Companies that wish to have higher limits of insurance than their primary (or umbrella) insurance companies are willing to provide usually can purchase excess insurance policies. Excess policies respond to losses above the limits of the primary layer of coverage. A company may purchase multiple layers of excess coverage from different insurance companies, creating a tower of coverage, with the primary layer at the bottom, and one or more excess layers at the top.
Many excess insurance policies are written as “follow-form” coverage. That is, rather than containing a full set of terms and conditions themselves, the excess policies “follow form” to, or incorporate by reference, the terms and conditions of a policy in a lower layer. Follow-form excess policies therefore tend to be shorter than policies that need to set out all of their own terms. The general idea behind follow-form excess coverage is to provide a seamless tower of coverage to the policyholder to respond to large losses.Despite their brevity, the mechanics of follow-form excess policies do not always work as smoothly as intended. This post sets out a number of traps for the unwary that sometimes are hidden within excess insurance policies. As described below, most of these can be avoided if policyholders and their advisors are vigilant when purchasing excess policies, and stay away from those with language that could lead to unintended results.  Continue Reading Avoiding Traps for the Unwary in Excess Insurance Policies

Insurance coverage lawyers and commentators have drawn considerable attention to state and federal data protection statutes in recent years. E.g., Freya K. Bowen, “Beyond GDPR: Insurance Coverage for Emerging Cybersecurity and Privacy Regulatory Exposure,” Perkins Coie Tech Risk Report (April 10, 2019), available here. Statutes governing the collection and use of biometric data have received much less attention, even though several states have passed such statutes and other states presently have some version under consideration. As previously noted in this blog, Jim Davis, “Biometrics Liability on the Rise: Are you Covered?” Perkins Coie Tech Risk Report (May 8, 2019), available here, these statutes apply to data as diverse as fingerscans DNA swabs, and even, potentially, facial recognition scans. Companies may be subject to regulatory actions or private litigation for violations, and, naturally, may seek insurance coverage for the resulting exposure. Some of these insurance claims will be subject to the same issues arising with claims relating to other data protection or privacy statutes, while other claims will raise specific insurance concerns unique to biometric data. Although these statutes are quite new, several recent cases help give policyholders a good indication of where the key risks may lie. Policyholders with exposure to these statutes should ensure that the appropriate insurance coverage is in place.  Continue Reading Employee Biometric Data: Are You Covered for Collecting or Using It?

If your business gets hit with a demand letter or lawsuit, your first inclination might be to get rid of the problem as soon as possible. In the tech world, particularly for companies that are just getting off the ground, the last thing you need is expensive litigation to burden your bottom line, or adverse publicity that could give an edge to your competitors.

Most business owners procure basic insurance protection as part of their standard business operations. As the business grows, insurance coverage and limits are broadened. But the pressure to get rid of claims fast can make even the most prudent business executive take a “settle now, check other boxes later” approach. This might be a big mistake—and one that could be easily remedied by taking some simple early steps.

Most insurance policies contain “no action” and/or what is known as “no voluntary payment” or “no voluntary settlement” clauses. These clauses typically look like this:

No insured will, except at that insured’s own cost, voluntarily make a payment, assume any obligation or incur any expense other than for first aid, without our [that is, the insurer’s] consent.

Continue Reading The Risk of Settling Claims Too Quickly

One of the best features of the digital age is the improved utility of access to data, allowing customers, employees, vendors, and business partners to synthesize large amounts of information and remain connected in real time. This previously-unimaginable level of access has been augmented by the invention of easy-to-use security features that enable businesses to simultaneously protect their data and maximize the utility of that data by making it widely available. But with this improved utility also comes a risk of being hacked, even if protections are in place, and of resulting liability for unauthorized access to data.

A promising technology for improving security and mitigating the substantial risks associated with password-based data security are biometric-enabled access controls. This technology limits access to data by verifying authorized users’ biometric identifiers, such as by recognizing users’ faces, fingerprints, voices, and/or irises. Biometric access control technology can also provide easy-to-use access to secure physical facilities. In today’s physical security environment, which has been informed by the rise in terror attacks and mass shooting events, the demand for secure facilities has increased dramatically. Use of complex numeric passwords provides too many barriers to entry and opportunities for compromise as individuals tend to select easy-to-remember, and hence easy-to-crack, passwords. And where physical access cards are required, those are equally easy to compromise as cards are frequently lost or even loaned. Biometric access control systems, therefore, appear to provide a simpler and more effective method of securing both data and physical premises without the same level of risk.  Continue Reading Biometric Access Control Systems Offer Great Utility but Create Associated Risks Requiring the Right Insurance Coverage

The ability to build and maintain strong relationships with business partners and vendors is an essential requirement for any business seeking long-term success. This is especially true in the fast-paced technology sector, where a company’s ability to put its innovative ideas to work often depends on its access to outside capital and its skill in turning connections into contractually-bound partners, vendors, clients, and customers. The unfortunate corollary to the need for technology firms to build and maintain relationships with outside partners is, of course, that no relationship is perfect. Not all partnerships are built to last. That reality raises an all-important question: how do you prepare your firm for the inevitable day when one of its business relationships sours?

