Protecting tech clients can be a complicated business. How does a broker know if the client is a true tech firm, figure out what services they are providing or, more importantly, what the right protection is?
All of these questions and more were answered in a recent webinar by Matt Clayton and James Stretton, both Senior Underwriters in the Professional Risks team of Tokio Marine HCC. The theme was understanding professional indemnity (PI) technology and the key message was that while it might seem complex, it doesn’t need to be complicated.
“Technology is constantly changing and developing rapidly so unless you are very tech savvy, it is easy to feel like you are being left behind,” said James.
Tech risks can seem intimidating to the uninitiated, but the vast majority of businesses today carry some kind of tech risk and the number of true tech companies, trading in all types of technology and services, is growing every year. So, any broker hoping to maintain their foothold in the market really has to get to grips with these emerging risks. But help is at hand.
James made it clear that underwriters are heavily reliant upon brokers fully understanding what their client does, what the exposures are and what the client needs are. He said that while he understood brokers submitting information they don’t fully understand, he had a word of advice for them. “I’ll let you into a little secret – if you haven’t got the right information in the right place, even the most tech-savvy underwriter will struggle to make sense of it and most likely won’t consider it.”
So where on earth does a broker start with a tech risk? The first step, as Matt explained, was to try to figure out whether the client is a true tech risk or not.
“If their end clients are not buying or selling a tech solution – software, hardware or a tech service – then it may not be an IT risk. For example, a training company sells educational services – they may use tech to help deliver that but that doesn’t necessarily mean they are a tech risk,” he explained.
Matt said he always asked himself the following three questions:
In addition, brokers can look at the type of services these clients provide. The vast majority of true tech firms will fall into one or more of the following categories:
Even within these categories, Matt explained that not all firms are equal with some software providers selling ‘off the shelf’ third party software to clients, others selling their own ‘off the shelf’ software and still others who will customise their platform or even build one from scratch for a client.
“Each of those has different levels of complexity to what they are delivering so we always look to drill down to understand exactly what they do to properly understand the exposures,” said Matt.
While the sector the client operates in is important to underwriters, it’s not the be all and end all. Of much more importance is how they deliver their products and services, an element that is typically missing from most proposal forms.
“I would never underwrite a risk without understanding how their products and services are delivered,” warned Matt, explaining that there was a huge difference in exposure between a company that provides software on premises and one who provides it as a service.
But the underwriter’s exploratory work isn’t finished even at that stage. Matt explained that once he is satisfied on the above issues, he then asks himself the following:
On that last point, James stepped in to clarify the important distinction between the two main types of cyber policies in the market – professional liability (covering the insured’s clients) and the liability cyber (covering their own risks).
“It’s vital to understand what the client needs the cover for and how much cover they need to meet their requirements. It’s quite common to see requests advising that the proposer is required to hold £10m worth of cyber insurance cover. This type of request is usually driven by a contractual requirement from the proposer’s client,” said James.
“Since tech PI policies would normally cover claims for protection of third-party data, where they are asking for £10m of cyber cover, they are actually asking for £10m of PI cover to protect the client’s data rather than their own.”
And as James explained, the lack of clarity means that clients could be purchasing expensive liability cover when the PI element in their tech policy would satisfy that contractual requirement.
Matt closed the presentation by outlining what a good tech policy looks like and the covers brokers should look to have in place.
He advised brokers to look out for the following:
He did warn, however, that while most heads of cover are similar, the exclusions within them are not so advised brokers to spend time looking through these.
“If you have a tech client who isn’t on an IT wording, then there are two fundamental issues. One will be an exclusion for products – software and hardware are products,” explained Matt.
“The second is that a non-tech policy will not cover a breach of contract and that is where most claims come from. So, it is critical to get an IT client on an IT specialist wording from a specialist provider.
“All of this can appear complex, but it doesn’t have to be complicated. You can break it down, and understand these companies and we are always here to help you with that. We know this market is only going to grow and we want to take you with us on that growth journey."
Disclaimer
The information contained in these articles and documents are believed to be accurate at the time of the date of issue, but no representation or warranty is given (express or implied) as to their accuracy, completeness or correctness. TMHCC accepts no liability whatsoever for any direct, indirect or consequential loss or damage arising in any way from any use of or reliance placed on this material for any purpose. The contents of these articles/documents are the copyright of Tokio Marine HCC. Nothing in these articles/documents constitutes advice, nor creates a contractual relationship.