At RiskBox, we’ve worked with and supported technology start-ups and scale-ups for over a decade. In that time, we’ve protected them against the evolving risk landscape, guaranteeing they have the right insurance in place to meet their exposures and contractual obligations.

And one of the most important lessons we’ve learned is to source your Cyber and Professional Indemnity (PI) Insurance from the same provider. So let’s unpack why…

What is Professional Indemnity and Cyber & Data Insurance?

Before we start, it’s important to understand the basics:

Professional Indemnity

PI pays to defend your venture from a range of situations that could arise from the services you provide. If you lose a litigation, it also pays the damages and any costs awarded against you.

The core protection revolves around alleged negligence, errors, and omissions, but the best policies also include cover for IP infringement, defamation, breach of confidentiality or privacy, and breach of contract.

Cyber & Data

A Cyber & Data package provides a combination of covers:

• It can reimburse you if you suffer a cyber incident, as well as protect your legal liability arising from subsequent litigation, such as if you’re subject to an action regarding potential data losses, including from the Information Commissioner’s Office (ICO).
• It also pays the forensic investigation costs you would incur following a suspected breach, including the charges to notify individuals who had their data lost or compromised.
• It’s often split into two sections, referred to as “first party”, i.e. your own systems, focussing on getting you back up and running; and “third party” i.e. actions from third parties against you, whether data claimants or the ICO.

Insurance developments in the past decade

PI has historically provided elements of Cyber coverage when relating to your services – this could include negligently transmitting a virus to your client or failing to maintain a website with patches resulting in your client being affected by a cyber attack.

However, with Cyber being a relatively new insurance product, it’s constantly evolving. Now, we’re seeing insurers tackle that exposure within a designated Cyber product rather than other lines of coverage.

Here are a number of key changes we’ve noticed…

1. Contractual obligations: Cyber Insurance is more frequently required within insurance clauses as part of contracts. The terminology can vary, and is often central to whether your insurance is compliant. Wider stipulations on Cyber & Data can be expensive as higher limits often bring larger premiums.
2. Insurer restrictions: We’re also seeing Cyber restrictions under PI policies where insurers want liability to fall under a clear Cyber policy. Most Professional Indemnity policies remain provided on an “any one claim” basis – however, a majority of Cyber insurers will only offer their limit on an “aggregated” basis.
3. Underwriting: More insurers are entering the Cyber market to capitalise on its uptake and forecasted growth. However, the quality of what these new entrants provide varies considerably. Underwriting is also becoming increasingly reliant on AI, with some insurers able to quote with as little as three pieces of information (name, website, and turnover).
4. Cyber options: Traditionally core covers provided within a Cyber & Data package are now being treated as ‘optional’ covers, leaving potentially vital gaps. Examples include property damage, cyber crime, or cyber business interruption.

Why choose the same insurer for PI and Cyber?

We’re big advocates of keeping both these types of policies with the same insurer where possible. Here’s why…

Iron out potential overlap

Claims can cross over two policies – Professional Indemnity and Cyber. Should a cyber attack occur, such as ransomware taking your systems down for a significant period of time, there will be many issues to address, some of which can sit either side of the policy fence.

Whilst the Cyber policy will respond to get you back up and running, if you’re supposed to be delivering work for clients and hitting key financial milestones, PI claims may arise due to breach of contract. Choosing one insurer that can handle the whole situation gives a view of the bigger picture and fills in those important gaps.

Streamline the claims process

Dealing with a cyber claim isn’t easy – especially when you add negotiating with two different insurers on top of the claimant.

By choosing one insurer that can provide both Cyber and PI cover, they can align the response team to support you – and whilst this will still be time consuming, it will avoid a lot of unnecessary duplication and back-and-forth.

Ensure easy payment of claims

Insurers are there to pay claims if the policy is triggered – however, they want to keep their incurred costs as low as possible.

In the event of a claim, it’s important to avoid giving insurers the opportunity to pass responsibility of payment to each other, causing unnecessary and unfair delays when you need the support most.

Reduce vital gaps

Having PI and Cyber split over two insurers might mean endorsements are applied that restrict coverage in places, leaving possible gaps over the two policies. Having one insurer who specialises in technology should provide a robust policy to reduce gaps in coverage.

However, when combining these policies under the same insurer, you need to try and ensure there isn’t an aggregation limit over the two policies. This will allow you to benefit from separate limits, even if the claim arises from the same matter.

Protecting your tech business with RiskBox

By combining your PI and Cyber cover under one insurer, you can save yourself time, energy, and even money should a claim arise – but that doesn’t mean the process will be simple. That’s where RiskBox comes in.

We act like the bridge between you and your insurer, handling communications and ensuring that both parties have everything they need. Reach out to our team to learn how else we can streamline coverage for your company.

Photo by Dhaval Parmar on Unsplash