Advisen: What do you see as the greatest risks technology companies face today?
Mike DeHetre of Travelers
Mike DeHetre:There are three major risk areas facing tech companies: cyber risks, errors and omissions exposures, and property risks. According to the recent Travelers Business Risk Index, leaders at technology companies worry about security breaches twice as much as decision makers from other industries, and with good reason. The Ponemon 2013 Cost of a Data Breach Report indicates the average total financial impact of a data breach is about $5 million.
To help combat the problem, tech companies should stress the steps that can be taken to minimize risk. Employees should learn how to best protect the information they regularly handle and help reduce exposure to the business. Such steps range from locking up customer records to keeping passwords strong and confidential.
While cyber issues have received a great deal of attention lately, errors and omissions create a major exposure for tech firms as well. For example, if the malfunction of the product or service a tech company provides results in a data breach for its customer, that customer will often incur the initial costs associated with the breach. These costs can be significant, and the customer may seek compensation from the technology company who provided the product or service that caused the problem.
A well-written contract is of course important when it comes to defining what was expected by the customer and what was delivered by the tech company; however without the appropriate errors and omissions coverage in place, a small tech business could sustain a serious financial loss or even face bankruptcy if their product caused damage to a customer’s business. Therefore, it is critical that companies consult with an independent insurance agent about the appropriate amount of errors and omissions coverage.
Data centers/call centers that contain expensive equipment, or store proprietary information, and back up sensitive information face unique risks in terms of property exposures. If this property is damaged and data is lost, there may be costs involved in replacing the equipment, the structure, and the data.
Advisen: What are the emerging risk issues?
Mike DeHetre: Employers that provide vehicles to foreign employees, for either work or personal use, may be at risk. For example, foreign national drivers may not know the rules of the road or have a valid driver’s license, and if an accident occurs the company may be held liable. It’s important to know an employee’s driving history.
Additionally, if employees are traveling outside of the United States for business, there could be certain risks that require different coverage. Businesses should speak with their agent to better understand the complexities of the situation.
Advisen: Is the insurance industry doing enough to adequately address these risks?
Mike DeHetre: Many insurance companies have developed some form of coverage for cyber-related risks, but the risks of tech businesses extend much further. We are one of the companies that offer package policies specifically customized to the unique risks of tech businesses and include items like errors and omissions and cyber coverages.
Advisen: Are technology companies doing enough to protect themselves?
Mike DeHetre: There are some small tech companies that don’t fully appreciate all of the risks that could impact their business or the steps needed to help prevent problems. A company may be so focused on getting the job done and pleasing the client that it doesn’t stop to consider what unique risks could potentially threaten the business. Talking with an insurance provider and risk management expert is the first step these businesses should take to evaluate their risks and take appropriate actions such as securing the right coverages. Combining this with risk management steps — employee training, outfitting systems with firewall and antivirus technology, and monitoring Wi-Fi and cell phone use in the workplace, etc. – can help limit costly exposures.
Advisen: What do you consider the single most important risk development in the past 12 months?
Mike DeHetre: There has been a definite increase in malware attacks against small businesses since 2012, and the average loss from a targeted attack is about $92,000, according to Karpersky research. This cost can often be difficult for a small business to absorb, and these incidents can also damage a company’s reputation. The fact that cyber attacks are getting more news coverage is a good thing because they are being seen for the serious risk they are. It has caused businesses of all kinds to begin to think about what risks are inherent to them with the technology they use, and to consider their insurance needs in that way.
Though there have been strides in the recognition of cyber risks, it is still something we see small businesses ignore as a threat, either because they believe it won’t happen to them, or they are sure they have adequate coverage in place.
***
Mike DeHetre is vice president, Product Development, Small Commercial, Travelers
Patricia O’Connell writes for the Advisen Risk Network. She has more than 15 years of experience writing about a variety of business subjects, including strategy, the C-Suite, and management. She is the former news editor at Businessweek.com, where she oversaw coverage for the daily web site.
