Technology Companies Hit From All Sides

The rapid advances in technology fueling the digital revolution are changing the face of business today. This is especially true for technology companies that are at the forefront of these changes. Their role in the new economy combined with their rapid adoption of the Internet is creating a unique risk dynamic for these companies.

Specifically, technology companies face risk on a dual front. They are vulnerable not only for their own systems and intellectual property, but also for the effect of their products and services on the systems of other companies.

This duality becomes clear when you evaluate the technology companys intellectual property, virus, unauthorized access, and errors and omissions exposures. For all of these exposures, the duality is heightened by the Internet.

Intellectual property exposures such as trade secret disclosure, theft or loss, patent, copyright and trademark infringement all assume different dimensions in the Internet realm. There is not only an increased severity of liability due to the possibility of quick, widespread dissemination and impact, but there also is an increase in the number of different ways these exposures can arise.

For instance, copyright infringement exposures, while not new to the technology company, need to be evaluated from the perspective of software development, advertising and Web site management.

A technology companys copyright exposure involves content on its site, whether authored by the technology company or not. The technology company also may face contributory or vicarious copyright infringement exposures for software that enables others to infringe.

Trademark exposures exist in advertising, products and services, domain names and also can arise from specific Web site features such as framing, bulletin boards, and the like.

The technology companys patent infringement and trade secret exposures also are affected by the Internet. For example, patent infringement exposures no longer run just to the product, but can now extend to the method in which the business is conducted, particularly on the Internet.

One-click ordering and reverse bidding are examples of Internet-specific business methods exposed to patent infringement.

Trade secret losses can emerge when a hacker breaks into the technology companys own systems or its customers systems. Trade secret losses also can arise out of the companys hiring practices or from a company experts participation in a chat room.

The in-vogue risks of unauthorized access, denial of service, repudiation of access and malicious code (which may corrupt or destroy software or data) have always existed for the technology company on both a first and third-party basis, but are significantly increased with the surge in the Internet and networked computing. The technology company faces first-party losses for its own system vulnerabilities. It also faces third-party liability in the form of lawsuits from its customers for the perceived failure of its products and services to provide protection from these risks.

The 2001 CSI/FBI Computer Crime and Security Survey Results reveal increases in security breaches, the severity of breaches and the dollar losses due to computer crime. The survey also notes that for the fourth year in a row, more respondents (70 percent) cited their Internet connection as a frequent point of attack than cited their internal systems (31 percent). The burgeoning vulnerability to these attacks is largely due to expanded Internet presence and networked activities. The user-friendly acts of opening up systems, providing ease of access, interactivity and wider dissemination have their commensurate dark side in providing greater opportunity for these types of attacks.

The technology company faces significant errors and omissions exposures for the products and services it provides and how it provides them. Companies that use the Internet to distribute and provide information and advice add a new level of complexity to these E&O risks.

Distribution through the Internet causes certain fulfillment exposures such as when the product or service is incorrectly described, priced or not delivered in the specified timeframe.

While these types of exposures are not necessarily unique for the technology company, the broad, rapid dissemination powers of the Internet decrease the technology companys ability to limit or control these exposures. And utilizing chat rooms or bulletin boards to provide advice or how-to information in an impromptu fashion, without the proper caveats or disclaimers, can further increase the technology companys E&O vulnerabilities.

Insurers are struggling to keep up with the dynamic and evolving nature of technology exposures. Adding to the challenge is the inherent duality of risk for a technology company, wherein they face exposures on different fronts: first and third party, internal and external.

In the past, the technology companys only recourse was to seek out coverage in its general liability forms for intellectual property risks and look to traditional property forms for first party losses. In addition, the technology company could purchase an Electronic Data Processing (EDP) policy to cover its errors and omissions exposures.

Gaps between the forms, the uncontemplated risks of malicious code and unauthorized access, the debate as to whether data is tangible property, and the real risk of systems being held hostage all make these traditional forms inadequate for todays technology company unless theyre updated.

New policies are emerging to address the unique dimension of risk posed by networked computing and the Internet. Such forms include “networked computing,” “cyberspace” and Internetrelated policies which respond on both a first and third-party basis to risks such as malicious code and security breaches.

These forms attempt to pick up where the traditional first and third-party liability forms leave off.

Some new intellectual property coverages also are being developed to address the heretofore-excluded vulnerabilities of patent infringement and misappropriation of trade secrets. However, there is currently little to no consistency among these forms. The coverages can differ significantly and they are not specific to technology firms.

The best solution for the technology company on a third-party liability basis may be found in the revision of a traditional EDP policy. This revision must go beyond errors and omissions and include coverage for contentrelated exposures (i.e. copyright, trademark etc.), security breaches (i.e. unauthorized access, malicious code, etc.), and personal injury (i.e. invasion of privacy, defamation, etc.) arising from the technology companys services–including its online services.

This type of policy–combined with a patent and trade secrets enforcement and defensive policy, the traditional property and general liability forms, and a first party security policy–may be the best approach available for the technology company today.

Laura Johnson, a vice president of The Hartford Financial Services Group, Inc., heads the technology insurance unit of Hartford Specialty.


Reproduced from National Underwriter Property & Casualty/Risk & Benefits Management Edition, November 12, 2001. Copyright 2001 by The National Underwriter Company in the serial publication. All rights reserved.Copyright in this article as an independent work may be held by the author.


Contact Webmaster

Continue Reading for Free

Register and gain access to:

  • Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.