how can technology insurance mitigate business risks?

IIZI Insurance Broker • Nov 02, 2021 • 7 min read

IIZI Insurance Broker on why e-⁠residents operating in the IT field should consider appropriate technology insurance to mitigate business risks

An e-Residency card entered to a laptop — Photo: Kalle Veesaar

This is a guest post by IIZI, Estonia's largest insurance broker, which quickly and easily compares offers from different insurance companies locally and internationally in order to find the best insurance solutions for its clients. IIZI Insurance Broker is also a trusted member of the e-⁠Residency Marketplace.

How to handle risks while building up a successful business is one of many worries keeping founders up at night. No matter how brilliant the team or business plans, a company might face problems related to technological products or services they are providing or even their IT infrastructure.

Why? Digitalization means that business models are getting more complex all the time. Complexity involves higher levels of risk along many dimensions involving contractual, legal, and operational liability.

Companies established by e-⁠residents are often IT or technology companies or use IT as part of their business. It is thus crucial for e-⁠residents to pay attention to technology risks and how to mitigate them, including by taking up business insurance. What exactly can be covered by insurance depends on the country and the business culture where the company operates. And this is made even more complex if companies operate across borders – so e-⁠resident company owners should take notice.

"An IT company could find itself in a situation where a client claims damages for a breach of contract or a regulatory body institutes proceedings and seeks damages for violating GDPR or payment and e-money institutions regulations," illustrates Helen Evert, specialist of TECH and Cyber Insurance at IIZI Kindlustusmaakler AS.

IIZI TECH and Cyber Insurance specialist Helen Evert.
Photo courtesy of IIZI Insurance Broker.

How can insurance help?

Helen Evert has experience advising IT companies in different sizes and business areas over the years. "There are many different reasons to buy insurance. It is often bought primarily for compliance reasons – insurance is required by contract, investor agreement, or procurement terms. Sometimes it is an industry-standard or legal obligation. Mainly it is for the sense of security to IT company clients," explains Evert.

The aim of any insurance policy the company is obliged to buy is to grant resources if something goes wrong. It becomes a valuable asset for the IT company as otherwise, the company has to find these funds themselves. "Even if your new client wants you to arrange a Public Liability policy, which is not directly connected to your technological product or service at all, it serves the purpose of business continuity. For instance, visiting your clients' premises and accidentally breaking something valuable should not lead you to insolvency," she gives an example.

An insurance policy can add value and weight to a company’s sales pitch and be a crucial selling value when attracting large clients. It can increase the potential client’s confidence level in the IT company, and from the company's point of view, is a valuable safety net in case problems occur.

What are the risks for IT and technology companies?

"In short, anything can happen especially with new and innovative technologies. But according to lawyers and IT companies themselves, the main concern and the basis for most disputes is the scope – of functionality or quality of the delivered outcome of the IT services. For instance, there could be a malfunction of infrastructure, a simple human error, a cyber-attack, or even a system override by users themselves. If such a thing was to occur, your client would lose money because you are not fulfilling the contract," says Evert.

What is insurable is usually the part that is out of a company’s control. For example, if the company could not deliver by a deadline, this generally won’t be covered by insurance. However, if something delivered does not work as agreed in the contract, it is usually the time to calculate damages.

"Other claims we see more often are related to supply chain attacks and cyber incidents in the IT or technology companies. Evert notes, "cyber security and data-related issues are on the rise." This is confirmed by The European Union Agency for Cybersecurity, which forecasts that supply chain attacks are expected to grow by as much as four times this year compared to last year.

What is the most critical insurance policy for an IT company?

The primary insurance policy is IT or technology insurance. Such insurance is one of the first insurance products recommended for IT companies to mitigate risks.

Evert makes the clear distinction between Professional Liability and General or Public Liability: "The first type covers the liability arising out of the technological activity, which is the core of this insurance. It covers financial losses related to errors or negligence and not directly to bodily injury or property damage. To simplify, the client of the IT or technology company says, "you did this, and we lost money because of that." and sends you the notice." A good example here is an outage in June 2021 which affected many high-profile websites, including Amazon, Reddit, and Twitch. On the basis financial losses could reach 250 000 USD as a result of one downtime hour, the website owners claimed compensation from the cloud service provider.

On the other hand, general or public liability insurance for IT and technology covers damages related to errors, failures to perform, breach of contract, security or privacy failure, media liability, intellectual property breach, legal expenses associated with the actual or alleged claim. The policies are not usually limited to these forms of damages and can be built up to meet exact needs of the insurance holder.

"IT or technology companies themselves are subject to cyber risks and can suffer cyber-attacks or privacy breaches. Some have physical products that could cause harm to its users or be part of the liability chain," Evert explains. "Insurance policies have to meet the specific business model and risks of the policy holder."

How IIZI makes insurance available for companies?

"The local insurance market in Estonia is quite limited when it comes to insuring IT and technology companies. This the main reason we at IIZI are co-operating with insurance markets abroad. Our insurance buyers benefit from it because their risks tend to be rather international and not only in Estonia," comments Evert.

The choice of insurer depends on the size and activities of the company. Globally, there are many providers for this line of insurance, but not all quote to Estonian registered companies. "We have still managed to find proper solutions for all companies who need to cover their actual business risks and are not only looking insurance only for the checkmark," concludes Evert.

Two insurance products offered by IIZI relevant for IT companies include:

TECH or insurance for technology companies is professional insurance that covers the risks associated with operating in the information technology sector, the claims arising from the accompanying legal liability, and the expenses and damage incurred by the policyholder.
Cyber risks insurance is for companies whose everyday activities depend on information technology systems and web solutions or who collect people’s personal data (for example health information) or important financial information (for example credit card information).

Companies established by e-⁠residents are often IT or technology companies or use IT as part of their business. Plus, most e-⁠residents are operating their businesses across borders, adding to the business complexity and risks. It is therefore crucial to pay attention to business insurance to mitigate technology risks and choose the most appropriate to the company.