Expert Commentary

Tech E&O Insurance—A Primer for Risk Managers

Many risk managers wonder about about Technology Errors & Omissions (Tech E&O) insurance: What is it? Why do I need it? How does it work?


Cyber and Privacy Risk and Insurance
November 2003

More and more umbrella insurers are resisting adding any type of errors and omissions (E&O) or professional liability insurance into their policies. As that happens, more companies are forced to reevaluate whether they need E&O coverage. And if they do, they likely will be forced to buy such coverage on a stand-alone basis, at least as it pertains to Technology Errors & Omissions insurance, or “Tech E&O” for short.

What are the most commonly asked questions by many risk managers about Tech E&O insurance? What is it? Why do I need it? How does it work? The purpose of this article is to try to answer these questions for risk managers, to provide a sort of high-level primer on Tech E&O insurance.

Tech E&O Insurance—What Is It? How Does It Work?

Tech E&O insurance is intended to cover two basic risks : (1) financial loss of a third party arising from failure of the insured’s product to perform as intended or expected, and (2) financial loss of a third party arising from an act, error, or omission committed in the course of the insured’s performance of services for another.1

Consider a product failure loss example. The insured sells component parts to a computer manufacturer. The components are installed in the computer manufacturer’s products. The component parts are supposed to perform a certain function, and if they don’t, the computer manufacturer’s product doesn’t work (either at all, or just not as well as it was supposed to work). Six months after the computer manufacturer’s products are in the market, the insured’s component parts stop working.

The component parts don’t explode or otherwise break, so they don’t cause any physical damage to other parts of the manufacturer’s product. They simply just stop working or working as intended, rendering the manufacturer’s product totally useless or less useful. The manufacturer now has to recall its products to replace the faulty component, and has claims against it brought by the purchasers of the product, and perhaps others as well—all who suffer financial loss because of the product failure. The computer manufacturer makes a claim against the insured for all the damages at issue. The foregoing is a product failure example. (It should be noted that most Tech E&O policies exclude product recall, but the better ones except from such exclusion the damages for loss of use of the failed product.)

Now consider an error or omission loss example. The insured is hired to create a computer system or network for a customer, where the system or network is supposed to be able to perform certain functions, like process various transactions being called in from all around the country, or analyze data from sales information to draw certain conclusions on which the customer can act when implementing marketing strategies, strategic directions, etc. The list can go on and on. (Interestingly, when a tech company uses its own products in building such a system or network or other “solution,” it faces both product failure risk and error or omission risk.)

However, once the insured finishes putting the system or network in place, it turns out that it just doesn’t work. It doesn’t draw any conclusions from the data analysis. It can’t process the transactions like it was supposed to, or not fast enough in order to make the system viable. The customer now is in a bad situation. It just paid for something useless, and is suffering financial loss (lost revenue, increased expenses, etc.) because it doesn’t have use of the system that it fully expected to have in place. The foregoing is an error or omission example.

Why Do I Need Tech E&O Insurance?

In my experience, there often are two sources of this question. One is the risk manager’s mistaken belief that Tech E&O risks are already covered by the insured’s commercial general liability (CGL) insurance. The other is the risk manager’s lack of knowledge of whether any of the activities carried out by his or her company fall within Tech E&O activities or otherwise create Tech E&O risk.

Isn't My CGL Policy Sufficient?

Let’s take the first issue. It is true that CGL insurance can cover some of the risks associated with product failure. For example, if the insured’s product fails and causes physical damage to tangible property (i.e., the first prong of the “property damage” definition in a typical CGL policy) other than to the insured’s product, a CGL policy should respond. (It should be noted that in such situations, a Tech E&O policy typically does not respond, because such policies have a “property damage” exclusion.)

