What does cyber insurance cover for small businesses?
Primarily Cyber coverage covers a business against risks associated with damages resulting from a breach of its computer systems. Hacking attacks can result in different types of damages such as data theft or bringing down a companies website. Cyber insurance would mitigate the cost associated with the damage that these types of computer hacks can do. So what exactly does the insurance cover?
Types of Damages Covered By Cyber Insurance Policies
To begin with, Cyber Insurance policies will cover 1st party and 3rd party damages, so what does that mean? 1st party damages are costs incurred directly by the insured as a result of a cyber incident. If you have direct costs associated with a cyber incident, 1st party coverages within a Cyber Insurance policy are there to make you whole.
3rd party damages are damages incurred by an 3rd party such your customers. In this instance you as the insured are the 1st party and the insurance company is the 2nd party. If your customers, a 3rd party, were financially harmed as a result of a Cyber incident your company were to suffer, your insurance would cover the associated 3rd party damages. So the next question is what are some examples of these costs the insurance would cover?
3rd Party Damages
Since 3rd party damages would be what most people are familiar with I will begin there. Damages like this are the ones you most hear about because they are most commonly associated with big hacks and data breaches where highly sensitive data is compromised. This as you can imagine leads to lawsuits. Your customers, vendors, even your employees who’s data is compromised or is injured as a result of a data breach are within their right to take legal action against you. These are 3rd parties and all of them can file suit.
In such an event, the insurance will cover the legal cost of your defense and as well as damages a court finds you responsible for. In this instance, a parallel would be General Liability insurance for a company if someone got injured on your premises or Errors and Omissions if a client were to suffer damages as a result of your professional negligence. Cyber Liability simply covers a different set of risks.
1st Party Coverage
1st party coverages don’t get as much attention as 3rd party but are still very important to have in place. There are many direct costs a company can incur as a result of a cyber incident, some examples are as follows:
- Public Relations Costs
- Credit Monitoring
- Cost to Restore/Recreate data
- Coverage for Fines and penalties
- Business Interruption Expenses
- Notification Costs
- Forensic Investigation Costs
- Cyber Extortion
Without 1st party coverage, these costs would come out of the insureds pocket.
Contact BIBSMA Today
If your company is just an idea on a napkin or a well funded, well oiled machine, BIBSMA has the expertise and experience to suit your needs now and into the future.
If you are ready to get started, simply fill out the contact form and we will contact you within 24 hours. Feel like talking to someone right now? Reach out with a phone call, even if it’s something as simple as a question you’d like to get answered, we’re here to help. 978-400-7014
Key-Person Insurance is a life or disability insurance policy taken out by a company on a key-person within the company. The Key-Person insurance policy itself is nothing exotic, it’s a standard life or disability insurance contract. For life coverage, typically it will be a term insurance policy, perhaps a 10 or 15 year policy. The differences in procedure revolves around the documentation since a company will own the policy as well as be the beneficiary.
Who is a Key-Person?
A key-person is a person within an organization that without which, that company would be in trouble. Examples of a key-person could be an executive such as a CEO or COO, an employee that has exceptional technical knowledge essential to the company like a CTO or key engineer or a key salesperson without which significant revenue would be lost.
The shared attribute of the examples is that if the executive, techie or sales chief was gone tomorrow there would significant damage done to the organization as a whole.
What is Key-Person Insurance for?
The insurance would secure the company against potential losses that derive from the death or disability of such a key person.
For starters, it would insure the company against the expense of replacing a key person. An executive search to replace a key officer can be time consuming and expensive. The insurance coverage would mitigate the company’s financial risk.
The coverage would also insure against potential lost revenue due to the loss of the Key-Person. As a for instance, if a key salesperson were gone tomorrow, what would that mean in terms of sales revenue lost. If a key executive with a litany of strategic contacts and relationships were gone tomorrow, what would that be worth in dollar terms?
The amounts of coverage needed comes down to the potential revenue lost and the cost to find and train a suitable replacement.
