Skip Navigation Links.
Collapse IRMI OnlineIRMI Online
Expand How To Use IRMI OnlineHow To Use IRMI Online
My Paid Publications
Expand What's NewWhat's New
Expand DashboardsDashboards
Expand Commercial Liability InformationCommercial Liability Information
Expand Commercial Property InformationCommercial Property Information
Expand Commercial Auto InformationCommercial Auto Information
Expand D&O, PL, E&O, EPLI InformationD&O, PL, E&O, EPLI Information
Expand Workers Compensation InformationWorkers Compensation Information
Classifications and Cross-References
Collapse Risk Mgt. and Multiline InformationRisk Mgt. and Multiline Information
Expand Risk Management -- Why and HowRisk Management -- Why and How
Collapse Free Risk Management and Multiline CommentaryFree Risk Management and Multiline Commentary
Expand Brand Equity and Product RecallBrand Equity and Product Recall
Expand Catastrophe Risk ManagementCatastrophe Risk Management
Expand Corporate AviationCorporate Aviation
Expand Corporate Fraud PreventionCorporate Fraud Prevention
Collapse Cyber and Privacy Risk and InsuranceCyber and Privacy Risk and Insurance
Hacking, Malware, and Social Engineering Threats (January 2012)
SEC Issues Guidance on Cybersecurity and Cyber Incident Disclosure (December 2011)
The Militarization of Cyber Space and the Risks for U.S. Businesses (November 2011)
SEC Requires Disclosure of Cyber Attacks (October 2011)
Massachusetts Enacts Privacy Regulations (September 2011)
Avoiding Privacy Risks: Smile! You're on the Web Camera! (March 2010)
The Developing Legal Standards for Data Security (August 2008)
Privacy and Security Litigation and Enforcement: Growing Risks for Businesses? (May 2007)
Deflecting and Responding to Data Security Breaches (February 2006)
"Media Liability" Coverage in Tech/Media/eBusiness Policies (February 2006)
Variations in "Fraud/Dishonesty" Exclusions in Tech/Media/eBusiness Policies (January 2006)
Insuring Liability for Third-Party Claims Seeking Lost Profits (November 2005)
Addressing Liability Risks for Data Loss from an Insurance and Contractual Risk Transfer Perspective (July 2005)
Addressing Privacy Risk from an Insurance and Contractual Risk Transfer Perspective (May 2005)
Storing Liability: The Increasing Risks of Off-Site Data Storage (May 2005)
Privacy: Outsourcing and the Need for a Vendor Compliance Strategy (March 2005)
E-mail Privacy: Does Your E-mail Take a Pit Stop? (September 2004)
Indemnity and Insurance Provisions in E-Business Contracts (July 2004)
Protecting Data Assets: Not Just a Cyberspace Issue (June 2004)
New Liability Forms and Media, Tech, and E-Business Risks (May 2004)
Protecting Your Employees from Identity Theft (February 2004)
Creating a Privacy Policy Compliant with the New Online Privacy Protection Act (December 2003)
Tech E&O—A Primer for Risk Managers (November 2003)
Going Public: Dealing with the Disclosure Mandate of California's Latest Privacy Law (September 2003)
Cyber Liability Insurance Market Update (August 2003)
Security Requirements in a Privacy World (June 2003)
The Growing Privacy Risk and the Insurance Industry (February 2003)
Insuring First-Party Cyber Risk for Fortune 1000 Companies (November 2002)
Stand-Alone E-Business Insurance: Who's Buying, Selling, and Why? (September 2002)
The End of Computer Virus Coverage as We Know It? (May 2002)
You Say Professional Services, I Say B2B Activities (January 2002)
Is Computer Data "Tangible Property" or Subject to "Physical Loss or Damage"?—Part 1 (August 2001)
Is Computer Data "Tangible Property" or Subject to "Physical Loss or Damage"?—Part 2 (November 2001)
E-Commerce Insurance Issues: A Year in Review (June 2001)
New Stand-Alone E-Commerce Insurance for First-Party Risks? (February 2001)
New Stand-Alone E-Commerce Insurance for Third-Party Liability Claims (Part 1) (December 2000)
New Stand-Alone E-Commerce Insurance for Third-Party Liability Claims (Part 2) (December 2000)
Third-Party Liability E-Commerce Risks and Traditional Insurance Programs (August 2000)
First-Party E-Commerce Risks (June 2000)
Insurance Issues for E-Commerce Activities (May 2000)
Expand Drafting and Interpreting Insurance PoliciesDrafting and Interpreting Insurance Policies
Expand Enterprise Risk ManagementEnterprise Risk Management
Expand Internal ControlsInternal Controls
Expand NanotechnologyNanotechnology
Expand Political RiskPolitical Risk
Expand Risk Management TechnologyRisk Management Technology
Expand SecuritySecurity
Expand Terrorism Risk Management & InsuranceTerrorism Risk Management & Insurance
Expand IRMI InsightsIRMI Insights
Expand IRMI Update Newsletter ArchivesIRMI Update Newsletter Archives
Expand Risk Finance InformationRisk Finance Information
Expand Construction InformationConstruction Information
Expand Personal Lines InformationPersonal Lines Information
Expand Claims, Caselaw, LegalClaims, Caselaw, Legal
Expand Insurance IndustryInsurance Industry
Expand Glossary of Insurance & Risk Management TermsGlossary of Insurance & Risk Management Terms
Expand SearchSearch
Terms of Use
Privacy Statement
System Requirements
Support

