Selecting the Coverage That Suits Your Company
Opportunities in Procuring Cyberspace Coverage
So how can you protect your company from cyberspace risks? How can you ensure that your company has the insurance coverage it needs to negotiate confidently in e-commerce? In order to select the coverage that best suits your company, you must consider its stage of growth and its potential for experiencing dangers unique to the e-commerce landscape. Once you have made this assessment, you should weigh some basic practical factors before making a final decision.
Stage of Growth
The type of coverage you advise your company to obtain depends on its stage of growth. Insurance consultants vary in their recommendations. For example, one group suggests that companies should wait until a mature phase before purchasing intellectual property defense coverage. This group advises you to acquire multimedia/cyberspace liability; professional liability/E&O insurance, including coverage for software and hardware errors and omissions; and D&O and umbrella liability, during your company’s growth phase. See William Gallagher & Assoc., Insurance Milestones for High Technology Companies, www.hightechinsurance.com. Other consultants suggest intellectual property, infringement, and E&O coverage in the startup phase, deferring computer software and media property coverage and D&O liability insurance to the growth phase. See www.insurernewmedia.com.
After factoring in price point, most companies planning to emphasize e-commerce benefit, on balance, by procuring cyberspace, net secure, and D&O policies to supplement their CGL coverage and by putting off E&O/professional liability coverage till their growth or even mature phase. You may decide to rely on the courts to read offenses, such as piracy, idea misappropriation, and unfair competition, broadly enough to encompass the cyberspace torts of patent infringement and trade secret misappropriation, as they have done with CGL policies using the same language. Before you make that decision, however, you should carefully consider the law of the forum that will be applied to your policy. See American Nat’l Fire Ins. Co. v. Methods Research Corp., No. 99 C 7484, 2000 U.S. Dist. LEXIS 17748, at *8 (N.D. Ill. Dec. 5, 2000) (New Jersey law); West Am. Ins. Co. v. Moonlight Design, Inc., 95 F. Supp. 2d 838, 842 (E.D. Ill. 2000) (New York law); Zurich Ins. Co. v. Sunclipse, Inc., 85 F. Supp. 2d 842, 850 (N.D. Ill. 2000) (California law). Indeed, choosing an insurer may also mean choosing the jurisdiction. See Lumbermen’s Mut. Cas. Co. v. Dillon Co., Inc., No. 3:98-CV2013 (EBB), 2000 U.S. Dist. LEXIS 13330, at *10-11 (D. Conn. Aug. 31, 2000) (law of forum, Connecticut).
In general, your company should obtain intellectual property defense coverage as quickly as possible. Express intellectual property defense insurance tends to be more expensive than either cyberspace or net secure coverage. Sometimes you can procure the benefits of such policies by endorsing a cyberspace policy to include express coverage for trade secret or patent lawsuits. IP prosecution coverage may make sense for a startup if select intellectual property assets (patent or copyright) are key to the successful launch of your company’s products. In the current competitive insurance market, your aggressive purchase of a broader range of insurance products than your company may have traditionally procured makes good economic sense.
If you represent a more mature company, you may find that cyberspace and net secure coverage is more significant than traditional forms of E&O/professional liability coverage. If you must make a tradeoff for economic reasons, you could well make this tradeoff.
Dangers of E-Commerce Landscape
E-commerce activities create a potential liability that blends traditional exposure to privacy, defamation/disparagement, and intellectual property claims with new exposure to a variety of internet-specific claims, such as computer crimes, advertising error on websites, and trade secret misappropriation facilitated by email. Before shopping for a cyberspace policy, develop a series of hypothetical e-commerce risks for your company and require insurers to opine about whether their proposed policies would provide coverage for resulting claims. The more specific your hypotheticals are, the more valuable the prospective insurer’s coverage analysis will prove.
The following hypotheticals illustrate some of the exposure problems faced by companies in e-commerce. Imagine the following two scenarios, for example:
1. Your VP for marketing leaves to join a startup competitor that seeks to duplicate and offer for sale your entire line of products on its website, by shipping directly from the same vendors with whom your company has been doing business. It plans to charge 15 percent less than you charge for each product. To complicate matters, your competitor employs an innovative click-and-tab order system for which your company just received a business method patent.
