Risk Management Issues
Articles
Please take some time to read through these published articles written by ITinsure's staff members. There is a wealth of information within them that should prove enlightening.
How to Protect Against Bad Information
New professional liability insurance is the fastest growing specialty.
Disaster Planning
Two action plans: disaster prevention and disaster recovery.
Home-Based Business Needs Button-Down Approach
Relying on homeowner plans can be a very costly mistake.
'Oops! Sorry!' Doesn't Help When Mistakes Can Cost
Millions
Protection against liability for errors can mean survival for small
to medium firms.
If information is the currency of the Knowledge Age, then faulty information can damage an enterprise as surely as fire or flood. And while fires and floods are impervious to human complaints, people who commit costly errors are increasingly held accountable for damages.
While the Industrial Age saw development of insurance products to protect against human injury and property damage, such commercial general liability (CGL) protection was not intended to cover losses arising from professional errors or omissions. The new insurance specialty covering professional liability is the fastest growing element of its industry.
In a 30-second quiz of your awareness of the difference between CGL and professional liability insurance, decide which form would cover the losses described in the following scenarios:
* A company pays $10 million to restore data and software due to an accidental upload of a computer virus by a consultant.
* A billing system expected to process 10 accounts per minute turns out to perform only half that number.
* Confidential information is disclosed to a third party, causing inventory to depreciate in value.
* A consultant's installation of a program on a client company's mainframe computer opens the company to a copyright infringement action.
* A person is defamed by a remark logged into a company's web site, and sues the site's host company.
* A consultant is sued for damages arising from advice dispensed in a seminar that turned out to be faulty.
The answers, of course, are Professional Liability, and not CGL. This exercise is purely theoretical and does not reflect actual cases, nor is it intended to project the chances of successful legal action. The intent is merely to illustrate the differences between two kinds of business insurance. Following are detailed explanatory notes for each scenario.
The $10 million virus. That's easy. It was a mistake by the consultant for which he or she can be found liable. But the CGL won't provide protection because the damage was to data--which is intangible property--rather than to tangible things like the computers themselves. That's why so many companies who employ consultants are asking to see proof of professional liability insurance before a contract is let. Many individual consultants who do not have coverage would be unable to pay for the costs of a major mistake, and so hiring them exposes companies to significant risk.
The sluggish system
Failure to deliver an adequate system is not covered by the CGL because there is no bodily injury or property damage, we were reminded by Jean M. Younger, assistant vice president of Westport Insurance Corporation, a specialist in electronic errors and omissions liability coverage. Whether or not a successful action occurs will probably depend on how clearly the system's required specifications were expressed in the consultant contract.
A leak of confidential information
Even though it affects property--in this example the value of inventory--disclosure of confidential information is not covered by a CGL. In this case, the company would have recourse against the consultant who disclosed the data; but without professional liability coverage, the client could just as well send a turnip to the blood bank.
Mainframe copyright infringement
It's really immaterial what kind of computer is employed to exploit a copyright, but protection is available only through professional liability coverage. The company has recourse against the consultant for the cost to defend the copyright claim as well as damages alleged by the copyright owner. Costs to defend a copyright claim average in the hundreds of thousands of dollars. That's a good reason to check any consultant's policy to make sure it covers claims for copyright infringement--not all professional liability policies do.
The web slur
This represents a whole new kind of potential liability. The good news about the internet is that its content is immediately available to millions of people all over the world. That's also the bad news. A web site operator or internet service provider would fall under a CGL policy's exclusions of those in the businesses of advertising, broadcasting, publishing or telecasting. An emerging legal code is grappling with problems of defamation and copyright infringement through unauthorized downloading or uploading of copyrighted material. Any consultants or companies engaged in web site development or presentation are open to potential damages, protection from which may be found in professional liability policies.
The flawed expert
Seminar presenters have long protected themselves against liabilities arising from, say, an attendee tripping over a mike cord or being injured by faulty equipment. Those kinds of exposures are usually covered by CGL policies that protect against bodily injury or property damage. But advice dispensed by a speaker is considered a professional service, and any claims for damages would be a matter for professional liability coverage.
In addition to these few examples, there are as many compelling reasons for professional liability insurance as there are potential mistakes to be made. As one of the fastest growing forms of business insurance, it has rewarded its buyers with rates that have been moderated by industry-specific exposures. Prior to industry-specific plans, lower-risk professions were lumped in with higher-risk professions, with resulting high premiums.
