The five hidden risks faced by technology companies

A majority of technology companies are under insured and exposed to hidden risks that could ruin their business. So says The Stratton Agency, an IIABA Best Practices provider of insurance brokerage, risk management and insurance technologies, that has released its finiding related to five key risks these companies can address to protect their business.

"Not all insurance policies are alike," says James Marek of the Stratton Agency. "Insurance that's not tailored to the needs of a technology company may not provide the protection that's needed. Understanding the hidden risks that tech companies face can help ensure that your business is adequately protected."

The two business insurance policies needed most by tech companies to protect their business are a business owner's or general liability (GL) policy, and an errors & omissions (E&O) policy. GL covers property damage and personal injury, while E&O protects the company against claims that its technology does not work as advertised or does not meet required specifications.

Tech businesses are often required by their customers to have GL coverage, but they frequently lack E&O coverage, even though tech companies are typically at great risk of being sued.

Even with both policies in place, tech businesses still face many hidden risks. Owners and managers can better protect their tech business by understanding the following five risks and working with their agent to close any gaps in coverage:

1. Lack of disaster planning. A lawsuit or a natural disaster can put you out of business, unless you have the right insurance coverage. Most businesses don't. According to recent studies, 60 percent of U.S. companies are underinsured. That's a big reason why 60 percent of companies that experience a catastrophic event never reopen for business.

Every business needs to be protected against potential disasters, but especially tech companies, which typically have a higher exposure, because of investments in computer equipment, and the associated high cost to recreate or restore lost data.

To reduce risk, ithe agency recommends companies meet with their insurance agent to review coverage, identify any gaps and ensure that they are covered in case of a natural disaster, such as a hurricane or tornado.

An agent can also help a company develop a business continuity plan. Disasters strike without warning, so it's important to be prepared before a disaster takes place. Include remote locations, key vendors and suppliers in its plan.

2. Tech insurance exclusions. GL policies often exclude claims arising from software and programming. Likewise, E&O policies often exclude information security breaches and copyright infringement on computer code.

Companies should make certain their insurance includes this coverage. The GL policy should also include coverage for professional services, bodily injury, property damage, and personal and advertising injury arising from software or programming. The E&O policy should include coverage for information security, breach of warranties and representation, virus transmission, and copyright infringement of software code.

An organization must be certain to have an insurance agent who understands the risks, including emerging risks, facing tech companies, and that it has expertise in building programs for tech companies.

Make sure that an insurer with products specific to tech companies like yours. Special coverage may be available for sectors such as information technology, electronics manufacturing and telecommunications.

3. Cyber liability confusion. Cyber incidents are increasingly common, with nearly half of all companies having experienced a data breach. Cyber incidents may also include contamination from viruses or malware, theft of laptops or mobile devices, denial of service attacks, insider abuse and negligence.

The probability of a tech company experiencing a cyber incident is high, yet only one business in 10 has cyber liability coverage.

For comprehensive coverage, an organization will need to add cyber liability coverage to both its GL and E&O policies.

4. Security measures based only on cyber crime. Tech companies and security consultants often focus on increasing network security to reduce risk. While network security is important, training employees about data security costs less, may be just as important and is often overlooked.

Cyber crime attracts most of the attention, but an even greater number of data breaches are caused unintentionally by employees and contractors.

5. Vague claim reporting policies. For a professional liability claim to be covered, it typically must be reported within either 60 or 90 days, depending on how the policy is written.

However, some insurers start the reporting period before a lawsuit is even filed. A heated discussion or the threat of a lawsuit may be enough to trigger the reporting period, even if management is unaware that it took place.

Vague policies can put a claim at risk, so the company must make certain its insurer has clear reporting procedures. Some policies don't begin the reporting period until the company is notified that a lawsuit has been filed. The policy should also define who must report the claim and what duties that person has when informing the insurer.

An organization may also want to consider adding an extended reporting period to its policy.

Finally, as an integral member of the risk management team, an attorney should review all contracts to ensure they do not run counter to any liability policy. If a company enter into a contract that is at odds with its liability policy, a claim may not be covered and the policy may not be renewed.

For more information about hidden risks faced by tech companies, please contact the Stratton Agency or visit