2. Your satellite connection for streamed, online product advertisements goes down for more than a week because of cyberterrorist activity, just as your competitor gets its website with interactive order placement access up and running.
What do you do? Can your existing insurance coverage help? What additional insurance could you have procured that might have softened the blow from these risks?
Different Scenarios
Scenario One: Competitor’s Offer for Sale
If your ex-employee astutely purchased a cyberspace policy, the carrier may be compelled to defend thereunder, but your company could claim damages for its successful prosecution of the pirate. The pirate’s liability would be based on his theft of a list of customers that includes detailed information about their needs and wants, as well as the identity of pricing and delivery models of your company’s products vendors, or components suitable for assembly into products.
Receiving coverage for your new competitor’s activities under a traditional CGL policy would be problematic. Under the current 1998 ISO policy form, such conduct may not be deemed “the use of another’s advertising idea in your ‘advertisement.’” A court could view your lawsuit as one for theft of product information rather than for the content of the advertisement of those products. Disputes over these issues have led to numerous coverage cases, many of which have favored insurers. Although the logic of some of these cases is questionable, their existence should embolden insurers to deny indemnity for such claims. See Associated Aviation Underwriters v. Vegas Jet, LLC, 106 F. Supp. 2d 1051, 1055 (D. Nev. 2000) (The court found no causal nexus between the insured’s advertising and the alleged injury and, thus, no defense due where the insured allegedly funneled confidential trade secrets, including business strategy, pricing information, and client lists that were used to take away plaintiff’s present and future customer base.). Of course, as a plaintiff, your company could choose to highlight those elements of your lawsuit that might trigger coverage and thereby improve your prospects of obtaining an insurer-funded settlement or damage award.
Your trade secret and common law misappropriation claims may constitute “misappropriation of ideas under implied contract” or “misuse of an intellectual property right in content,” as outlined in Media/Professional Insurance Co.’s cyberspace liability policy. The precise description of goods on your company’s website or in its catalogs involves “disseminating content in or for the Cyberspace Activities.” An insurer should not broadly construe the policy’s exclusion for unfair trade practices so as to vitiate coverage, nor should the exclusion for employer-employee relations apply to post-separation conduct. Your company should obtain reimbursement for damages, subject to the amount of any self-insured retention.
Infringement claims for violation of the click and tab protocol would require acquisition of an intellectual property defense policy or litigation under a CGL policy. If the claim implicates a CGL policy form, the more recent the policy form, the less likely a court would be to find that a defense arose for your competitor’s offer for sale infringement.
You might obtain reimbursement for the cost of litigating the prosecution under a policy for pursuit of trade secret infringers, such as the one issued by CNA or Litigation Risk Management through its London-based syndicate. (See sidebar for list of insurance coverage products that address intellectual property disputes). Clearly, cost considerations are key in this area. Given the significant costs of IP litigation – patent lawsuits typically run more than $1 million a year to litigate – procurement of such coverage could be essential. Short-term pricing sensitivity may not be the best focus.
Claims for trade secret and patent infringement are less likely to fall within the scope of cyberspace or CGL policies than other intellectual property claims. The safest bet is to procure express intellectual property defense coverage to avoid litigation with insurers.
Scenario Two: Satellite Connection Loss
This scenario is a classic case in which traditional property damage and crime policies will not be responsive, even with extended business interruption coverage. Net secure policies, like the one issued by Marsh, however, fit the scenario perfectly. They are most likely to address the new range of risks posed by e-commerce in a first-party context, that is, in cases in which the insured looks to its own carrier for reimbursement of damages rather than seeking defense and indemnity for claims asserted against it.
The Marsh policy’s property coverage applies to a “direct loss resulting from deleting . . . disrupting or destroying your Electronic Data, Electronic Information Assets,” caused by an attack, unauthorized access, or unauthorized use. Cyberterrorism could constitute all three. You could recover for loss of business income, which would be determined by a number of factors, including the probable net income if no covered loss had occurred. Although this policy has an exclusion for satellite failure, it should not apply in cases in which the problem is interference with a functioning satellite.