Bringing Order to Chaos: Insurance Issues for E-Commerce Activities

May 2000

The insurance industry has developed insurance products expressly designed to insure third-party liability and first-party risks related to e-commerce activities. Other insurers counter that new policies are not needed or that it is impossible to underwrite the risks being underwritten by these new policies. Some brokers are responding by selling the new insurance products to startups and the middle market, and creating alternative solutions for the Fortune 1000 by focusing on balance sheet protection with alternative risk transfer mechanisms. The future of such policies is uncertain.

by Michael A. Rossi
Insurance Law Group, Inc.

More and more insurance brokers, lawyers, and commentators are writing about insurance issues for e-commerce activities. This article, the first in a series, attempts to address the issues in a way that such other articles perhaps do not—by trying to bring order to the chaos surrounding these issues. Why say chaos? Because there is absolutely no consensus among the insurance industry, brokerage industry, or policyholder community with respect to how best to address these issues. Everything is in a state of flux.

The last year has seen a growing awareness of the risks inherent in the use of the Internet to conduct business and the continued reliance on internal computer systems, networks, etc., to keep operations running. Responses to this increased awareness include the following.

First, the insurance industry has responded with the development of insurance products expressly designed to insure third-party liability and first-party risks related to e-commerce activities. A handful of insurers have developed these liability policies, which cover, among other things, claims for injury or damage because of a wrongful act, error, or omission in regard to professional services, the spread of a computer virus, the infringement of some form of intellectual property right, the invasion or infringement of right of privacy or publicity, and defamatory conduct.

The first-party policies cover, among other things, lost income and extra expenses because of the "crash" of the insured's computer system or website(s), the denial of access to the insured's website(s) or computer system, or other type of loss of computer data, software, and programs (whether caused by an employee or third person). Such policies also cover extortion risks relating to the insured's computer system and website(s).

Some insurers only sell third-party liability policies. Others sell only policies that insure such first-party risks. Still others sell policies that insure both the third-party liability and first-party risks. But other insurers are responding in a different way—by saying either that the new policies are not needed or that it is impossible to underwrite the risks being underwritten by these new policies (especially in the first-party context).

Second, the policyholder community has responded to the insurance industry response to these issues in different ways. For the most part, Fortune 1000 companies are taking the position that they do not want more stand-alone policies which they have to negotiate, buy, and administer and for which they have to maintain a separate tower of insurance.

In contrast, smaller companies, especially dot com startup companies, are buying these policies (at least the ones for third-party liability risks). They lack the risk manager experience, premium size, and other clout that a Fortune 1000 company can bring to bear when dealing with these issues. Thus, although there may not be a market for much of these new insurance products for the Fortune 1000 companies, there is a growing market for these products among smaller companies.

Third, insurance brokers are also responding in different ways. One broker has taken a lead in developing an insurance product designed to insure third-party liability and first-party risks for e-commerce activities. That broker is Marsh, with its Net Secure product. Other brokers, however, agree with Fortune 1000 companies that e-commerce risks can be addressed by amending traditional policies.

Some brokers perceive the policyholder market differentiation described above, and are responding by selling the new insurance products to startups and the middle market, and creating alternative solutions for the Fortune 1000 by focusing on balance sheet protection with alternative risk transfer mechanisms.

Accordingly, any discussion of e-commerce insurance issues, to be comprehensive, must address each of these variant viewpoints and developments. It cannot simply describe the deficiencies in traditional policies with respect to e-commerce risks and list and summarize the new insurance products for these risks (the basic theme of most of the articles that have been written on this subject). This series of articles will attempt to do just that, and future editions will address, among others, the following issues.

  • What are the e-commerce risks, both from a liability perspective and first-party perspective (the latter including property, crime, extortion, and business interruption/extra expense risk)?
  • What potential gaps exist in traditional insurance policies with respect to e-commerce risks?
  • How can traditional insurance policies be amended to better respond to e-commerce risks?
  • What alternative risk transfer mechanisms are available to finance e-commerce risks?
  • What are the new stand-alone insurance products for e-commerce risks? Who is selling the insurance? What do the policies cover?
  • What issues should be considered/provisions negotiated in stand-alone e-commerce insurance policies?

By addressing e-commerce insurance issues in this manner, it is hoped that all readers will benefit, regardless of whether the reader works directly for or provides insurance, consulting, brokering, legal, or other services to a Fortune 1000 company or startup or middle market company.

Opinions expressed in Expert Commentary articles are those of the author and are not necessarily held by the author's employer or IRMI. Expert Commentary articles and other IRMI Online content do not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with your attorney, accountant, or other qualified adviser.
Advertisements
    
 
© 2000-2012 International Risk Management Institute, Inc. (IRMI). All rights reserved.