Cloud Services & Platforms | GB&A

Cloud Services & Platforms

Cloud based solutions have become deeply integrated within many organizations in one form or another. With both increased industry and product specialization, such as e-forensics for law firms, cloud based storage for accounting firms, industry specific payment processing or specialized software for design professionals, the risks of these companies is changing. While your company may be broadly defined as an SAAS (software as a service), PAAS (platform as a service), or cloud storage provider, you are much more than that. You are industry aligned professionals that must be aware of your clients’ legal, financial and regulatory landscape. With operations often dependent on your services/platforms, you are also a trusted partner, and there is often little room for failure or “down-time”. When it comes to managing risk and structuring insurance programs, it is important to partner with a broker that understands this, as there is no standardized insurance product. Each cloud service is unique with its own risk profile that needs to be addressed. These exposures include:

  • Loss of client data (such as marketing databases, logistic information, sales records, health records, etc)
  • Financial damages resulting from “downtime” resulting from a breach, virus or ransomware attack
  • Cyber exposures created from membership based models and storage of personal information 
  • Accusations of misrepresentations regarding capabilities or ROI
  • Professional liability claims 
  • Media & Publishers’ liability for published information and IP related lawsuits. 

While E&O/cyber insurance is generally a wise first step, these policies vary greatly in coverage, terms and verbiage requiring careful structuring, review and negotiation. There are also many other areas that need to be addressed outside of E&O and/or cyber liability, including property coverage for servers, product liability, utility interruption, and more. Due to the fact that many cloud based businesses seek funding through venture capital, equity and other forms of financing, directors & officers insurance is another integral part of a holistic portfolio. Through an individualized approach, we work closely with our tech clients to assess their exposure and structure programs that address their needs. 

Risk Profile

The Risk Profile below is an outline of your company's core exposures. Click to learn more and selection your coverages of interest to begin building your insurance portfolio, or click "Connect With A Broker" to contact us.

  • Commercial Liability & Property

    Commercial liability packages (sometimes referred to as CPP's or BOP's) provide balance sheet protection in the form of financial reimbursement and liability protection in the form of coverage for defense costs and damages resulting from:

    • Claims asserting bodily injury and/or property damage
    • Product liability claims (unless excluded)
    • Advertising Injury such as libel, slander and infringement related claims 
    • Theft and property damage losses for inventory, business property, machinery, etc
    • Loss of business income
    • Equipment breakdown
    • Key Broadening endorsements (Transit coverage, basic cyber, employee dishonesty, ERISA, basic EPLI, and more)

    Due to the fact that endorsements can either broaden and extend coverage or limit/exclude coverage, policies should be carefully reviewed. Seemingly small endorsements such as “selling price” endorsements and business income coverage for dependent properties (such as suppliers, retailers and leaders) can provide substantial coverage enhancements. Due to the advertising risks faced by this sector, it is also often wise to seek coverage through a carrier that has a strong reputation for advertising coverage.

  • Technology Professional Liability (E&O)

    When purchasing errors & omissions insurance, it is critical that cloud providers perform careful coverage reviews, as terms can vary significantly. Purchasing policies with broad contractual liability exclusions or narrow definitions of “professional services” can effectively eliminate coverage when a loss occurs - such terms should avoided completely or negotiated back. It is also important to understand that E&O policies without any cyber liability endorsements exclude coverage for 1st party damages (such as notification costs, credit monitoring costs and lost business income among others) resulting from a breach or unauthorized access. Coverage for such claims can be included by seeking a carrier with a 1st party cyber endorsement or purchasing a separate cyber liability policy. There can also be advantages to having E&O and cyber liability combined on one policy which include potentially lower premiums and eliminating potential carrier disputes or “finger pointing” in the event of a claim. 