Checklist of Other Factors
Engaging in e-commerce activity without the protection of cyberspace or net secure coverage could be like trying to hack your way through the jungle with a pocket knife instead of a machete. The instrument works; it is simply not long enough, strong enough, or hard enough to go the distance. If, after evaluating your company’s risk, you decide it should obtain nontraditional coverage, you should assume that all problematic exclusions are negotiable. The stronger a showing your company can make of its internal risk management activities and its lack of problematic exposure in the past, the more likely insurers are to extend broader coverage.
Finally, when deciding which cyberspace or net secure policy to procure to supplement your company’s coverage portfolio, keep the following pointers in mind:
● Avoid policies that insurers can cancel for any reason.
● Make sure that the policy covers sublicensees, subsidiaries, affiliates, joint venturers, subcontractors, and distributors.
● Avoid policies that automatically cancel coverage in the event of a merger or acquisition.
● Procure policies with worldwide territorial coverage.
● Obtain a policy with no security screening as a prerequisite for coverage.
● Avoid policies with a breach of contract exclusion.
● Obtain insurance policies with limits high enough to address the legal fees and/or settlement exposure that the referenced risks warrant.
● Make sure the definition of a claim encompasses as broad a set of factual scenarios as possible.
● Make sure the underwriting requirements are reasonable and may be properly addressed by personnel within your company in a timely, cost-effective manner.
● Procure coverage for all risks that your company wishes to insure as part of its portfolio.
Also, be cautious of risk management recommendations that your company accept a significant self-insured retention. The most important benefit that liability coverage provides to your company is a first-dollar defense. A copayment and/or minimum deductible that requires your company to share the cost of litigation, when negotiated in tandem with a provision that assures your company’s control of counsel, may lessen premium expense in a manner that still preserves effective policyholder options. Forfeiting the right to an insurer-funded defense in cyberspace litigation can be penny-wise and dollar foolish.
So how can you protect your company from cyberspace risks? How can you ensure that your company has the insurance coverage it needs to negotiate confidently in e-commerce? In order to select the coverage that best suits your company, you must consider its stage of growth and its potential for experiencing dangers unique to the e-commerce landscape. Once you have made this assessment, you should weigh some basic practical factors before making a final decision.
Stage of Growth
The type of coverage you advise your company to obtain depends on its stage of growth. Insurance consultants vary in their recommendations. For example, one group suggests that companies should wait until a mature phase before purchasing intellectual property defense coverage. This group advises you to acquire multimedia/cyberspace liability; professional liability/E&O insurance, including coverage for software and hardware errors and omissions; and D&O and umbrella liability, during your company’s growth phase. See William Gallagher & Assoc., Insurance Milestones for High Technology Companies, www.hightechinsurance.com. Other consultants suggest intellectual property, infringement, and E&O coverage in the startup phase, deferring computer software and media property coverage and D&O liability insurance to the growth phase. See www.insurernewmedia.com.
After factoring in price point, most companies planning to emphasize e-commerce benefit, on balance, by procuring cyberspace, net secure, and D&O policies to supplement their CGL coverage and by putting off E&O/professional liability coverage till their growth or even mature phase. You may decide to rely on the courts to read offenses, such as piracy, idea misappropriation, and unfair competition, broadly enough to encompass the cyberspace torts of patent infringement and trade secret misappropriation, as they have done with CGL policies using the same language. Before you make that decision, however, you should carefully consider the law of the forum that will be applied to your policy. See American Nat’l Fire Ins. Co. v. Methods Research Corp., No. 99 C 7484, 2000 U.S. Dist. LEXIS 17748, at *8 (N.D. Ill. Dec. 5, 2000) (New Jersey law); West Am. Ins. Co. v. Moonlight Design, Inc., 95 F. Supp. 2d 838, 842 (E.D. Ill. 2000) (New York law); Zurich Ins. Co. v. Sunclipse, Inc., 85 F. Supp. 2d 842, 850 (N.D. Ill. 2000) (California law). Indeed, choosing an insurer may also mean choosing the jurisdiction. See Lumbermen’s Mut. Cas. Co. v. Dillon Co., Inc., No. 3:98-CV2013 (EBB), 2000 U.S. Dist. LEXIS 13330, at *10-11 (D. Conn. Aug. 31, 2000) (law of forum, Connecticut).
