Insurance: Cover Story

In these litigation happy days, fire, damage and theft can be the least of computer firms? worries, says Annie Gurton, which is why it is essential for them to invest in the right insurance policy

Every business has to have insurance, that?s the law. But computer resellers have risks be-yond the normal, and it is necessary, and judicious, to have more insurance than the law requires.

Take the average reseller business. For most there is at least an element of recommendation, consultancy and involvement with the customer?s business requirements. Few reseller businesses just sell boxes off the shelf, so most have an exposure to risk of litigation. Give some advice or put in a system which results in some damage to your customer?s system or business, and you could be in seriously trouble.

Often, as is the way with risk, the problem is completely unexpected. Who would have thought, for example, that programs written in the 70s would leave the systems houses with the risk of legal action because they are unable to cope with the year 2000 date change?

Katherine Kane of Guardian Insurance believes that each business should be assessed individually to be sure that all risk is covered, but says: ?There are certain generalisations that can be made. For instance, manufacturers of large systems are more likely to decide that insurance of the business?s own assets is the prime concern, whereas a one-man consultancy will consider that protection against liability for the customer?s loss following bad advice is his main worry.?

Kane says computer companies are usually divided into one of nine categories for insurance purposes. These are: hardware manufacturers; those involved with the storage and distribution of systems and software; retailers; those who maintain, service and repair IT equipment; those involved with software development; consultancies, those involved with training; those involved with unusual or ancillary services, such as installing cabling; and those involved with managing data and records.

Many computer businesses straddle more than one category, so they have to make sure that their insurance covers several areas if they are to have proper protection, says a Commercial Union representative.

?The risk issues include competition, health and safety legislation, environmental consi- derations and a whole host of natural disasters, as well as man-made catastrophes from burglary to fraud and the direct outcome of misjudgement in advice or faulty products on their customers.?

But the main categories insurance covers are property protection, loss of income, legal liabilities and personnel.

Not all business risks are insurable. Some are pure business risks which business managers take in the process of making business decisions and running the business day to day. A decision to expand the business, for example, to include a new range of products or to recruit new staff, cannot be covered by insurance if it turns out to be a bad move.

For these issues, ?risk management? is the science used to appraise and diminish the exposure to failure and financial loss. Once the risks have been thought through and established, a risk management strategy should be developed to cope with them and reduce the potential liability as far as possible. At least, there should be a strategy for procedures in case ?the worst happens?.

A number of risks are unavoidable and have to be included at the business plan level. Obsolescence or overestimation of the market, for example, can only be dealt with through research, development and marketing, not insurance. There are plenty of other corporate problems which are best dealt with by advice from accountants, bankers and solicitors.

Insurance is really all about creating a buffer against the unpredictable. The purpose of insurance is to provide financial indemnity from loss from accidental or unpredictable risks. Its aim is to put your company in the same position as it was before the fire, storm damage, burglary or other disaster.

Kane says: ?Insurance to provide for the protection of a company?s assets is an obvious requirement, as it covers for liabilities which arise from the ordinary business activities. Such cover is easy to arrange, but unless the risks are carefully analysed the insurance purchaser may discover too late that the insurance is inadequate.?

For instance, she explains, most reseller firms? customers own or lease computer equipment and also commission and purchase software programs and applications, often from the reseller or at least through them. Over a period of time, valuable business data is added to the system. The replacement value of the hardware and application software is known, but the value of the data is very debatable. The storage medium, such as disks or tape, may be relatively cheap, but the data on them may be extremely costly to replace, and its loss may cause inestimable damage to the client?s business; it may even mean its failure.

The sum insured has to take into account the cost of reinstatement of the data, but that can be extremely hard to measure, predict or evaluate. She adds: ?Another consideration is the cost of licence fees to replace software programs which are somehow lost or damaged. It is usual for software houses to require further licence fees to replace software lost, even though their reproduction costs are minimal.

?We have experienced serious under-insurance on claims because the insured fails to include the potential replacement licence fees when fixing the sums insured on software.?

But, says Kane, it is with regard to liability insurance that most confusion can arise in knowing what is covered and what is not. ?Any business engaged in the supply of computer systems, including hardware, software, applications and ancillary products, and consultancy, has a need to have both public and products liability insurance,? she says.