  • Employer's Liability & Workers Compensation

    Workers Compensation insurance is a mandatory coverage for companies with employees (including volunteers, uninsured independent contractors, leased or part time labor). It provides coverage for employees’ wages and medical payments resulting from injuries sustained while “on the job”. Coverages to consider include “broad form all states” coverage and foreign workers compensation coverage (especially important for employees traveling abroad for business). Additional employee related coverages that should be considered include: 

    • EPLI/Employment liability (protection for the hiring/firing of employees and discrimination/harassment related claims)
    • Employee benefits
    • ERISA/Fiduciary coverage (for the administration of employee benefits)
    • Long term disability
    • Kidnap & Ransom (for employees traveling abroad for business)
  • Directors & Officers (D&O) and Employment Liability (EPLI)

    Directors & Officers insurance provides:

    • Direct Protection for individual directors and officers when the entity cannot (legally or financially) indemnify it's directors/officers. These include derivative claims or bankruptcy related litigation.
    • Balance sheet protection in the form of reimbursement to the entity itself for claims in which the entity indemnifies individual directors or officers
    • Protection for claims asserted against the entity itself

    Claims are often asserted by shareholders, investors, employees, creditors, competitors and regulatory agencies and can include:

    • Claims asserting misrepresentations made in private placement memorandums
    • Breaches Of Fiduciary Duties
    • Anti Trust & False Advertising Claims
    • Bankruptcy related claims
    • Accusations of Fraud

    Additional optional coverage components include:

    • EPLI/Employment Liability: Provides protection for the hiring, firing and management of employees. Such claims can include wrongful termination, failure to hire/promote, harassment, discrimination, and retaliation. Optional coverage can include claims asserted by clients, vendors and non employees.
    • Crime & Employee Dishonesty: Protection for the entity against theft, fraudulent invoicing schemes, warehouse theft, social engineering, etc.
    • Fiduciary Liability: Protection for the directors & officers assets against losses caused to employee benefit plans
  • Cyber Liability & Data Security

    While much of the cyber liability risk surrounding cloud providers can be addressed through a well structured E&O policy, the need for additional cyber insurance is greatly dependent on; 1) the business and its operations, 2) how well the E&O is structured, and 3) if there are any cyber endorsements attached to that e&o policy. With even cloud providers using cloud providers today, ransomware & extortion attacks targeting cloud providers, and first party exposures often excluded (such as loss of business income and costs associated with notification and credit monitoring), there can often be a need for separate cyber insurance. It is important to note that cyber insurance is also one of the few ways to afford your company a level of PR/crisis management protection for reputational damage resulting from a data breach. Purchasing a separate "stand alone" cyber policy generally provides additional protection in the form of:  

    • Balance sheet protection by reimbursing the entity for financial damages and other costs associated with data breaches and network security events.
    • Fills remaining gaps or holes in the underlying E&O policy's coverage
    • Responds to data breaches or cyber events that affect only the software developer (entity) such as extortion demands, network restoration costs, etc.

    Claims can arise from

    • Data Breaches, viruses and unauthorized access 
    • Lost or stolen laptops and lost or stolen paper records
    • Transmission of a virus to others
    • Rasomware and extortion demands
    • Media related liability
    • Clerical and human errors in opening or transmitting files
    • Payment processing
  • Crime & Employee Theft

    Crime & fidelity insurance provides protection for the entity against financial losses resulting from crime, theft and dishonest acts committed by employees, executives, independent contractors and other parties. Claims can include theft of money or securities, forgery, alteration, computer fraud, fraudulent invoicing, credit card and funds transfer fraud and more. More modern schemes include social engineering attacks (such as business email compromise, also known as CEO fraud). Third party crime coverage provides protection for claims of theft asserted by clients or customers while your employees are working on their premises or have access to computer networks. 

Get (Risk) Managed.

Ready to review your existing insurance program? Interested in setting a reminder for a renewal review? Or simply have a question? We're here to help. We also understand you're busy - let's schedule a time to speak that works best for you. Simply schedule a call and we'll reach out when it's convenient.

Schedule a callback