Should IT Consultant Carry Cyber or Technology E&O Liability Insurance?

Share this
Should IT Consultants Carry Cyber Or Technology E&O Liability Insurance?

Cyber Liability for IT Consultants is moot. What you really should be considering is a Technology E&O policy. Here’s why:

A Cyber Liability policy is intended to cover you related to breaches you (or others) sustain not related to your professional service. Think in terms of a medical office being breached physically or virtually and data is being stolen. Since their professional service is handling health issues of patience, Cyber Liability is ideal for them.

As an IT Consultant, which is a broadly used term (will explain below), you have a reasonable expectation to keep sensitive information private or to prevent 3rd parties from accessing not only your networks but potentially your clients. Enter Tech E&O:

Technology E&O (Tech E&O) is designed to cover you on a few distinct levels. It is purposely tailored for technology companies because the claims or wrongful acts associated with your operations will likely be a blend of professional liability and other areas.

Here are the main highlights of what is typically included on a Technology E&O policy:

Errors & Omissions / Professional Liability (PL)

This covers you in the event that your product or service you provide fails to do what is expected and causes your client to have a financial loss or loss of data. In many policy forms this can also extend to rogue employees.

Network / Security / Privacy / Cyber Liability

Much of these terms are synonymous with each other but the main takeaway is that it is designed to cover you in the event you sustain a data breach that results from Personal Identifiable Information (PII) being released, you are alleged to be responsible for a breach of a 3rd party’s network (often a client), your actions have lead to a privacy violation and/or you are alleged to be responsible for network downtime (denial of service) including but not limited to beyond the scope of stated SLA or Terms of Conditions.

The main difference between a straight Cyber Liability coverage and the above aforementioned coverage is that this will extend to disputes that alleged that your professional service contributed to a data breach, denial of service and/or privacy violation.

IT Consultants wear many hats.
IT Consultants

Note: As stated above IT Consultant is a broadly used term. In insurance it means advice only and in the IT world it means so much more: Network Engineer, Systems Integrator, Software Developer, DevOps, Penetration Tester, SOC Analyst, Auditor.

Here are some common examples that would be excluded from a Cyber Liability policy but would typically be addressed on a Tech E&O:

  • Network Engineer: Security Misconfiguration of firewalls and ports
  • Systems Integrator: Default Passwords not changed contributing to breach
  • Software Developer: Exploitation of Faulty/Buggy Code
  • Web Developer: Exploitation of Outdated Code, XSS
  • SaaS / Hosting Company: DDOS, DOS, Data breach
  • All: Phishing Credentials of Clients where you have a reasonable expectation to keep it private.

Media / Electronic Liability

This is designed to cover you for any content you provide that infringes upon someone else’s intellectual property (including source code) or is alleged to cause personal or advertising injury such as liable, slander, misrepresentation, wrongful eviction, false arrest, malicious prosecution ect.

As part of Risk Transference, insurance is a viable tool and should be included as part of your Business Continuity Plan. If you are serious about purchasing insurance to protect yourself, I would recommend speaking with at licensed agent/broker who can help you with the details.

Be sure that they furnish you with a copy of the carrier’s specimen form and pay close attention to what is not covered. I hope you found this post helpful and good luck.

*Full Disclosure: Although I work in the insurance industry, these viewpoints are my own and not reflective of the position of the company, past, present or future.

Always consult a licensed agent before purchasing insurance.

To support this blog, this post may contain affiliate links. Please read our Privacy Policy for more information.

Drawing on over two decades of experience in the Information Technology industry, I have acquired a diverse range of roles that have shaped my distinctive outlook. Through this journey, I have developed into an accomplished authority in risk management, catering to Fortune 500 companies and small businesses on a global scale. Over the past 12 years, my primary focus has centered on empowering small business owners and insurance professionals to comprehend the ramifications of cyber incidents and effectively mitigate the risks associated with potential data breaches. My passion for cybersecurity has inspired me to create the Sage Knows IT blog. Through this platform, I aim to help small business owners and aspiring IT professionals understand the roadmap of the IT industry based on my experiences. Information Technology and Information Security are crucial for our future, and I hope my blog will motivate those who are interested in joining this ever-evolving field.

Related Posts

Maximizing Email Security: Understanding the Importance of DKIM, SPF, and DMARC

Email is a crucial part of our daily lives, but unfortunately, it’s also a popular target for cybercriminals who use various tactics like spam, phishing, and spoofing to scam people. The FTC recently issued a warning to users of MetaMask and PayPal about phishing scams that are currently circulating through fake emails. The scam claims that the user’s cryptocurrency wallet has been blocked and encourages them to click a link and update their wallet to prevent the loss of their crypto. To protect email users from these threats, authentication protocols like DKIM, SPF, and DMARC are strongly recommended.

Investigating the FAA Outage: Separating Fact from Fiction

On January 11th, the Federal Aviation Administration (FAA) experienced a nationwide outage that caused widespread delays and cancellations for flights across the United States. The outage was caused by a problem with the FAA’s NOTAM (Notice To Air Mission) system.

NOTAMs are messages issued by the FAA to provide pilots with important information about flight restrictions, hazards, and other critical information. The NOTAM system is a critical component of the FAA’s air traffic control infrastructure, and the outage caused a ripple effect throughout the entire aviation system.

Creating Your Wireless Workspace in 2023

As more and more of us work remotely or from home, having a wireless workspace has become increasingly important. Not only does it allow for greater flexibility and mobility, but it can also help declutter your desk and make your work environment more efficient.

Sage Knows IT: The Future Risks of Smart Contracts

The Future Risks of Smart Contracts

In its simplest form, Smart Contracts are programmable logic (or code) that exists on a blockchain.  It is commonly used to define terms or agreements among parties such as ownership, rights, payment options or business logic.

CIA Triad 2022

Understanding the CIA Triad in 2022

A question I commonly see when individuals are trying to break into the Cybersecurity industry is: What do I need to understand to be successful and make…

Sage Knows IT: Moving Emails from Inbox to Labels using Outlook

How To Move Emails Directly Into Folders Using Gmail

One of the most successful ways to organize your Gmail is using the labels and filters option. Today, I will show you how to make the most out of this option and transform your inbox into a stress-free environment.