?The term supply includes a business engaged in servicing and maintaining systems, as parts are likely to be installed in carrying out such work.?

A public and products liability policy will usually limit the cover to liability involving bodily injury to third parties and loss or damage to third parties? property. ?It is this latter cover which computer reseller and services companies need to give special consideration to,? says Kane.

?A company providing software development, for example, will provide a product which is basically information added to a customer?s computer system. Loss could arise in different ways, some of which would be the subject of an indemnity under the liability policy and some of which wouldn?t.?

Kane explains that an ordinary liability policy may not cover software which fails to perform. As no damage results, there may be no indemnity provided. ?Or,? she adds, ?software may be provided which causes physical damage to the hardware. This would be the subject of an indemnity under the ordinary liability policy.? Or software may be provided which, although it performs to meet the customer?s specifications, causes other problems.

Into this category fall the software and systems which fail to meet the year 2000 requirements. ?If the problem is immediately apparent it is basically a matter of incompatibility and no loss may be suffered, but if it takes some time for a problem to become apparent it can be extremely difficult to establish liability,? says Kane.

If the software or system in some way causes distortion or corruption of a customer?s data, for example, it may not be obvious at once that damage is taking place, but the customer could suffer huge financial loss as a result. Obviously, it will look to the systems house or Var to cover its loss, even if the distortion or corruption is due to a virus or other problem which was not the fault of the solution provider.

Kane says: ?It is a matter of some debate whether the existing data held by the customer can be considered property. If it is, then the supplier could claim for indemnity under the public liability of products policy, but there may be some arguments about a claim unless it is crystal clear what is being discussed. Some insurers take the view that such losses should be considered financial loss and refuse to provide an indemnity. Financial loss cover is available as an extension to the basic liability cover, but it costs extra and the person buying the insurance needs to specifically ask for it.?

Businesses engaged in providing services within the computer industry rather than goods in a retail environment are often unaware that the standard public liability of products policy will exclude what are known as professional advice risks. If advice only is provided for a specific fee, and this includes the standard consultancy situation, the liability incurred through bad advice which results in loss of or damage to property will not be covered.

?In practice, most bad or even wrong advice will tend to result in financial loss, but even with financial loss such risks will still be excluded from the dealer?s insurance, and they will be personally liable to pay any successful claim should it reach the courts,? says Kane.

To cover the risk of legal action from customers should you give advice or consultancy which turns out to be wrong or leads to financial loss for your customer, you can get separate professional indemnity insurance. However, this market is limited and not all insurance brokers or companies can offer it. It should certainly be effected separately from the basic liability insurance policy.

Kane says: ?As the computer industry and those companies working within it deal with increasingly advanced and more complex products and solutions, it is important that they continually identify and assess the risks they are exposed to.?

Although there are brokers and insurance specialists to help them, she says, it is ultimately their own responsibility to make sure that they get the insurance cover they need. ?Computer industry business managers cannot rely on those on the outside to do the job of risk assessment for them. If they find that they do not have the cover they need, it will be their own responsibility.?

If the worst does happen, and a computer solutions company finds itself negligent and without insurance cover, the CSSA will do as much as it can for its members to help them sort the matter out. Executive director Tony Lewes says: ?We can act in an advisory capacity and provide help with dispute resolution if it becomes necessary. We find that a conducive atmosphere is a far better approach to most IT disputes because the aim is to reach a negotiated result within a reasonable timescale that leaves the business relationship intact and which allows work to continue.?

The CSSA uses a standard procedure and recommends standard contract clauses for dealing with disputes that involve IT.

Lewes says one type of insurance which is frequently overlooked is directors? and officers? liability. He says: ?Few senior executives realise that they can be personally liable to a wide range of actions including shareholders, employees, customers, regulators, contractors and even competitors, particularly if their firm is involved in acquisitions, mergers or disposals.

?Poor trading results, for example, can leave a senior executive at personal risk. Cover can be arranged for losses arising out of an alleged or actual wrongful act committed in your capacity as a director or officer of the company. This can include defence costs, damages, judgements or settlements, yet few senior executives have such cover. I would recommend that they consider it.?