When should a company have Key-Person Insurance
Probably the most common trigger for procuring this kind of coverage stems from VC funding as quite often it will be a prerequisite to closing out a deal. Outside investment will be apt to want to mitigate the risk of the death of a key-person in a company they may be investing in.
In the absence of an outside trigger, companies need to take stock of their own employee’s value. As a company grows and scales, there will be those certain employees upon which a company relies heavily. It is up to leadership to identify such employees and protect against the loss of those employees.
If this is an issue your company faces, here comes the shameless plug. I work on these issues quite a bit with companies facing this need. If it is something your company faces and warrants some guidance, feel free to reach out. I will be happy to act as a resource.
At a very early stage it won’t be a necessity but that doesn’t make it a bad idea to have sooner rather than later. A buy/sell agreement will go a long way toward getting ahead of issues down the road. If a founder wants to leave a startup, sell a stake, becomes disabled and can’t work…. or dies, the buy/sell agreement will map out how the shares of the company are to be valued and to whom they can/will be sold.
Why is a Buy/Sell Agreement Important?
This becomes more important as a company grows, is generating revenue and has a significant value attached to it. At this point there can be real money at stake and as the money gets bigger, the potential ramifications to all parties involved increases.
A buy/sell can become one of those forgotten tasks, one of those things everyone says they need to do but growing the company, hitting deadlines, moving things forward get in the way. Often something happens unexpectedly and all the sudden you have a dumpster fire of a situation on your hands.
Amending a Buy/Sell Agreement
Getting an agreement mapped out early on sets parameters right from the start. The agreement can be flexible and amendments can be made. Maybe another founder or outside money enters the mix. Maybe a founder wants to buyout another founder. If the valuation of a company gets to the point to where one founder can’t buy out another, funding an agreement with insurance is going to become a key factor. You can change an existing agreement, in fact it’s something that should be reviewed regularly and amended to suit.
You can’t amend something that never existed though, and you can’t turn back the clock if a situation occurs and such an agreement has never been placed. If you do it early on when you are establishing associated items such as the Founding/Operating Agreement, a lot of the details will fall into place logically toward a buy/sell. Just grind it out and take care of it, save yourself an inevitable problem down the road.
If you’ve read this far and feel this is something you could use more guidance on, here comes the shameless plug. I work with my clients in the startup space quite often on getting buy/sell agreements together and getting them funded. If it is something you could use some help with feel free to reach out. I’d be happy to act as a resource.
Business Insurance & Investment Services of MA
I typically start talking to my clients about EPLI when they cross the 10 employee threshold. Once a startup gets to that point it is typically beyond the founding team and first couple of hires that the founders probably knew well or had targeted. When you get past 10 you are starting to bring in people outside of that tight circle. You are also going to begin to have some churn as it relates to employees coming and going.
As a startup, if you have this many employees it usually means you are going up from there as well. Most of the time the founding team and build out staff is going to be small. Once some funding comes in this triggers expansion. If you are expanding fast you are going to need to protect yourself against claims that EPLI protects you from.
If you have D&O already (most funded startups will), EPLI is a fairly inexpensive add on. Usually it’s less than $2k/annual at 10 odd employees. It’s going to come down to when management feels it is important enough to pull the trigger on. Given the rise in EPLI claims in recent years, it’s becoming more and more important. The earlier you get it the better.
A funding round that will trigger expansion is a pretty good trigger if you wanted to look to a particular event. I would think series A versus a seed round but that will depend on the size.
This is an issue I talk to clients about quite a bit so here comes the shameless plug. If this is something you feel warrants some discussion feel free to reach out with a call or an e-mail. I will be happy to act as a resource for you.
Business Insurance & Investment Services of MA
What are the vital/recommended types of insurance my new tech startup will need?