In general, your company should obtain intellectual property defense coverage as quickly as possible. Express intellectual property defense insurance tends to be more expensive than either cyberspace or net secure coverage. Sometimes you can procure the benefits of such policies by endorsing a cyberspace policy to include express coverage for trade secret or patent lawsuits. IP prosecution coverage may make sense for a startup if select intellectual property assets (patent or copyright) are key to the successful launch of your company’s products. In the current competitive insurance market, your aggressive purchase of a broader range of insurance products than your company may have traditionally procured makes good economic sense.
If you represent a more mature company, you may find that cyberspace and net secure coverage is more significant than traditional forms of E&O/professional liability coverage. If you must make a tradeoff for economic reasons, you could well make this tradeoff.
Dangers of E-Commerce Landscape
E-commerce activities create a potential liability that blends traditional exposure to privacy, defamation/disparagement, and intellectual property claims with new exposure to a variety of internet-specific claims, such as computer crimes, advertising error on websites, and trade secret misappropriation facilitated by email. Before shopping for a cyberspace policy, develop a series of hypothetical e-commerce risks for your company and require insurers to opine about whether their proposed policies would provide coverage for resulting claims. The more specific your hypotheticals are, the more valuable the prospective insurer’s coverage analysis will prove.
The following hypotheticals illustrate some of the exposure problems faced by companies in e-commerce. Imagine the following two scenarios, for example:
1. Your VP for marketing leaves to join a startup competitor that seeks to duplicate and offer for sale your entire line of products on its website, by shipping directly from the same vendors with whom your company has been doing business. It plans to charge 15 percent less than you charge for each product. To complicate matters, your competitor employs an innovative click-and-tab order system for which your company just received a business method patent.
2. Your satellite connection for streamed, online product advertisements goes down for more than a week because of cyberterrorist activity, just as your competitor gets its website with interactive order placement access up and running.
What do you do? Can your existing insurance coverage help? What additional insurance could you have procured that might have softened the blow from these risks?
Different Scenarios
Scenario One: Competitor’s Offer for Sale
If your ex-employee astutely purchased a cyberspace policy, the carrier may be compelled to defend thereunder, but your company could claim damages for its successful prosecution of the pirate. The pirate’s liability would be based on his theft of a list of customers that includes detailed information about their needs and wants, as well as the identity of pricing and delivery models of your company’s products vendors, or components suitable for assembly into products.
Receiving coverage for your new competitor’s activities under a traditional CGL policy would be problematic. Under the current 1998 ISO policy form, such conduct may not be deemed “the use of another’s advertising idea in your ‘advertisement.’” A court could view your lawsuit as one for theft of product information rather than for the content of the advertisement of those products. Disputes over these issues have led to numerous coverage cases, many of which have favored insurers. Although the logic of some of these cases is questionable, their existence should embolden insurers to deny indemnity for such claims. See Associated Aviation Underwriters v. Vegas Jet, LLC, 106 F. Supp. 2d 1051, 1055 (D. Nev. 2000) (The court found no causal nexus between the insured’s advertising and the alleged injury and, thus, no defense due where the insured allegedly funneled confidential trade secrets, including business strategy, pricing information, and client lists that were used to take away plaintiff’s present and future customer base.). Of course, as a plaintiff, your company could choose to highlight those elements of your lawsuit that might trigger coverage and thereby improve your prospects of obtaining an insurer-funded settlement or damage award.
