When you enter into a contract with a vendor, you generally
impose insurance requirements on the vendor and an indemnification
obligation. But consider whether your current contracts have
insurance requirements that would cover the following:
When a computer repair technician damages your inventory
data records, does the technician have insurance to pay for the
cost of reconstructing those electronic records and your loss of
When you are sued for copyright or trademark infringement
because your advertising firm plagiarized another company's
ideas in its marketing for you, does the advertising firm have
insurance to defend and indemnify your company from the
When a service provider accidently discloses confidential
information and you have to comply with the privacy laws, will the
service provider pay for the significant notification and
Unfortunately if your purchasing contracts contain the standard
insurance boilerplate that merely requires the vendor to maintain
Commercial General Liability insurance (CGL), there will probably
be no insurance coverage to pay for any of these claims. The
standard CGL policy expressly excludes coverage for electronic
data, including information and programs stored on a computer.
The absence of coverage stems from the historical fact that the
CGL was created in a bricks and mortar world where most of the
damages a vendor could cause involved tangible property or bodily
injury. In today's cyber world, however, the damages a service
provider can cause are more likely to be intangible property,
electronic data or economic damage, and therefore not covered by
the CGL. The vendor must have an Errors and Omissions policy and
cyber risk products to adequately protect your business.
We recommend that you review your contracts with vendors to make
a modern day assessment of the risks posed to your business. We
suspect that too many of those contracts only require a Commercial
General Liability policy.
If a provider has access to your computer system, we recommend
that the contract require both Technology Errors and Omissions
insurance and coverage for Cyber Risks including Privacy Event
coverage. Here is a sample provision that we added to the insurance
requirements in a contract with a software consultant:
A. Required Insurance Coverages and Minimum Amounts
8. Technology errors and omissions insurance covering liability for
programming errors, software performance, failure to perform as
promised under the Agreement, and cyber risks including Privacy
Event coverage with a combined single limit not less than
$5,000,000 per claim and combined annual aggregate liability limit
of not less than $10,000,000. The Mitigation Costs limit of
liability will be not less than $3,000,000.
We all need to start thinking about electronic and intangible
risks posed by vendors in the same way we traditionally have
thought about damages that could be caused by contractors to
tangible property. Consider this:
If you had a contractor rebuilding a part of your plant for
$1 M – would you require the contractor to provide
insurance for the physical damages he could cause to your property
and bodily injury to your employees during construction?
"Of course I would require a CGL as part of the
When a vendor has access to your computer data system, he
can damage assets that are more valuable than any building owned by
the company. If the vendor can damage your data or his employee
reveals identifiable information triggering the privacy laws,
shouldn't you require the vendor to have the right type of
insurance coverage to pay those damages?
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
A commentary on a recent decision in the case of Engineering & Construction Innovations, Inc., v. L. H. Bolduc Co., interpreting a subcontractor's agreement to indemnify a contractor, the subcontractor's contractual obligation to procure insurance to cover that indemnity agreement and the impact of the Minnesota anti-indemnification statute on such contract provisions.
Like many companies who made products containing asbestos, Kaiser Cement and Gypsum Corporation has over the past several decades defended thousands of asbestos bodily injury claims brought by construction workers who allege they were exposed and suffered bodily injury resulting from exposure to Kaiser Cement’s asbestos containing products.
As reported in our November 2012 Client Alert entitled Latest Regulatory Developments Concerning Unclaimed Life Insurance Benefits, a few states have passed new laws governing claims investigation practices to address the issue of unclaimed life insurance benefits.
A New York appellate court recently upheld a supreme court ruling that an insurer had a duty to defend a manufacturer’s faulty workmanship where it resulted in third party property damage. I.J. White Corp. v. Columbia Cas. Co., 2013 NY Slip Op 2500 (N.Y. App. Div. 1st Dep’t Apr. 16, 2013).
In Farkas v. National Union Fire Insurance Company of Pittsburgh, PA, No. 12-1481, 2013 WL 1459248 (4th Cir. Apr. 11, 2013), the United States Court of Appeals for the Fourth Circuit affirmed the district court’s summary judgment order and held that a Directors & Officers (D&O) liability insurer had no duty to defend the chairman of the policyholder after he was convicted of criminal fraud.