What you need to know about

2
The Technology Business Sector faces distinct liability issues that require customized risk management solutions.
• Errors & Omissions
– What is it?
– Discuss situations that could lead to an E&O claim for a Tech professional
• Information Risk
– Understand legal and regulatory implications of a data breach where personally identifiable information of clients may be at risk

3
Why does the Technology Sector Face Unique Risk Exposures?
• Tech universe is fueled by 80% small firms with less than
$20M in revenue
• Global risks from inception with international revenue expected to exceed 49% in three years- Networks &
Businesses today are “borderless”
• Continuous innovation
• Size and complexity of Tech risks drive customized E&O/Info
Risk solutions

4
What is Errors & Omissions?
• Covers the financial loss suffered by your client when the product or services your company provided fails
• Covers a “wrongful act”: any actual or alleged act, error, omission, neglect, breach of duty;
1. Committed solely in the conduct of “your work”
2. Resulting in the failure of “your product” to perform the function or serve the purpose intended

5
Property
Exposures
Bodily Injury or
Physical Damage
PROPERTY
Financial Loss
BUSINESS
INTERRUPTION
Liability
Exposures
GENERAL
LIABILITY
ERRORS &
OMISSIONS

6
• The General Liability policy excludes many tech liability issues
– “Intangible” property damage or financial loss
– Professional exposures
– No coverage for programming errors, contract performance disputes or issues related to data corruption
• Differentiator against competitor
• Frequent contract requirement
• Personal Protection
• Defense Costs

7
• Things go wrong and clients sue
– Lack of communication between insured and client
– Inability to pay for work performed
– Client is acquired, new parents doesn’t like the technology
– Vendor oversells capabilities
– Ownership of developed software is not clearly defined

8

9
Watch for clues that there may be an E&O claim lurking…
• Missing deadlines
• Not hitting milestones
• Few large clients/contracts- dependency
• Contracts become extremely important!

10
What should you do if you learn of a situation that you think might give rise to an E&O Claim?
• Report as soon as you think there may be a situation!
• No penalty for reporting
• With some companies (like CNA) reporting will enable your company to benefit from free pre-claim assistance

11
Third Party Risks:
Your Responsibility to Others:
LIABILITY
• Network Security
• Privacy Injury Liability
• Need to comply with State Breach
Laws
• Regulatory Fines & Penalties
• Crisis Management
First Party Risks:
WHAT CAN HAPPEN TO YOU
• Loss of Data
• Network Extortion
• Loss of Business Income
• Electronic Theft

12
• Virus/Malicious code
• Denial of service attacks
• Hacker attacks/unauthorized access
• Malicious Hardware
No Tech/Low Tech Threats:
• Physical theft of device/media
• Accidental release
• Rogue employees
• Social engineering
Trivia: Define Phishing?

13
Most likely cause of compromise
Lost or Stolen
Hacking
Web
SE/Fraud
Disposal
Snail Mail
E-mail

14
The Retailer
• A mid-sized technology company hosts Web sites for retailers.
• A high fashion boutique relies on
Web site availability to generate e-commerce income.
• The technology company’s site is disrupted by a virus.
• The boutique’s ability to generate income is disrupted.
• They sue the tech company to recover lost income.

15
…where could the company find coverage?
A. Information Risk Policy
B. Errors & Omissions Policy
C. General Liability Policy
D. Social Engineering- Info Risk Policy
E. None of the Above

16
The Non-Profit
• A non-profit charity accepts donations charged to the donor’s credit card.
• Donations are accepted by phone or via the Internet.
• In some cases, donors authorize the charity to charge a small recurring monthly donation to the donor’s credit or debit card.
• The charity retains donor information, including credit card numbers, to support pre-authorized recurring donations. A hacker penetrates the charity’s network security and copies the retained card data. The hacker sells the information to an ID theft ring. Later, the stolen information is used to withdraw funds from donors’ bank accounts. The donors sue the charity to recover stolen funds and the cost to repair their credit history.

17
…where could the company find coverage?
A. Information Risk Policy
B. Errors & Omissions Policy
C. General Liability Policy
D. Social Engineering- Info Risk Policy
E. None of the Above

18
Hartford Hospital Breach- July 26, 2012
• Hartford Hospital in CT announced a breach of protected health information caused by a business associate and affecting 9,558 patients.
• Unencrypted laptop containing PII of Hartford patients was stolen from the home of an employee of a firm called Greenplum, which is a subsidiary of one of the hospital’s vendors, EMC Corp.
• Greenplum was performing data analysis for EMC on behalf of the hospital as part of a quality improvement project related to hospital readmissions)

19
…where could the company find coverage?
A. Information Risk Policy
B. Errors & Omissions Policy
C. General Liability Policy
D. Social Engineering- Info Risk Policy
E. None of the Above

20
Tech Equipment Installation
• While in the process of installing new cable for a voice over IP system in an office building there is damage to the roof structure which later results in a roof leak.
• Two weeks later the customer suffers significant property damage to their server because the roof leaks in the IT room during an overnight storm.

21
…where could the company find coverage?
A. Information Risk Policy
B. Errors & Omissions Policy
C. General Liability Policy
D. Social Engineering- Info Risk Policy
E. None of the Above

22
Wal-Mart Hack- July2012
• Wal-Mart store manager in small military town in Canada receives urgent phone call from “Gary Darnell” in the home office in Bentonville, Ark.
• Darnell told the manager Wal-Mart had a multi-million dollar opportunity to win a major government contract, and that he was assigned to visit the handful of Wal-Mart stores picked as likely pilot spots. First he needed to get a complete picture of the store’s operations. He would also need to know the make and version numbers of the computer’s operating system,
Web browser and antivirus software.
• In 10 minutes, the thief had pried secrets loose from one of America’s biggest and most guarded corporations.
• Darnell is actually Shane MacDougall- now champion of this year’s social engineering “capture the flag” contest” at the annual Defcon conference

23
…where could the company find coverage?
A. Information Risk Policy
B. Errors & Omissions Policy
C. General Liability Policy
D. Social Engineering- Info Risk Policy
E. None of the Above

24
Switch Fails to Perform
• A digital telecommunications switch performed erratically, causing a IT
Support provider to suffer a significant loss of revenue and reputation when their customers were cut off mid-conversation.
• The IT Support Company sued the switch manufacturer and settled for $8 million.

25
…where could the company find coverage?
A. Information Risk Policy
B. Errors & Omissions Policy
C. General Liability Policy
D. Social Engineering- Info Risk Policy
E. None of the Above