A typical feature of professional liability protection is legal defense when required. Insurance lawyers who are experienced in defending against liability claims go into action immediately when needed, at no cost to the policy holder.
All who work with computers have nightmares of disaster. That's because computers and software are among the most fragile and sensitive of articles, and often as valuable, portable and concealable as a diamond necklace. Computer disasters can come in many flavors, including fire, theft and just plain failure. Computerworld magazine has estimated that one in 40 computer installations will suffer a disastrous event. The most common? Water damage resulting from someone else's disastrous event.
Owners of consulting firms and other computer-based enterprises must put disaster planning on their lists of executive responsibilities along with getting work, performing work and collecting for work. Each of those latter three necessities depend on uninterrupted operation of facilities, equipment and manpower. Disaster planning should result in two action plans: disaster prevention and disaster recovery.
The first step to preventing a disaster is to imagine it: if something can happen, sooner or later it probably will. Steven Lewis, writing in The John Liner Review, a magazine about business insurance, identifies computer disasters in a typology of three: loss of data, loss of access to data, and loss of personnel.
Loss of data is pretty easy to comprehend. Hardware or software failure or damage has scrambled your information or erased it. This can happen through a variety of errors: human, mechanical or electronic, or through a variety of damaging events: the roof falls in, the circuit breaker doesn't pop, water pipes break, things like that.
Or the information may remain intact, but you can't get to it. The computers and software may be fine, but your floor is flooded and all your power is off. A skyscraper fire in Los Angeles destroyed several floors, and months later the cleanup of smoke damaged computers and media was still going on in a professional office located ten floors away from the site of the fire.
Or you lose a key employee, the one person who really knows how things work. This can be a devastating event for smaller companies where responsibilities seldom overlap. Those companies risk their success on the good health, good will and continuing employment of certain key individuals. Or companies that depend on service bureaus for billing, receivables and inventory records are at the mercy of disastrous events that may occur hundreds of miles away.
On the surface, disaster recovery would seem to be accomplished through a risk management program that transfers the potential risks to an insurance company. It's true that all from the smallest to the largest companies can protect themselves with programs that cover the costs of restoring property and equipment, and can even cover business overhead costs for many months.
But business owners must also prepare to recover the hidden costs of a disaster. These uninsured losses include lost market share and momentum, increased costs of a restart that will include recruiting and training, lost relationships with vendors and clients, and many specific costs arising from unique experiences.
Hidden costs and losses are the primary reason that an estimated 43 percent of all businesses struck by disaster never reopen, and why 28 percent of those that do reopen close permanently within three years, according to Contingency Journal.
Reducing the effect of those hidden costs is the responsibility of a business owner, while covering the obvious costs of a disaster is the responsibility of the owner's insurance company. The answer lies in the ability of a business to regain productivity in the shortest possible time.
Nelson Bean, whose company Evans American Corporation of Dallas specializes in disaster recovery construction for large organizations, has found that hidden losses and costs of a disastrous event are time-related. Accelerating the recovery process — even though initial costs will certainly be higher — will reduce the longer-term costs of recovery and help assure continuation of a business.
The most important element of disaster planning is to define the responsibilities of individuals in the company prior to a loss. The planning is an ongoing process with periodic updates that will involve the staff in reappraising the threats to your company, keeping the plan current and everyone reminded of their responsibilities.
Following is an example checklist of disaster planning for a small- to medium-sized computer-based enterprise: Recovering property and equipment losses.A staff member is responsible for acquiring property and casualty insurance to protect against specific losses due to, for example, fire, theft, water damage, power surges, computer viruses, even sewer and drain backup damage. Coverage may include both repair and replacement and loss of business income.
Overhead costs during a key individual's recovery from illness or injury.
A staff member, usually the owner or managing partner, is responsible for acquiring disability insurance benefiting the company. Maintaining important data in a separate location. This can be as simple as making backup discs to take home, or putting complete backup files in a safe deposit location.
Planning a "quick exit and restart."
Have an alternative location already picked out where hardware, software and specific variables can be assembled and made operational within a few hours.
Internal communications.