Types of Business Insurance Recommended:
- Workers Compensation: Fairly straight forward here. This is mandated by the state if you have employees. Get it or get fined. Workers Comp provides disability payments to employees that are hurt on the job. Some states (NY and CA are a couple) will also mandate that your company purchase State Mandated Short Term Disability Insurance as well. Like Workers Comp, if you don’t get it you can be fined, so get that too if you are in an applicable state.
- General Liability: Comprehensive General Liability is foundational coverage for your business. It covers aspects such as ‘slip and fall’ incidences, product liability, damage to rented premises, advertising and personal injury and will typically incorporate property coverage for the business. It covers a lot of ground and the basic risks for your business.
- Technology Errors and Omissions: This is the one that is really going to count. Tech E&O is the coverage that is going to cover your company in the event that your services fail. E&O covers risks that stem from the services provided by your company. If that service is technology related, most of the risk associated with your company is going to be covered by this component.
- Cyber/Privacy: This used to get overlooked or poo-poo’d as not worth the money some years back, not anymore. Cyber/Privacy’s major purpose is to cover a security breach in your company’s systems that results in the loss/theft of sensitive client data. This is especially important if you work in the financial or medical space where the information you have custody of is personally identifiable data such as medical records or SSN’s or financial data such as banking account or credit card info. You will need this. Make sure you have it.
- Directors and Officers: This goes a little next level for a startup but it should be on your radar screen. D&O covers your management team against risks that stem from the management of the company. For a tech startup, a couple of the more common triggers is a VC round or a prerequisite by a potential board member. Claims that stem from these types of risks have been on the rise and without it your company leadership (including you) are potentially exposed to litigation with no coverage to back you up.
These are issues I talk to clients about quite a bit so here comes the shameless plug. If this is something you feel warrants some discussion feel free to reach out with a call or an e-mail. I will be happy to act as a resource for you.
Business Insurance & Investment Services of MA
How does Directors and Officers (D&O) insurance work?
Directors and Officers insurance is becoming more and more prevalent these days as a necessary protection for companies and their management. Quite often, I am asked how the coverage works. Since a full explanation is pretty detailed, this post will give a broad, detailed response.
Directors and Officers insurance protects the management of a company against a broad array of potential claims. If an act should occur that triggers one of these claims, what happens next? How does the coverage kick in? To answer this we need to look into the different parts that make up a D&O policy. Most every policy begins with three main parts known as Side A, Side B and Side C. These components determine which part of the coverage would be responsible to pay for defense and damages when a claim comes to bear.
Side A D&O Coverage
Side A coverage of a directors and officers insurance policy is the component of the policy that will indemnify a director or officer when the company cannot cover such an officer for defense and damages. This is especially important to directors and officers because a situation such as this puts their personal assets at risk.
Nine times out of ten, a company will cover costs to defend company officers if a claim is levied and needs to be defended. If the suit is lost, the company will cover the damages….nine times out of ten. But what if there is a situation where the company can’t indemnify an officer in this situation? A common cause of this is bankruptcy. If a company goes belly up and there is a claim against an officer of that company, how would that officer be indemnified? The answer is he or she wouldn’t.
This is where Side A coverage would kick in. Since the director or officer would not be indemnified in certain scenarios, the Side A coverage steps into the gap in order to cover defense costs and potential damages for which a director and officer would be liable. In absence of such coverage, if the company is not in a position to indemnify, the officer is on the hook for defense and damages costs.
Side B D&O Coverage
Side B coverage of a directors and officers insurance policy is the component of the policy that will indemnify a company when such a claim arises. As mentioned, nine times out of ten a company will defend and indemnify a director or officer if a claim is filed. If a company indemnifies a director or officer once a claim is defended and damages paid, there are substantial costs associated with defense and damages that the company has to cover. So where does that leave the company? This is where Side B of the Directors and Officers policy comes into play.
Side B does not cover directors and officers personally. Side B covers the company in the event that the company is picking up the tab for defense and damage costs associated with a suit brought against that company’s directors and officers. This is how a company gets made whole.
