IT can leave you exposed to unprotected and unexpected risks, warns Janet Edey.

IT can leave you exposed to unprotected and unexpected risks, warns Janet Edey.

With growing use of e-mails, development of web sites and the spread of electronic business, many companies face a range of new exposures.

Information technology has changed the way that European companies operate, affecting virtually all types of businesses, large and small. The number of internet users world-wide has risen from 14171 in 1995 to i/om in 2000. It is estimated to reach 320111 by 2002. Firms choosing to ignore the opportunities presented by the new economy will struggle to survive, but what of the risks in this new, unregulated world?

With the growing use of e-mail, development of web sites and spread of electronic business, many companies face a range of new exposures. There are many different internet-related risks that could potentially result in liability. For example, websites displaying information run the risk of intellectual property infringements. Using e-mail presents possibilities for virus transmission and potentially defamatory statements.

Internet service providers (ISPs) have been dealt a particularly harsh blow by the UK Godfrey v Demon case. In this action, the defendants were found liable for defamatory statements posted on a website.

Many enterprises, anxious to assess and contain their liabilities, will welcome formal regulation in this area. However while there are moves towards legislation, the nature of it is being hotly debated.

For many companies, it is simply not an option to wait until legislation clarifies their exposures before they start e-business activities. Even the most cautious now use e-mails and often see having their own web site as essential, if for no other reason than to keep pace with the competition.

So is existing insurance cover likely to help? The problem is that such policies were often designed with the risks of the old bricks and mortar economy in mind. The underwriters may never have contemplated the truly global nature of the internet or the inherent exposures this brings, the cooperation with and reliance upon other users and providers, or the requirement for internet professionals to deliver a fully functional 24 hour a day service. Traditional policies may provide inadequate protection.

Internet media exposures
There can be limited cover for internet media exposures under traditional public liability (PL) policies (assuming the policy does not have an absolute web based advertising exclusion). However, many standard PL policies exclude such cover for companies in the business of advertising, broadcasting or publishing. It is common for most websites to carry banner advertisements and links. These can effectively turn the site owner into an advertiser, publisher and broadcaster.

Further, standard PL policies restrict cover to liability arising out of bodily injury or tangible property damage. Internet liability, in the main, relates to intangible losses.

Errors and omissions
Standard professional liability policies often have strict definitions of which professional services are covered (which do not encompass all internet exposures). They are also normally only available to professional firms. Moreover, they may have "old economy" exclusions which will restrict the new technology service providers.

Property, interruption and crime
Companies can face serious losses if their network security is breached, with a consequential to loss of e-revenue and critical information assets. This could result in liability to shareholders and other stakeholders. Standard property policies are designed to cover losses which are sustained by direct physical damage (eg caused by fire or storm). They tend to give cover only for tangible property. Business interruption policies cover consequential losses arising from the same kinds of physical damage to tangible property. In similar style, crime policies usually cover loss only of tangible property, and additionally may only cover loss caused by the company's own employees.

Covering virtual risks
Some insurers are developing a range of solutions for risks presented by the new economy. Internet policies have now entered the market place, designed to cover many of these exposures. Examples of these new risk solutions include cover for:

  • third party liability resulting from a security failure
  • internet related defamation, infringement of copyright/trademark and invasion of privacy
  • asset protection: e-business interruption (including dependant business interruption)
  • extortion: including the investigation and settlement of bona fide cyber-attack threats
  • a crisis communication management fund: providing fees and expenses of public relations or crisis management firms to help respond effectively to a computer crisis.

    Specialist ISP policies also provide tailored cover for liabilities arising out of transmission of computer viruses, causing or allowing unauthorised access or loss of service.

    While these specialist policies are a step in the right direction, the fact remains that internet providers and users are vulnerable to a multitude of claims. Some may not become obvious until tested in court. The developing nature the technology and its business applications is also likely to produce new exposures. The challenge for insurers and their clients alike is to ensure policies keep pace.
    Janet Edey is financial lines consultant, AIG Europe (UK) Ltd, which recently launched a range of netAdvantage products.

    "My impression is that people have not done nearly as much as they should to counter e-business risks. One problem has been lack of specialist knowledge on how to deal with the different aspects. Insurers, brokers and solicitors, as well as risk managers, are now focusing on this.

    "Obviously, companies need to consider the legal aspects. The web is worldwide so you're exposed to international law. Smaller businesses may not have access to the specialist legal expertise needed when setting up their sites. Other important aspects are security, both internal and external, and fraud. There are also financial risks. You might become liable for taxation where you don't expect it. Selling from a UK site, you could be paying Value Added Tax and, in addition, become liable to pay a buyer's market's equivalent domestic tax.

    "We hope to issue a guidance note for members before the end of this year."
    Stuart Martin, chairman, AIRMIC e-commerce/IT special interest group.