How E&O needs to change for emerging tech companies

Does a one-size-fits-all basic tech errors and omissions (E&O) policy that covers things like breach of contract or negligence still suffice for an emerging tech company?

“Most probably not,” said Charlie Murray, international technology team leader with specialist insurer CFC Underwriting.

Traditional technology E&O policies from 10 years ago, for example, used to be geared at business-to-business service providers, like a project manager, IT consultant or accounting software provider. “A traditional E&O policy works very well in that environment and you can deploy very much a simple tickbox underwriting approach, which has very much been embraced by the tech E&O market,” especially small- and medium-sized businesses, Murray said in an interview Tuesday.

For these traditional risks, underwriters would draw on basic factors like revenue, largest contract values and scope of services being rendered. But that doesn’t always work for emerging technology companies, which could include dating apps, ridesharing providers and social networks.

“We need to be thinking about what are these exposures that we need to be considering for the emerging tech company because it’s very much not what we need to be considering for a traditional tech company and what most carriers are doing these days,” Murray said.

For example, one big exposure for emerging tech companies is vicarious liability. “When you’re underwriting an emerging tech account, you’re not really underwriting the business per se, you’re underwriting what other people are going to do with that tech,” Murray explained.

For instance, a dating app may be found negligent for the actions of its underlying users if one party injuries another. “That big tech company with big, deep pockets is going to get brought into any action.”

Besides vicarious liability, emerging tech companies may also need cover for business interruption arising from a cyber event, contingent business interruption, regulatory breaches and the fines associated with them, and user-generated content.

“So, what that means is you’ve got a social network or dating app, the users are interacting with each other on that platform and then say somebody makes some statement on the platform that turn out to be defamatory,” Murray said. “The policy then is going to trigger as a result of that third-party user posting that on the site and the site then being found liable for them, whereas a traditional policy isn’t going to respond like that because it’s not the platform that’s committed that wrongful act.”

Murray described one emerging tech E&O policy that CFC had written in Canada recently. The insured company operated an online multi-player horse-themed roleplaying game in which users are immersed into an adventure island. Users can care and train horses, interact with other players and solve challenges and mysteries.

With traditional tech companies, revenue is used to price and rate the exposure. But with these platforms (which Murray describes as effectively an “evolved social network” with the game overlaid on top), exposure is driven by interactions between users. “The more interactions you’ve got, the more I might talk with another horse owner, the more chances there are for defamatory or offensive user-generated content. That’s going to drive those vicarious liability suits against the insured.”

Many games also operate on a freemium model, so players can play up to the level they can without purchasing anything, while some will purchase more than others. So, CFC had to find another way other than revenue to rate the account and poll the relevant exposure: they used a tool to measure how popular a certain game, app or website was.

With another role-playing game, players had the ability to speed up the character or story-line progress by spending real-world currency. Players grouped together to form clans and spent significant amounts of currency to develop their characters. But one clan “had become extremely powerful in an impossibly short amount of time,” and it was discovered they were using hacks to enhance the characters.

When the non-cheating clan brought this to the attention of the game moderator, they failed to act. The first clan brought a legal action against the studio for failing to appropriately protect the status of the legitimate characters and clan, and failing to act against the hacking claim. They claimed compensation of lost time, monetary investment, loss of enjoyment and legal fees, and were successful.

“It’s that type of claim you couldn’t imagine in a million years,” Murray said. “If you’re not familiar with these types of exposures and these types of games, how could you even begin to underwrite that and provide them with the appropriate cover?”