Could the technology products you offer leave you exposed?

By Mike Thoma on May 30, 2014

It’s in the news every day: businesses and individuals falling victim to cyber attacks, viruses and technology issues. In fact, there were 1.5 million monitored cyber attacks in the United States in 2013, according to IBM. With all of the attention given to data breaches and viruses, it’s no wonder that other serious risks for technology businesses are often overshadowed.

For example, what if a tech business supplied a piece of software to a client, and that software was later attacked or malfunctioned, resulting in a massive data breach or loss of business? Being on that side of a breach can be detrimental as well, especially if the proper insurance coverage is not in place.

Because many technology companies provide services or products to clients, from designing, installing and maintaining software systems to providing the infrastructure necessary for the client’s business to function, they have unique risk exposures should issues occur as a result of their work or product. If a company provides a piece of technology that their client uses to bring in income, and that system malfunctions, the client could potentially sue the tech company for damages suffered as a result of the failure of the product or work provided to that client.

If, for example, the malfunction of the product or service results in a data breach for a retail customer, the retail customer will often incur the initial costs associated with the breach. These costs can be significant, and the customer may seek compensation from the technology company who provided the product or service.

A well written contract is the first line of defense, however without the appropriate errors and omissions coverage in place, a small tech business could sustain a serious financial loss or even face the threat of bankruptcy in trying to respond to this type of claim. Companies should consult with an independent insurance agent about what level of errors and omissions coverage is needed, as part of an overall risk management strategy.

Having said that, it is important to address the more widely publicized cyber concerns as well, including data breaches and viruses. There has been a definite increase in malware attacks, especially against small businesses. In fact, since 2012, the average loss from a targeted attack is about $92,000, according to Kapersky research from 2013. This can be detrimental to the success of a small business.

To help combat the problem, tech companies should stress the steps that can be taken to minimize risk. All employees should learn how to best protect the information they regularly handle, to help reduce exposure to the business. This includes everything from locking up customer records to keeping passwords strong and confidential.

Ensuring company systems have appropriate firewall and antivirus technology, and that security software patches are regularly updated, will also help lessen the risk of viruses and attacks. After the appropriate software is in place, businesses should evaluate the security settings on software, browser and email programs, to select the system options that will best meet the business needs without increasing risk.

Another vital aspect to consider is the use of mobile devices and public Wi-Fi access for employees since tech businesses often have employees who travel regularly to meet with clients. Businesses should consider establishing usage standards for all employees. For example, to avoid security breaches, employees should be instructed to use public Wi-Fi only in very limited circumstances. Hackers can easily intercept public Wi-Fi, so it is imperative that employees use caution and perhaps avoid the public Wi-Fi when transmitting information. Any data that must not be made public, such as proprietary business or customer information, including credit card numbers, should not be sent or received through public Wi-Fi. Possession of sensitive information on laptops or mobile devices should be discouraged, and if unavoidable, procedures should be implemented to ensure that the data is encrypted.

Having the proper plans in place, including a business continuity plan focusing on important areas of the business, such as supply chain and other general operations, will help a business to avoid and minimize the risk of cyber-attacks. Should a breach occur, there must be a clear protocol to identify those employees who are responsible for the management of the situation, and the actions to be taken, including informing the insurance provider.

A traditional general liability or property policy will not be sufficient to address the issues which may arise from cyber risks or other exposures common to tech companies as these policies do not offer the breadth of protection that will be necessary should a network or information security breach or errors and omissions loss occur. A cyber policy is designed to respond to these exposures, and will generally include the forensic component required to determine the cause of the incident, as well as crisis management expense coverage. These coverages may be critical to allow a technology company to remain in business after an incident.

It may be wise for technology businesses to consider these cyber and related risks just as they would think about planning for natural disasters, such as hurricanes, floods, or fires. Although the disaster itself may be at times inevitable, having a solid plan to handle the worst case scenario will help a company minimize its losses and remain in business.

Mike Thoma is vice president, chief underwriting officer of Global Technology at Travelers