Plan a flow of information to all members of the organization to keep them abreast of events and contingency plans. This will help maintain staff morale and motivation — the most important elements in working through trying times.
External communications.
Plan which persons will immediately inform key clients, customers, suppliers and affiliates about events, recovery plans and, most importantly, possible delays. Everyone outside the company will be more understanding if they feel you have leveled with them and given them reasonable expectations of service.
The best part about a disaster plan is that the process itself helps business owners to identify potential hazards and risks, and through prudent action prevent them from occurring. It's usually the nightmare that you've never dreamed could happen that does.
There's a whole list of things that owners of home-based businesses don't have to worry about: office dress codes, rigid schedules and where to park are usually near the top. But housebound executives still must deal with some traditional business issues such as insurance.
My informal and unscientific survey indicates that most people starting a business in their homes rely on their homeowners insurance to protect them against unexpected losses. This could be a very costly mistake.
Homeowners insurance policies generally do not respond to business-related insurance needs/protection such as business personal property, general liability, professional liability, business auto liability, and workers' compensation.
People doing business at home have the option in many cases of (1) adding a "business endorsement" to their existing homeowners policy; or (2) purchasing a stand-alone business owners package policy. Generally a business office package provides for broader coverage. The first thing we ask business owners who are considering coverage is for an assessment of their insurable exposures. As examples: Is the business set up with its own entrance and dedicated space within the home? How many employees work there? What is the volume of customer traffic? Does the business use especially sophisticated or highly valued equipment?
Other considerations are the value of equipment or data products that are used away from the business, such as laptop computers, remote fax machines, cellular phones and the like. Even credit cards and electronic fund transfers need special attention if they are in the name of the business.
Personal homeowners insurance policies won't normally have detailed coverage for losses of valuable data or papers, the cost to recreate accounts receivable, off-premises risks or other specialized exposures.
Business Income Protection
This coverage will replace actual business losses and special expenses that result from a fire, theft or other covered cause.
Workers Compensation
Requirements vary by state, but most require coverage for health care costs and disability income arising from accidental injuries employees sustain at the work site or elsewhere while on duty. This would usually include the external salespeople or consultants representing a homebased business while performing duties elsewhere--even, for example, while taking a client out to dinner during a trade show.
Professional Liability
This may be the most important coverage a business owner can buy--and usually only available as part of a business insurance plan. The cost of defending against claims of liability due to errors or omissions can easily wipe out an unprotected small business. Professional liability policies have become more affordable since the advent of profession-specific Insurance Policies. In addition to protecting against liability claims, the policies usually provide complete legal defense services.
With all the
exposures that any business has, home-based business owners are
well advised to consider insurance protection that responds to their
business needs. But they still won't have to worry about what to
wear on casual Fridays.
The owner of a small consulting firm asked his insurance agent for ideas about liability protection for his business. "I don't need much coverage," he said. "It's not likely I'll be causing any damages or injuring anyone." The agent agreed that his exposure to general liabilities was slim. "But how about the financial damage you could cause? How much could your big mistake cost your client?" "Companies hire me because I don't make mistakes," he said. He was put off by just the idea of bumbling a project. Then he thought a minute and said, "You mean they have insurance for that?"
The answer was, yes. In fact, professional liability coverage is one of the fastest growing forms of insurance for consultants in all fields. It offers protection against financial losses that result from errors and omissions by the covered people.
If a consultant should be able to perform a given service with reasonable care, then failure can be risky - whether or not the specific action in question was in the contract, or just an undefined expectation. Protection against that kind of failure can mean the difference between life and death for a small to mid-sized consulting firm.
It's important for both consultants and those who contract with them to understand the emerging trend toward protections against liabilities of all kinds. Proof of protection against general liability for physical injuries or damages is now being combined with protection against professional liability for the costs of mistakes.
Some consultants believe that incorporation will shield them from all liabilities. It's true that a corporate shield can be effective against creditors, but it is less of a barrier to charges of negligence by an officer or employee of the corporation.
And there is the school of thought that as little as possible should be promised to a client in order to protect against possible omissions. Under that approach, many consulting engagements are undertaken on the strength of a proposal letter rather than a formal contract. But, as noted above, just because you didn't promise specific competence doesn't mean you're not obligated to provide it. The most savvy consultants and clients now agree that the more comprehensive the contract the better.