A type of insurance designed to cover providers of technology services or products. For example, data storage companies and website designers provide technology services, while computer software and computer manufacturers offer technology products.

Tech E&O policies cover both liability and property loss exposures. Major liability insuring agreements include losses resulting from: (1) technology services, (2) technology products, (3) media content, and (4) network security breaches. Key property insuring agreements provide coverage for extortion threats, crisis management expense, and business interruption.

Tech E&O insurance is often confused with cyber and privacy insurance. In contrast to tech E&O coverage, cyber and privacy insurance is intended to protect consumers of technology products and services. Nevertheless, cyber and privacy insurance policies do offer a number of the same insuring agreements as tech E&O policies.

An insuring agreement contained within policies written to cover claims caused by data breaches. Such policies are most often termed "cyber and privacy insurance," "information security and privacy insurance," or "cybersecurity insurance."

This insuring agreement covers the insured's liability for damages resulting from a data breach. Such liability most often results from (1) loss, theft, or unauthorized disclosure of personally identifiable information (PII) in the insured's care, custody, and control; (2) damage to data stored in the insured's computer systems belonging to a third party; (3) transmission of malicious code or denial of service to a third party's computer system; (4) failure to timely disclose a data breach; (5) failure of the insured to comply with its own privacy policy prohibiting disclosure or sharing of PII; and (6) failure to administer an identity theft program required by governmental regulation or to take necessary actions to prevent identity theft. In addition, this insuring agreement covers the cost of defending claims associated with each of these circumstances.

The information security and privacy liability insuring agreement is the true liability coverage component of a cyber and privacy insurance policy because it pays actual liability losses sustained from claims made against the insured by various parties. In contrast, the privacy notification and crisis management expense coverage insuring agreement addresses the so-called immediate response costs associated with a data breach, making payments on a "no fault" basis and without admission of liability.

Similar to other cyber and privacy insurance policies, information security and privacy liability coverage is subject to an annual aggregate limit and an annual aggregate deductible.

An insuring agreement contained within policies written to cover claims caused by data breaches. Such policies are most often termed "cyber and privacy insurance," "information security and privacy insurance," or "cybersecurity insurance."

Privacy notification and crisis management expense coverage includes the cost of (1) hiring a forensics expert to determine the cause of the breach and suggesting measures to secure the site and prevent future breaches, (2) hiring a public relations agency to assist the insured in dealing with the crisis, (3) setting up a post-breach call center, (4) notifying affected individuals whose personally identifiable information (PII) has been compromised, (5) monitoring these individuals' credit (usually for 1 year), and (6) paying the costs to "restore" stolen identities as a result of a data breach (e.g., expenses of notifying banks and credit card companies).

Privacy notification and crisis management expense coverage addresses the so-called immediate response costs associated with a data breach. This insuring agreement makes payments on a "no fault" basis and without admission of liability (as is the case under "medical payments" coverage, included in a homeowners or personal auto policy (PAP)). The intent of such payments is to discourage affected customers from making claims associated with a data breach. In contrast, the information security and privacy liability insuring agreement is the true "liability" coverage element of a cyber and privacy policy since it responds to lawsuits and pays liability losses from claims made against the insured by various parties.

Similar to other cyber and privacy insurance policies, privacy notification and crisis management expense coverage is subject to an annual aggregate limit and an annual aggregate deductible.

An insuring agreement contained within policies written to cover claims caused by data breaches. Such policies are most often termed "cyber and privacy insurance," "information security and privacy insurance," or "cybersecurity insurance."

This insuring agreement covers the costs of dealing with state and federal regulatory agencies (which oversee data breach laws and regulations), including (1) the costs of hiring attorneys to consult with regulators during investigations and (2) the payment of regulatory fines and penalties that are levied against the insured (as a result of the breach).

Regulatory defense and penalties coverage is one of the rare types of insurance that affirmatively covers fines and penalties. (Most types of insurance exclude these items because covering fines and penalties is usually considered contrary to public policy.)

Since data breaches typically involve customers residing in multiple states and because each state has its own unique set of laws and rules, regulatory defense and penalties coverage is especially valuable, given the need for insureds to deal with multiple sets of regulators.

Similar to other cyber and privacy insurance policies, regulatory defense and penalties coverage is subject to an annual aggregate limit and an annual aggregate deductible.