Side C D&O Coverage
Side C of a directors and officers insurance policy is the part of the coverage known as ‘Entity Coverage’. Entity Coverage covers a company should a company been involved in a claim along with its directors and officers. Often if a claim is made against a director of officer of a company, that company will be named in the suit as well.
Side C covers the firm’s liabilities in such a scenario. This is opposed to Side A or B where the liabilities of the director or officer is taken into account.
Retention is just another word for deductible. A retention amount will typically be assigned to Sides B & C ranging from $5k to $25k. The choice of retention is up to the company and will affect the premium amount for the company. The higher the retention, the lower the cost. In the event of a claim, the retention becomes the company’s responsibility after which the insurance kicks in.
In most cases, Side A coverage will have a $0 retention. The rationale behind this is that Side A is the part of the coverage that covers directors and officers personally when a company does not provide cover. Because of the personal cost nature of Side A, a large retention such as $25k becomes unaffordable. Hence, Side A coverage is typically first dollar coverage (or $0 deductible).
For more information on Directors and Officers insurance you can check the following related posts:
Directors and Officers coverage: Hogan vs. Gawker, Hogan puts the smackdown on CEO Nick Denton
Somewhere in the back of my head as I write this I can hear the intro music for Hulk Hogan as he heads toward the ring. ‘ I am a real American…fight for the rights of ev’ry man …. Da, da, da da da …….da da da da….’
If you have been following the news lately, you may have seen that Hulk Hogan recently won a huge judgment in his invasion of privacy lawsuit against Gawker Media. $115 million in compensatory damages for invasion of privacy stemming from the sex tape that Gawker posted on their site without permission. Putting aside the morality of posting a sex tape of someone online and then defending it by calling it newsworthy, that’s a noteworthy amount. If it doesn’t come down in appeal it could bankrupt the company.
I personally can’t get enough of this case, it has everything. Sex tapes, lawsuits, new media, 80’s wrestling legends… and now a smooth segue to Directors and Officers insurance coverage.
For the purposes of this blog post I am going to focus on what happened in day two of the penalty phase of this trial. A key point to remember in this is that Hogan not only sued Gawker Media, Hogan sued both the CEO of Gawker, Nick Denton, as well as the editor-in-chief, AJ Daulerio. In day two of the penalty phase, Nick Denton was hit with a $10 million dollar judgment and AJ Daulerio for $100k.
Somewhere in my head on 80’s wrestling commentary…..
Gorilla Monsoon: ‘ Ohh look out Brain, Hogan’s hulking up!!!’
Bobby ‘The Brain’ Heenan: ‘Wha… this guy’s not human, GET OUT OF THERE NICK, GET OUT OF THERE!!!’
Gorilla Monsoon: ‘Too late for that Brain! Here comes the big leg!!!’
Now for a guy who is at the head of a huge media empire, odds are Nick Denton will be covered by Gawker Media’s Directors and Officers coverage. Good thing too because even on appeal, Mr. Denton likely won’t get completely off the hook for the damages that he is personally liable for at this point. Depending on the kind of policy Gawker has, perhaps AJ Daulerio could be covered as well. Some policies will cover non-executive directors to a limited degree.
As far as the argument that ‘Hey, even if he gets nailed for $10 mil, he owns the company. The company will pay him back’. A good argument, two things go against it. One, if the company is solvent after all is said and done, who pays Gawker Media for making their CEO whole? The D&O coverage, that’s who. Without it (provided Gawker reimburses officers in such cases as standard operating procedure), Gawker Media would be out another 10 million. With the coverage, Gawker will be covered for the amount needed to make its officer whole.
But what if the $115 million dollar judgment holds up on appeal? What if the worst case comes to pass and Gawker goes under? That $10 million dollar personal judgment is still there. Nick Denton would still be personally liable with no entity to make him whole. Once again, here’s where having a comprehensive D&O policy becomes so important. If a company goes under due to a lawsuit and a firm’s directors and officers are still liable, there had best be a healthy D&O policy in place. The policy would be there to cover said directors and officers against a judgment, protecting their personal assets. Without it, well….. someone will get left holding the bag.
