Design, engineering, and construction have a multitude of project risks. Most of these are identified, well-defined, and, hopefully, allocated to the party most capable of managing the risk. However cyber intrusion and its potential impact on your business – or your project owner's business – is probably the least appreciated of all construction risks, and it has no clear path to risk allocation or management.
From smart roads to cloud computing, technology permeates almost every aspect of design and construction. Multi-user platforms let contractors, designers and owners use project data simultaneously, which compounds the risk to all parties. But coverage for claims involving data breaches in technology-driven applications – such as integrated project delivery (IPD), building information modeling (BIM), estimating, scheduling programs and virtually any electronic client interface – is largely excluded from commercial liability insurance, many forms of property insurance, as well as various forms of design and construction professional liability insurance.
Throughout the industry, common platforms are used to distribute and manage all kinds of engineering and construction data. This creates vulnerability – and a shared responsibility – for everyone involved. A hacker with access to construction data could wreak havoc not only operationally but also through the physical destruction of data, servers and infrastructure, or by threatening the safety of people onsite. Such incidents can also cause harm to an owner’s design and security systems.
Even attackers who don't intend physical harm may still be interested in obtaining valuable corporate data, such as intellectual property or data that provides a competitive edge. Furthermore, hackers who aren't interested in your company's data may still capitalize on weaknesses in your system to reach other IT networks. This could hold true for contractors who may have access to other targeted systems and, even more so for government contractors who may have such data stored or flow through their IT systems which increasingly are tied to a government's IT network.As a result, anyone in the construction industry should ask the following fundamental questions:
Websites have evolved into active business platforms with attendant risks. And many of these platforms have remotely accessible controls or internet-connected capabilities. In addition to losses caused by data breaches, other types of losses from technology-related incidents may not be covered by your existing insurance program. Traditional policies don't generally cover damages caused by data breaches.
Like other industries, the construction industry is also subject to administrative or industrial compliance regulations, as well as state and federal privacy laws, all of which involve cyber exposures.
Cyber insurance covers first and third party losses – damage to internal IT systems as well as third party liability. It will help mitigate losses from various cyber and electronic issues, such as unauthorized access, business interruption and network damage caused by a virus, malware or human error. It acts as a separate insurance tower in addition to commercial liability coverage. Cyber liability policy can cover a wide range of exposures:
Project owners are becoming increasingly concerned about the information and supply chain security of their design, engineering and construction companies. As a result, owners are beginning to add contractual requirements for cyber liability coverage in certificates of insurance before any work is performed. It's only a matter of time before most design, engineering, and construction contracts will stipulate hold harmless and indemnity provisions to protect the client from cyber-related losses caused by the contractor or design firm's negligence.
You should prepare for a cyber event before it occurs to ensure a streamlined and coordinated response, and to minimize the consequences. Best practices include:
Contact us to learn more.
Authors: Yujin Basetto, Senior Products Manager, Cyber Technology E&O, and Sasha Beamish, Senior Product Underwriter, Financial & Professional Services
To succeed with a medical malpractice case a plaintiff must provide evidence of negligence through establishing four elements: duty, breach, injury and damages. When the provider and a patient establish a professional relationship, the provider has a responsibility to provide a reasonable treatment plan. This is the element of duty. Our expert legal panel will analyze the provider-patient relationship and discuss relevant medical malpractice cases examining the duty to provide care. The panel will provide insight on when a duty typically does not arise as with independent medical exams, employee physicals and workers' compensation exams. We will explore professional liability insurance contract language, terms and conditions to be carefully understood when considering the element of duty.Learn more
In this role, Mr. LaRocca will be responsible for managing the strategy, development and performance of the company's Property & Specialty Lines portfolio.Learn more
In this role, Mr. Codding is responsible for overseeing cyber and technology underwriting guidelines, rating methodology, distribution relationships, product sales and new product development.Learn more
Our panel will present an overview of the current problems and the epidemiology of child abuse including hospital-based estimates and medical care involvement. We will describe decision aids and triggers to improve the quality of care in the emergency department. The panel will also explore enhancements in primary care involvement in child abuse care with Extension for Community Health Outcomes (ECHO).Learn more
07 December 2018
07 December 2018