Expert Commentary

Bringing Order to Chaos: Insurance Issues for E-Commerce Activities

The insurance industry has developed insurance products expressly designed to insure third-party liability and first-party risks related to e-commerce activities. Other insurers counter that new policies are not needed or that it is impossible to underwrite the risks being underwritten by these new policies. Some brokers are responding by selling the new insurance products to startups and the middle market, and creating alternative solutions for the Fortune 1000 by focusing on balance sheet protection with alternative risk transfer mechanisms. The future of such policies is uncertain. This is the first installment in a series of articles discussing these issues. The second article provides a discussion of insurance issues for "first-party" e-commerce risks. The last article discusses insurance issues for "third-party" liability risks associated with e-commerce activities.


Cyber and Privacy Risk and Insurance
May 2000

More and more insurance brokers, lawyers, and commentators are writing about insurance issues for e-commerce activities. This article, the first in a series, attempts to address the issues in a way that such other articles perhaps do not—by trying to bring order to the chaos surrounding these issues. Why say chaos? Because there is absolutely no consensus among the insurance industry, brokerage industry, or policyholder community with respect to how best to address these issues. Everything is in a state of flux.

The last year has seen a growing awareness of the risks inherent in the use of the Internet to conduct business and the continued reliance on internal computer systems, networks, etc., to keep operations running. Responses to this increased awareness include the following.

First, the insurance industry has responded with the development of insurance products expressly designed to insure third-party liability and first-party risks related to e-commerce activities. A handful of insurers have developed these liability policies, which cover, among other things, claims for injury or damage because of a wrongful act, error, or omission in regard to professional services, the spread of a computer virus, the infringement of some form of intellectual property right, the invasion or infringement of right of privacy or publicity, and defamatory conduct.

The first-party policies cover, among other things, lost income and extra expenses because of the "crash" of the insured's computer system or website(s), the denial of access to the insured's website(s) or computer system, or other type of loss of computer data, software, and programs (whether caused by an employee or third person). Such policies also cover extortion risks relating to the insured's computer system and website(s).

Some insurers only sell third-party liability policies. Others sell only policies that insure such first-party risks. Still others sell policies that insure both the third-party liability and first-party risks. But other insurers are responding in a different way—by saying either that the new policies are not needed or that it is impossible to underwrite the risks being underwritten by these new policies (especially in the first-party context).

Second, the policyholder community has responded to the insurance industry response to these issues in different ways. For the most part, Fortune 1000 companies are taking the position that they do not want more stand-alone policies which they have to negotiate, buy, and administer and for which they have to maintain a separate tower of insurance.

In contrast, smaller companies, especially dot com startup companies, are buying these policies (at least the ones for third-party liability risks). They lack the risk manager experience, premium size, and other clout that a Fortune 1000 company can bring to bear when dealing with these issues. Thus, although there may not be a market for much of these new insurance products for the Fortune 1000 companies, there is a growing market for these products among smaller companies.

Third, insurance brokers are also responding in different ways. One broker has taken a lead in developing an insurance product designed to insure third-party liability and first-party risks for e-commerce activities. That broker is Marsh, with its Net Secure product. Other brokers, however, agree with Fortune 1000 companies that e-commerce risks can be addressed by amending traditional policies.

Some brokers perceive the policyholder market differentiation described above, and are responding by selling the new insurance products to startups and the middle market, and creating alternative solutions for the Fortune 1000 by focusing on balance sheet protection with alternative risk transfer mechanisms.

Accordingly, any discussion of e-commerce insurance issues, to be comprehensive, must address each of these variant viewpoints and developments. It cannot simply describe the deficiencies in traditional policies with respect to e-commerce risks and list and summarize the new insurance products for these risks (the basic theme of most of the articles that have been written on this subject). This series of articles will attempt to do just that, and future editions will address, among others, the following issues.

  • What are the e-commerce risks, both from a liability perspective and first-party perspective (the latter including property, crime, extortion, and business interruption/extra expense risk)?
  • What potential gaps exist in traditional insurance policies with respect to e-commerce risks?
  • How can traditional insurance policies be amended to better respond to e-commerce risks?
  • What alternative risk transfer mechanisms are available to finance e-commerce risks?
  • What are the new stand-alone insurance products for e-commerce risks? Who is selling the insurance? What do the policies cover?
  • What issues should be considered/provisions negotiated in stand-alone e-commerce insurance policies?

By addressing e-commerce insurance issues in this manner, it is hoped that all readers will benefit, regardless of whether the reader works directly for or provides insurance, consulting, brokering, legal, or other services to a Fortune 1000 company or startup or middle market company.

Coming Up Next ...

The next article in this series provides a discussion of insurance issues for "first-party" e-commerce risks. The last article discusses insurance issues for "third-party" liability risks associated with e-commerce activities.


Opinions expressed in Expert Commentary articles are those of the author and are not necessarily held by the author's employer or IRMI. Expert Commentary articles and other IRMI Online content do not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with your attorney, accountant, or other qualified adviser.

Like This Article?

IRMI Update

Dive into thought-provoking industry commentary every other week, including links to free articles from industry experts. Discover practical risk management tips, insight on important case law and be the first to receive important news regarding IRMI products and events.

Learn More