Cyber Incident? Get Help

Coalition Coverage: Technology E&O extension reduces third-party liability risk

Blog_EngineeringVision-3.png

The last thing you want is to have your business disrupted by a security failure. This series explores Coalition’s coverage and how it can help your organization in the event of a claim. However, insurance coverage can vary depending on different underwriting factors. The following descriptions are intended to provide a generalized summary of coverage offered by Coalition’s cyber insurance policy. You should review your Coalition cyber insurance policy for specific details about your coverage. If you are not a policyholder, you can speak to one of our brokers today for more details.

Software as a service (SaaS) companies have greater exposure today than ever before. This is because they’re not just responsible for building software and maintaining server uptime but also for protecting the data their customers store on their platform and its servers.

To help mitigate their risks, technology companies need to secure the right cyber and technology E&O insurance. Doing so can protect the SaaS business when customers who rely on the SaaS platform experience a data breach or a significant amount of downtime resulting from an operational error caused by the SaaS company.

For example, one SaaS provider was held liable when one of their customers alleged economic harm due to an error in their custom SaaS code. They sued the SaaS provider claiming damages, including lost sales and extra expenses resulting from the need to find an alternative method of operation during downtime resulting from the error. While the customer wasn’t successful in their suit, the SaaS provider incurred significant costs defending the claim.

Technology Errors & Omissions (E&O) insurance can protect technology companies against claims like this where its technology services or product fails, resulting in customer claims and/or damages. Tech E&O, which can cover the cost of hiring privacy attorneys, IT forensic investigation, state-by-state notification to impacted individuals, and other defense costs, is available as an extension to Coalition’s base cyber insurance policy. This coverage extension is also available to technology consultants, who may not be developing the software but are helping clients select the software, configure it to their business operations, and migrate data from old to new platforms.

Coalition understands both tech and cybersecurity

When it comes to selecting the right insurance partner for Technology E&O coverage, it’s not only about the price coverage will cost your business. The right partner will be able to offer you coverage, along with specialized expertise to help determine the validity of any claims. They will also have a thorough understanding of cybersecurity and its overlap in technology. Coalition offers all of that and more.

Also, what if a mistake in coding causes your software to be corrupt or results in the failure to save a client’s data? What if a bug or unpatched vulnerability enables a cyber attack that exposes client data to threat actors? What if your business is subject to regulatory investigations and fines due to your software’s failure to safeguard patient or customer data on behalf of your clients (for example, as a Business Associate under HIPAA per Covered Entities and Business Associates)? It’s crucial in these situations that your insurance partner not only understand traditional tech but to hold expertise in cyber incident forensics and responses techniques. Coalition does all that.

Five risk management best practices to reduce third-party liability

In addition to protecting a business from third-party liability with Coalition’s cyber coverage, there are risk management practices we recommend tech businesses implement to reduce the possibility of claims arising.

  1. Understand each customer’s needs before entering into a business contract with them. While this tip is useful for contractual relationships outside the tech area, it’s especially crucial when working on requests for custom deliverables in the software space. Before signing any contract for a technology product or service, a business should understand precisely what the customer is looking for and confirm that the product or service is something the business can deliver on. Never promise something you don’t have the capacity to deliver.

  2. Set the right contract terms. Companies should have a standard contract pre-approved by your legal advisor that you can customize for each client as needed. This contract should clearly list the responsibilities of each party, representation and warranties, and include reasonable limitations of the parties’ liabilities. Any alterations or additions to the standard contract, or if the client requests you use their contract, should be reviewed by your legal advisor before its signed.

  3. Document all scope requirements, milestones, and changes. Documentation is essential when working with a customer on a technology solution or product. Before starting any work, document the responsibilities of each party, milestones, client sign-off processes, and even the processes for changing the project scope or requirements. Documentation will help you avoid disputes later about project scope or party obligations. It will also come in handy in the event of team growth or turnover, enabling business teams to clearly understand deliverables under customer agreements.

  4. Back up your testing regimen with strong customer support. No matter how effective your testing regimen is, there will come a time when all bugs aren’t caught during testing. A strong customer support program that is available and responsive will help resolve issues before they lead to customer complaints, claims, or worse, lawsuits.

  5. Secure your GitHub or other repositories. If you’re developing SaaS using GitHub or a similar repository, ensure your code is safeguarded and only accessible to approved parties. While useful, when unprotected, these platforms can accidentally expose sensitive information that threat actors can use to hack your network. Some GitHub security best practices include never storing credentials as code, removing sensitive data in your files, validating all GitHub applications, and tightly controlling access with multi-factor authentication (MFA) and unique usernames and passwords.

Protect your business: Get insured

Cyber insurance is a key factor in addressing and mitigating cyber risk and can save your business time and money if it's the target of a cyberattack.

Coalition offers a wealth of resources to help businesses implement good cybersecurity practices, including our  Cybersecurity Guide, which outlines the key tenets of a cybersecurity program — a critical factor in reducing your organization’s cyber risk.

For questions about Coalition’s claims process or to be connected to a broker, reach out to our team.

Are you a broker interested in offering Coalition cyber insurance to your clients? Click here to get appointed.