As my colleague Linda Powell discussed recently, firms that provide technology services and products can manage their relationship-based risk by purchasing Technology Errors and Omissions (Tech E&O) insurance. Alternately known as Technology Professional Liability Insurance, Tech E&O insurance is likely to respond to demand letters, claims, or lawsuits brought against your firm by dissatisfied business partners, vendors, or customers who believe that your firm has committed an error or made an omission that caused financial harm. Continue Reading When Business Relationships Go Bad: Maximizing Your Technology Professional Liability Coverage for Breach of Contract Claims

Wildfires have wreaked havoc on, and caused incalculable losses to, individuals and businesses in California over the last three years. These disasters—caused by a series of conflating events, including massive shifts to the climate—are not limited to the Golden State, as fires have devastated many western communities, and fires as well as other unprecedented weather events, including hurricanes, flash flooding, cyclone rains, and extreme-cold freezes have disrupted businesses across the world.

Most businesses know how to protect their physical offices and facilities with commercial property insurance, including business interruption coverage, in case they are directly affected by physical disasters. But, in today’s business environment, a company may be closely tied to and dependent on third-party suppliers. What happens if a major player in your supply chain is adversely affected by one of these (unfortunately) all-too common climate disasters? Unless you operate at ground zero in vulnerable environmental zones, you may not be aware of the fact that your vendors may be the ones most directly affected, and this might have a devastating ripple effect on your ability to operate a successful business. Continue Reading Are Climate Events Threatening Your Supply Chains?

Most firms that provide technology services or products have insurance to protect them against the risk that a dissatisfied customer will bring a claim or a lawsuit against them for damages arising out of the company’s products or services. It is very likely that such firms purchase general liability insurance, which is an important product that covers many different risks, including property damage, bodily injury, advertising injury, and other business-related claims. Most importantly, general liability insurance policies often require the insurer to defend the company in the event of litigation, making it a particularly valuable type of insurance. But will general liability insurance protect your tech company in the event of a claim by a client for purely financial damages? The short answer is, probably not. This is the reason for tech firms to consider a Technology Errors and Omissions (Tech E&O) policy as part of their overall coverage program. Using the examples below, this article discusses the coverage such policies can provide.

Example 1: Tech Product

Let’s say your company designs and provides building design software to architecture firms. Due to a problem with your software, several architectural designs for major projects have incorrect specifications, which impact many large projects. As a result, your company’s clients lose revenue because they have to revise the design plans for these projects, which takes additional weeks of architect time. If the architects then sue your company for damages, it will have to defend itself in the lawsuit and possibly pay a settlement or judgment to the architecture firms.  Continue Reading Technology E&O Insurance

As the risks associated with cyber liability continue to evolve, so do the insurance products that are theoretically meant to protect against those risks. As the insurance industry attempts to keep pace, the applications that insurers are using to capture the data they believe is necessary to underwriting these risks are also evolving and vary to a large degree. Regardless of whether an application is long or short or seeks information in generalities or in detail, all prospective policyholders must take care in completing these applications, enlisting the help of a data security professional (whether within the organization or a consultant) and possibly of a good broker that specializes in this area. Indeed, a failure to provide accurate information could cause an insurer to resist providing coverage for a claim, or attempt to rescind the policy, on the purported grounds that there was a material misrepresentation in the policy application.

This article first provides an overview of the key categories of information that most cyber-liability insurance applications seek, followed by some of the key principles of which a policyholder should be aware in the event an insurer attempts to deny a claim or rescind a policy based on alleged misrepresentations or omissions in the policy application.  Continue Reading Filling Out a Cyber Insurance Policy Application: Do Not Give Insurers a Material Misrepresentation Defense

Data breaches are up significantly in 2019, exposing billions of confidential records and costing companies millions of dollars on average per breach. Security experts counsel their clients that data breaches are inevitable as even the largest, most secure systems may be breached. In spite of this environment, many tech companies are woefully unprepared to respond to a cyber intrusion, data breach, or other cyber-related event. Are you ready?

As insurance coverage lawyers, we often work with clients to confront this organization-wide challenge after a breach has occurred. The better approach, however, is to prepare in advance by understanding your risks, building a team, securing and monitoring your data, having a well developed and rehearsed response plan, and tailoring your insurance program to a possible breach. Additionally, having counsel involved throughout the preparation and response process is critical to protect privilege, minimize legal liability, and maximize insurance coverage.  Continue Reading Preparing for Data Breaches: Data Mapping, Response Team and Insurance

This author has previously discussed the inevitability of security hacks and attempts to require companies holding third-party data to pay some type of damages to the alleged victims of a hack. Even though damage from such hacks is often hard to prove, those who claim to have been victimized and their lawyers, who often operate on contingencies, will continue to file lawsuits that often result in the imposition of at least defense costs and, at times, of some indemnity payments. Hacked companies also suffer actual damage from loss of customers when the hacks are reported as required by multiple laws. Companies should thus take reasonable precautions against data breaches. But if a company takes such reasonable precautions, it should be able to buy insurance for the inevitable hack that actually provides coverage for resulting defense expenses, indemnity payments, and loss of business income. Continue Reading Watch Out for the Statutory/Governmental Exclusion and Any Restriction on Paying Ransom Demands for Malware Attacks