O insurance policy at the minimum:

1) Coverage starting period: Some E&O insurance policies allow retroactive date coverages either from incorporation of the entity or from the inception of the previous or new policy. The Technology Company must evaluate the right starting time for coverage under the E&O insurance policies.

2) Coverage enterprise wide: The E&O insurance policy needs to address the definition of products and services broadly so that it covers the products and services as on the date of claim and not only as on the date of the policy renewal. This coverage is critical for the Technology Company which frequently releases new products.

3) Coverage for both breach of contract and negligence: The E&O insurance policy needs to cover claims arising out of breach of contractual obligations as well as the negligence of the insured.

4) Are there exclusions for delays?: For the Technology Companies that works on project basis, delay in completion of a project is a realistic possibility. The E&O insurance policy if it is excluding the delays should carve out such claims from delay arising out of negligent acts, errors or omissions whatsoever and howsoever incurred in providing information and communication technology services.

5) Is software copyright infringement covered?: If the Technology Company has software copyright infringement exposures, it should ensure that the E&O insurance policy has an extension for claim or claims first made against the insured and reported to the insurance company during the policy period, arising out of the performance of the services for an unintentional breach or infringement of , or unauthorized use of confidential information, trademarks (including trademarks protected by common law rights of passing off), copyrights, moral rights, database rights;

6) An unauthorized security breach or breach of confidentiality: The E&O insurance policy covers all damages resulting from any claim regarding any actual or alleged negligent act, error, or omission in the performance of services resulting in a failure of security of the Technology Company’s computer system or breach of third-party confidential data.

7) Defence Costs: If the Technology Company faces the E&O claim, it could result in legal defence costs, including court costs and attorney fees, and paying any settlements or court judgments. Depending on the claim, the Technology Company could face disciplinary hearings from a regulatory or licensing board. In the course of defending the E&O lawsuit, there is loss of earnings for its time spent in the court and on depositions. The E&O insurance policy covers all these costs as well. Even if the allegations are found to be groundless, thousands of dollars may be needed to defend the lawsuit. Hence it would be in the interest of the Technology Company to procure the E&O insurance policy to cover the exposure of rendering services to its customer.

EXCLUSIONS FROM E&O INSURANCE

Typically, the E&O insurance policy does not respond to the following instances:

1) Employment practices including wrongful termination or harassment are not covered under the E&O insurance policy. One will need an employment practices liability insurance policy to help with these costs.

2) Patents and trade secrets that the Technology Company has taken without permission are also not covered by the E&O insurance if you are sued.

3) Bodily injury or property damage caused by your business would not be covered by the E&O insurance policy. For these claims, one would need a commercial general liability insurance policy. Work-related illnesses and injuries fall under workers compensation insurance.

4) Personally identifiable information that gets lost or stolen by your company on account of any data breaches is not part of the E&O insurance policy coverage. A data breach coverage under a cyber policy insurance policy would help to cover these costs.

5) Willful Negligence, Criminal Intent, Fraud, or such actions that are found to be committed on purpose are not covered under the E&O insurance policy in India.

6) Any claim of payment that would place sanctions on the insurer by government or regulatory authorities is also not covered under professional indemnity insurance. This clause is known as sanctions & limitations.

7) Contractual Liability- In case of failure of service, if you have a contract wherein you have expressly agreed to a certain monetary penalty, then the E&O insurance policy will not cover such payment.

HOW IS E&O POLICY DIFFERENT FROM CYBER LIABILITY INSURANCE

The E&O insurance policy as we understand covers instances of negligence and product failures as well as the errors and omissions of the Technology Company. In contrast, a cyber liability insurance policy helps to protect a business from cyberattacks and data breaches. In the event of some private customer information gets leaked from the insured’s database and if the customer files a claim, cyber liability insurance will be triggered and will help pay for the costs. The E&O insurance policy coverage kicks in when you face a claim or potential claim like situation in course of the professional services being provided to the customer.

Cyber liability insurance on the other hand will be triggered when your company is being attacked by an outsider through a data breach or cyberattack. The E&O insurance policy protects the Technology Company that makes a mistake or forgets to do a critical task that hurts a client financially. These mistakes can range from recommending inappropriate technology to failing to meet project deadlines.

When a customer sues to recover losses, the E&O insurance policy will pay for the insured firm’s legal expenses, including, attorney’s fees, court costs, money paid to settle a lawsuit, related costs such as court and expert witness fees. On the other hand, cyber liability insurance, specifically helps companies address the financial aftermath of a cyberattack or other types of data breach that occurs on its own system. It pays for the costs of investigating the breach, notifying the customers and regulators, managing the ensuing crisis, providing credit monitoring to the affected individual, forensic costs, public relations, and reputational costs. Since these costs affect the policyholder, they are known as first-party costs. The E&O insurance policy is a must have liability insurance which the Technology Company needs to procure to ensure that it is protected against customer claims and risk pertaining to its services.