Your trade secret and common law misappropriation claims may constitute “misappropriation of ideas under implied contract” or “misuse of an intellectual property right in content,” as outlined in Media/Professional Insurance Co.’s cyberspace liability policy. The precise description of goods on your company’s website or in its catalogs involves “disseminating content in or for the Cyberspace Activities.” An insurer should not broadly construe the policy’s exclusion for unfair trade practices so as to vitiate coverage, nor should the exclusion for employer-employee relations apply to post-separation conduct. Your company should obtain reimbursement for damages, subject to the amount of any self-insured retention.
Infringement claims for violation of the click and tab protocol would require acquisition of an intellectual property defense policy or litigation under a CGL policy. If the claim implicates a CGL policy form, the more recent the policy form, the less likely a court would be to find that a defense arose for your competitor’s offer for sale infringement.
You might obtain reimbursement for the cost of litigating the prosecution under a policy for pursuit of trade secret infringers, such as the one issued by CNA or Litigation Risk Management through its London-based syndicate. (See sidebar for list of insurance coverage products that address intellectual property disputes). Clearly, cost considerations are key in this area. Given the significant costs of IP litigation – patent lawsuits typically run more than $1 million a year to litigate – procurement of such coverage could be essential. Short-term pricing sensitivity may not be the best focus.
Claims for trade secret and patent infringement are less likely to fall within the scope of cyberspace or CGL policies than other intellectual property claims. The safest bet is to procure express intellectual property defense coverage to avoid litigation with insurers.
Scenario Two: Satellite Connection Loss
This scenario is a classic case in which traditional property damage and crime policies will not be responsive, even with extended business interruption coverage. Net secure policies, like the one issued by Marsh, however, fit the scenario perfectly. They are most likely to address the new range of risks posed by e-commerce in a first-party context, that is, in cases in which the insured looks to its own carrier for reimbursement of damages rather than seeking defense and indemnity for claims asserted against it.
The Marsh policy’s property coverage applies to a “direct loss resulting from deleting . . . disrupting or destroying your Electronic Data, Electronic Information Assets,” caused by an attack, unauthorized access, or unauthorized use. Cyberterrorism could constitute all three. You could recover for loss of business income, which would be determined by a number of factors, including the probable net income if no covered loss had occurred. Although this policy has an exclusion for satellite failure, it should not apply in cases in which the problem is interference with a functioning satellite.
Checklist of Other Factors
Engaging in e-commerce activity without the protection of cyberspace or net secure coverage could be like trying to hack your way through the jungle with a pocket knife instead of a machete. The instrument works; it is simply not long enough, strong enough, or hard enough to go the distance. If, after evaluating your company’s risk, you decide it should obtain nontraditional coverage, you should assume that all problematic exclusions are negotiable. The stronger a showing your company can make of its internal risk management activities and its lack of problematic exposure in the past, the more likely insurers are to extend broader coverage.
Finally, when deciding which cyberspace or net secure policy to procure to supplement your company’s coverage portfolio, keep the following pointers in mind:
● Avoid policies that insurers can cancel for any reason.
● Make sure that the policy covers sublicensees, subsidiaries, affiliates, joint venturers, subcontractors, and distributors.
● Avoid policies that automatically cancel coverage in the event of a merger or acquisition.
● Procure policies with worldwide territorial coverage.
● Obtain a policy with no security screening as a prerequisite for coverage.
● Avoid policies with a breach of contract exclusion.
● Obtain insurance policies with limits high enough to address the legal fees and/or settlement exposure that the referenced risks warrant.
● Make sure the definition of a claim encompasses as broad a set of factual scenarios as possible.
● Make sure the underwriting requirements are reasonable and may be properly addressed by personnel within your company in a timely, cost-effective manner.
● Procure coverage for all risks that your company wishes to insure as part of its portfolio.
Also, be cautious of risk management recommendations that your company accept a significant self-insured retention. The most important benefit that liability coverage provides to your company is a first-dollar defense. A copayment and/or minimum deductible that requires your company to share the cost of litigation, when negotiated in tandem with a provision that assures your company’s control of counsel, may lessen premium expense in a manner that still preserves effective policyholder options. Forfeiting the right to an insurer-funded defense in cyberspace litigation can be penny-wise and dollar foolish.
