What you need to know about Tech E&O Claims & Information Risk

What you need to know about

Tech E&O Claims & Information Risk

Presentation Objectives

2

The Technology Business Sector faces distinct liability issues that require customized risk management solutions.

• Errors & Omissions– What is it?– Discuss situations that could lead to an E&O claim for a Tech

professional• Information Risk

– Understand legal and regulatory implications of a data breach where personally identifiable information of clients may be at risk

Technology Environment/Trends

3

Why does the Technology Sector Face Unique Risk Exposures?

• Tech universe is fueled by 80% small firms with less than $20M in revenue

• Global risks from inception with international revenue expected to exceed 49% in three years- Networks & Businesses today are “borderless”

• Continuous innovation

• Size and complexity of Tech risks drive customized E&O/Info Risk solutions

Technology Errors & Omissions

4

What is Errors & Omissions?

• Covers the financial loss suffered by your client when the product or services your company provided fails

• Covers a “wrongful act”: any actual or alleged act, error, omission, neglect, breach of duty;

1. Committed solely in the conduct of “your work”

2. Resulting in the failure of “your product” to perform the function or serve the purpose intended

Technology Errors & Omissions

5

PROPERTYBUSINESS

INTERRUPTION

GENERAL LIABILITY

ERRORS & OMISSIONS

Property Exposures

Liability Exposures

Bodily Injury or Physical Damage Financial Loss

Why Does a Tech Company Need E&O?

6

• The General Liability policy excludes many tech liability issues– “Intangible” property damage or financial loss– Professional exposures– No coverage for programming errors, contract performance

disputes or issues related to data corruption• Differentiator against competitor

• Frequent contract requirement

• Personal Protection

• Defense Costs

Why Does a Tech Company Need E&O? (cont.)

7

• Things go wrong and clients sue – Lack of communication between insured and client– Inability to pay for work performed– Client is acquired, new parents doesn’t like the technology– Vendor oversells capabilities – Ownership of developed software is not clearly defined

Why A Tech Company Needs E&O:

8

Technology E&O Claims: RED FLAGS

9

Watch for clues that there may be an E&O claim lurking…

• Missing deadlines

• Not hitting milestones

• Few large clients/contracts- dependency

• Contracts become extremely important!

I Think I See a Potential E&O…

10

What should you do if you learn of a situation that you think might give rise to an E&O Claim?

• Report as soon as you think there may be a situation!

• No penalty for reporting• With some companies (like CNA) reporting will enable your

company to benefit from free pre-claim assistance

Information Risk (Cyber Liability)

11

Third Party Risks:

Your Responsibility to Others: LIABILITY

• Network Security• Privacy Injury Liability• Need to comply with State Breach

Laws • Regulatory Fines & Penalties• Crisis Management

First Party Risks:

WHAT CAN HAPPEN TO YOU• Loss of Data• Network Extortion• Loss of Business Income• Electronic Theft

Hazards that Cause Information Risk Losses

12

• Virus/Malicious code

• Denial of service attacks

• Hacker attacks/unauthorized access

• Malicious Hardware

No Tech/Low Tech Threats:

• Physical theft of device/media

• Accidental release

• Rogue employees

• Social engineering

Trivia: Define Phishing?

Privacy Liability Exposure

13

Most likely cause of compromise

Lost or StolenHackingWebSE/FraudDisposalSnail MailE-mail

Claims Trivia #1

14

The Retailer

• A mid-sized technology company hosts Web sites for retailers.

• A high fashion boutique relies on Web site availability to generate e-commerce income.

• The technology company’s site is disrupted by a virus.

• The boutique’s ability to generate income is disrupted.

• They sue the tech company to recover lost income.

Trivia Answers…where could the company find coverage?

15

A. Information Risk Policy

B. Errors & Omissions Policy

C. General Liability Policy

D. Social Engineering- Info Risk Policy

E. None of the Above

Claims Trivia #2

16

The Non-Profit• A non-profit charity accepts donations charged to the donor’s credit card. • Donations are accepted by phone or via the Internet. • In some cases, donors authorize the charity to charge a small recurring

monthly donation to the donor’s credit or debit card. • The charity retains donor information, including credit card numbers, to

support pre-authorized recurring donations. A hacker penetrates the charity’s network security and copies the retained card data. The hacker sells the information to an ID theft ring. Later, the stolen information is used to withdraw funds from donors’ bank accounts. The donors sue the charity to recover stolen funds and the cost to repair their credit history.


17






Claims Trivia #3

18

Hartford Hospital Breach- July 26, 2012

• Hartford Hospital in CT announced a breach of protected health information caused by a business associate and affecting 9,558 patients.

• Unencrypted laptop containing PII of Hartford patients was stolen from the home of an employee of a firm called Greenplum, which is a subsidiary of one of the hospital’s vendors, EMC Corp.

• Greenplum was performing data analysis for EMC on behalf of the hospital as part of a quality improvement project related to hospital readmissions)


19






Claims Trivia #4

20

Tech Equipment Installation

• While in the process of installing new cable for a voice over IP system in an office building there is damage to the roof structure which later results in a roof leak.

• Two weeks later the customer suffers significant property damage to their server because the roof leaks in the IT room during an overnight storm.


21






Claims Trivia #5

22

Wal-Mart Hack- July2012

• Wal-Mart store manager in small military town in Canada receives urgent phone call from “Gary Darnell” in the home office in Bentonville, Ark.

• Darnell told the manager Wal-Mart had a multi-million dollar opportunity to win a major government contract, and that he was assigned to visit the handful of Wal-Mart stores picked as likely pilot spots. First he needed to get a complete picture of the store’s operations. He would also need to know the make and version numbers of the computer’s operating system, Web browser and antivirus software.

• In 10 minutes, the thief had pried secrets loose from one of America’s biggest and most guarded corporations.

• Darnell is actually Shane MacDougall- now champion of this year’s social engineering “capture the flag” contest” at the annual Defcon conference


23






Claims Trivia #6

24

Switch Fails to Perform

• A digital telecommunications switch performed erratically, causing a IT Support provider to suffer a significant loss of revenue and reputation when their customers were cut off mid-conversation.

• The IT Support Company sued the switch manufacturer and settled for $8 million.


25






Documents

What you need to know about Tech E&O Claims & Information Risk