Now Gawker is not a publicly traded company, note that this is a perfect example of how Directors and Officers coverage isn’t just for publicly traded companies. In this day and age, if there is a lawsuit worth pursuing, it’s worth pulling everybody in, and that includes a company’s leadership. In this case, company policies that filtered down to what Gawker saw as admissible to post as news came back and bit them…hard. Ultimately a jury found Nick Denton had a personal responsibility for the actions taken at Gawker that lead to where we are now. Hogan hit ’em hard on it in day 2 on the penalty phase.
Note to directors and officers of a business, even small businesses, you don’t need to be a huge publicly traded company to have a risk. This is just a recent example in a long line of examples where directors and officers find themselves in the line of fire. If this is something your company has not taken up yet and merits discussion, please feel free to reach out. I would be happy to act as a resource for you on the matter.
Management Liability policies: Is it just Directors and Officers coverage?
When you are putting a full Management Liability policy together there are a few things you will need to take into consideration. Here are a few of the big ones.
Is Directors and Officers coverage all you will need?
Directors and Officers coverage protects a company’s directors and officers from claims that fall within the policy provisions. In a complete Management Liability policy, there are other lines of coverage that protect against different management risks. EPLI (Employee Practices Liability Insurance) is probably the best known.
EPLI coverage is the insurance that covers management in the event that a claim stems from a company employee. Harassment, discrimination, wrongful termination, there are a number of issues that can be brought to bear against directors and officers of a company. EPLI protects specifically against those risks. EPLI would be a separate component in a Management Liability policy.
A company would need to be sure that any complete Management Liability quote included such coverage as it is a distinct line of coverage from Directors and Officers. With the rise in the types of claims covered by EPLI, these days it’s a must.
Shared versus separate limits?
If you find that you do need EPLI (and if you have several employees you really ought to) as well as D&O, you will need to consider whether you need shared or separate limits.
With shared limits, the stated coverage limit is the overall amount of coverage you get for a given policy year between both coverage lines. Say you purchase a Management Liability policy with D&O and EPLI coverage with a 1mm shared limit. All the sudden, here comes a claim and you lose. The claim ultimately costs 700k between defense, settlement and any associated costs when it is all said and done. The amount of total coverage going forward for either a D&O or EPLI claim would then be 300k.
Separate limits means that each coverage line has its own separate coverage limit if a claim was directed toward it. Separate limits means that you would have 1mm for each coverage aspect. In practice, if you had a D&O claim and lost and the whole thing cost you 700k, you would have 300k left in coverage for D&O, but the EPLI would maintain a 1mm coverage limit…separate limits.
Separate limits certainly will cost more. It also is an important consideration to make.
Do you want a separate defense limit?
So what is a separate defense limit and do I really need it? A separate defense limit sets aside a separate bucket of money purely for legal costs surrounding a suit. This limit will typically be the same amount as the standard coverage limit. If you have a 1mm limit on Directors and Officers coverage and have a separate defense limit, it’s likely to me 1mm as well.
Defense costs can account for huge sums of money when one is forced to defend themselves from a D&O claim. The average cost of a D&O claim including defense cost, settlement and judgments is $697,000. A large piece of this cost is associated with the legal costs of defending the claim in court.
The separate defense limit protects a policy holder from exhausting the coverage on legal defense and not having enough if you lose a case. For example, say you had a straight up 1mm D&O policy and a claim came in against you. If one were to mount a $500k legal defense, you are already down to 500k in coverage. Legal defense would go against your 1mm in protection.
If you lose, and the judgement is 1mm against a director or officer, someone is going to be out $500k. Without a separate limit, the $500k defense cost goes against your original 1mm coverage, leaving $500k in protection. If the judgement against you comes in at 1mm, you only have $500k left after you’ve mounted a defense. Not good.
