Thursday, July 30, 2009

Access Unauthorized? Claim DENIED!

Have you ever spent any time with your Errors & Omissions policy? I mean, really looked at it? You may be surprised at what you find.

Grab a magnifying glass and dig deeper. . .deeper. . .deeper into the cadaver
of your policy. Once you get past the glossy cover, you'll find that the bright, pretty logos disappear; as do the promises of unmatched service. The text shrinks and splits into 2 columns that seem to run on without end - like the yellow brick road coiling into the horizon.

Once you find the EXCLUSIONS section, you may see something like this:

The insurance does not apply to any "claim" arising from:

Security or System attack, unauthorized access to, unauthorized use of, tampering with or introduction of malicious code into: firmware, data, software, system or networks, or any resulting denial of service or repudiation of access.

As an IT company, your clients rely on you to protect them from viruses, worms, cyber attacks, & theft of information. Your customer pays top dollar. They rely on your expertise to keep their network running and stay in business.

If a customer's network falls victim to an attack, either by a virus or unauthorized access from an outside party, they will call to ask why you didn't protect them. If they determine that your company made a crucial mistake in configuring their system, then they may hold you liable for their:

  • Cost to repair their system
  • Loss of revenue during their downtime
  • Lost customers due to adverse publicity related to the attack

Once you receive the call from that irate customer, your next call will be to your Insurance Agent. If your policy contains the above exclusion, then you will not be covered.

Double check your Errors & Omissions policy to see if it contains an Unauthorized Access exclusion. It probably does. If so, ask your Underwriter if you can buy this coverage back by endorsement. If your company can't do it, then I recommend finding another insurance carrier.

Errors & Omissions policies have lots of other landmines that will surprise the IT business owner. I'll describe some of these in future posts. In the meantime, if you have any questions or want to discuss specifics, please do not hesitate to contact me @

If you've ever been caught in this coverage gap, let me know about it.

No comments:

Post a Comment