However, what happens if the product failure does not cause such physical injury, but just renders tangible property useless or less useful (i.e., the second prong of the “property damage” definition in a typical CGL policy: “loss of use of tangible property that has not been physically injured or destroyed”)? You might be able to run that through a CGL policy, but there are a couple of exclusions that cause problems, one of which is called the “impaired property” exclusion. That exclusion purports to bar coverage when tangible property is rendered useless or less useful because it incorporates the insured’s product or work and that product or work fails. Depending on a number of facts, this exclusion can bar coverage for such a claim. But a Tech E&O policy should be able to respond to such a claim.

These are some of the reasons why Tech E&O insurance is needed. It covers product failure claims where CGL insurance does not. Indeed, some commentators such as myself describe the interplay between CGL and Tech E&O insurance as providing “hand-in-glove” insurance protection; while there might be some overlap in coverage, as far as product failure goes, there should not be any gaps between the coverage. If the CGL doesn’t respond because there is no physical damage and/or the “impaired property” exclusion applies, the Tech E&O should respond. If there is physical damage, then the CGL policy should respond (because of the “property damage” definition therein), but the Tech E&O policy should not (because of the “property damage” exclusion therein).

Do I Even Have Tech E&O Risk?

The other issue that leads to the question of why a company needs Tech E&O insurance is the risk manager’s lack of understanding whether his or her company actually has Tech E&O risk. Increasingly, I have witnessed what I call a “convergence of risk profiles” among historically different types of companies that presented markedly different risk profiles.

For example, I know of media companies and non-tech manufacturing companies that have Tech E&O exposure (and, interestingly, companies that have media liability exposure). Historically, media companies and non-tech manufacturing companies simply did not need Tech E&O insurance, but as society has increasingly moved into the computer age, and especially with the emergence of e-commerce, more and more of these companies face Tech E&O exposure. That is because either at the top level of the company or somewhere down the line in one of the company’s subsidiaries, the company is providing tech products and/or services to others.

The only way a risk manager of a non-tech company can know whether his or her company faces Tech E&O risk is to conduct a risk assessment of the company’s activities, typically by interviewing various company personnel to get an accurate description of what, if any, tech products or services are being provided to others. And, importantly, just mere e-commerce activities, such as business-to-business (B2B) and business-to-consumer (B2C) activities, expose a company to Tech E&O risk. If a company has such exposures, they need to seriously consider purchasing a properly structured Tech E&O insurance program.2

Concluding Remarks

So, those are the basics of Tech E&O insurance. If you are a risk manager who decides you have Tech E&O exposure, you should seriously consider buying Tech E&O insurance if your umbrella insurers have excluded all E&O coverage. Losses in this area, depending on a number of factors, have reached in the tens of millions of dollars. This is not a risk that you want to leave uninsured.


Footnotes

1I have not included in item (2) loss arising from the insured’s business-to-business (B2B) and business-to-consumer (B2C) eBusiness activities. Depending on the policy wording and structure of the program, financial loss of a third party arising from such activities can be covered by a Tech E&O policy. I’m not including it here in this description because most insurers, philosophically, distinguish between traditional Tech E&O risk and this B2B/B2C risk, and therefore exclude cover for B2B/B2C risk in the main policy form, and require additional provisions (and usually additional premium) to buy back the cover.

2To be fair, I do know of a few media liability or general liability insurers that will endorse their policies to pick up B2B and B2C exposure and/or pure financial loss arising from non-tech products and services, and some media companies and non-tech manufacturers have endorsed one or both types of these policies in their programs in lieu of buying Tech E&O insurance.


Opinions expressed in Expert Commentary articles are those of the author and are not necessarily held by the author's employer or IRMI. Expert Commentary articles and other IRMI Online content do not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with your attorney, accountant, or other qualified adviser.

Like This Article?

IRMI Update

Dive into thought-provoking industry commentary every other week, including links to free articles from industry experts. Discover practical risk management tips, insight on important case law and be the first to receive important news regarding IRMI products and events.

Learn More



User ID: Subscriber Status:Free