If you have a 1mm separate defense limit, the $500k defense cost goes against its own 1mm bucket of money. In this example, a $1mm D&O coverage with a $1mm separate defense limit means that after defense costs have been accounted for, the 1mm judgement against a company director or officer would be completely covered.
Since 2014 the Affordable Care Act, AKA Obamacare, has been giving employers fits with regulations and rules that they need to be in line with. It’s been fluid to say the least as far as determining what is in bounds, what is out of bounds, what was once ok, isn’t anymore. It’s a regulatory minefield, and the feds keep laying out more mines it seems.
The most recent change to the rules isn’t so much a change as it is a running clarification that has recently come to a head. Prior to 2014 it was a common practice for employees to go out and get individual (non-group) medical insurance and have an employer reimburse the premium cost. This would be used with a section 105 HRA in most cases. Technical guidance from the IRS prior to Obamacare’s January 1, 2014 kickoff dictated that these plans were considered to be group health plans and subject to market reforms.
Reimbursements for Individual Medical Plans
You better watch out doing this now. Reimbursements by companies for individual medical plans (HRA’s, Section 125’s or otherwise) has been deemed out-of-bounds by the ACA (Obamacare). There have been several technical releases by the IRS, Dept of Labor and HHS on the matter. At the end of the day, if a company is reimbursing employees for individual health insurance policies, or direct paying insurance companies for individual health insurance policies you are opening yourself up to a fine by the Feds.
This link The Affordable Care Act Implementation Part XXII goes to technical guidance released November of 2014 and goes into detail and clarifications from prior (Sept. 2013 and May 2014) releases from the IRS. The fines are as much as $100 per day per effected employee or up to $36,500/year.
More recent guidance from the IRS in February 2015 with Notice 2015-17 (Employer Health Care Arrangements) gave a moratorium of sorts to companies to get in line by June 30th 2015. While it may seem magnanimous on one hand to give companies a break, it would seem that the gloves will come off as of July 1.
The one way I’m aware of that you can do this and stay in bounds is to pay employees more salary. You can’t dictate to employees that it is used for coverage (per mandate as it would constitute a reimbursement) and there is the tax issue and expense because it can’t be treated as a pre-tax deduction.
My advice, don’t do it. Go with the group plan, PEO or otherwise. Stay out of the Feds crosshairs. If you need more help on the matter or to find a suitable plan, I’d be happy to help (shameless plug).
Do members of a board of directors need insurance? Why?
Members of a board of directors will be making a flurry of decisions that will have a profound impact on a company. Some of these decisions will be difficult and will have an impact on many interested parties. Put simply, not every decision a board makes is going to sit well with everyone.
If a board of directors makes a decision that could potentially harm another party, that party can turn around and sue not only the company but the directors and officers themselves. Because directors and officers can be sued personally, this can result in the personal assets of such directors and officers being at risk. This is where the D&O insurance comes into play. It insures directors and officers against such risks.
What if a company makes it a point to protect their Directors and Officers by indemnifying them in the event of such a lawsuit? D&O coverage also insures companies from going out of pocket to reimburse directors and officers by indemnifying the company in that case. Either way, the insurance sees to it that neither a director, officer or the company itself is left holding the bag.
D&O Claims Cost
D&O actions can stem from many different parties, company stakeholders, customers, competitors, even a company’s own employees. It can come from a lot of places. The stakes are high, according the Chubb 2013 Private Company Risk Survey, the average total cost of a D&O claim was $697,902 including judgments, settlements, fines and legal fees.
Needless to say, we’re talking about big money. Companies need to take steps given the rise in D&O claims and the exposure that they encompass.
Pre-requisite to Funding
Another potential key reason to this doesn’t directly speak to risks a board runs, but more to a requirement by a third party. Funding mechanisms such as venture capital and seed funding will typically require Directors and Officers insurance as a pre-requisite to closing out a funding deal. These outside parties want to see that their interests are protected and as such will make it a contractual obligation that a company get this in place before signing off.