The greatest change to take place in the industrial and commercial environment since the industrial revolution is without doubt the development of IT – affecting all types of companies, large and small. The number of internet users worldwide has risen from 14 million in 1995 to 170 million today and it is estimated to be 320 million by 2002. Clearly, firms choosing to ignore the opportunities presented by the new economy will struggle to survive, but what of the risks to a company in this new, unregulated world?
With the growing use of emails, development of websites and spread of ebusiness, many companies face a wide range of new exposures. There are many different internet-related risks that could result in liability. For example, websites displaying information run the risk of intellectual property infringements, and the use of email presents possibilities for the transmission of viruses and potentially defamatory statements.
Internet service providers have been dealt a particularly harsh blow by the Godfrey v Demon case earlier this year. Demon, the defendant, was found liable for defamatory statements posted on a website about Professor Godfrey. Formal regulation of the internet and ecommerce will be welcomed by many enterprises anxious to assess and contain their liabilities, but while there are moves towards legislation, the content is hotly debated as cost/benefit arguments abound.
Existing policies
For many companies, it is not an option to wait until legislation clarifies their exposures before starting ebusiness activities. Even the most cautious firms use emails and often see having their own website as essential – if for no other reason than keeping pace with the competition.
At this time of uncertainty, companies can look to their existing insurance policies to evaluate what extent their traditional cover will assist with internet-related problems.
The problem is that such policies were often designed with the risks of the old “bricks and mortar” economy in mind. The underwriters may never have contemplated the truly global nature of the internet or the inherent exposures this brings, the co-operation with and reliance upon other users and providers, or the requirement for internet professionals to deliver a fully functional 24-hour a day service.
There can be limited cover for these under traditional public liability policies – assuming the policy does not have an absolute web-based advertising exclusion. However, many standard public liability policies exclude such cover if the company is in advertising, broadcasting or publishing. It is common for most websites to carry banner advertisements and links, which effectively turn the site owner into an advertiser, publisher and broadcaster.
Another issue with a standard public liability policy relates to its restriction of cover to liability arising out of bodily injury or tangible property damage. Internet liability in the main relates to intangible losses.
Standard professional liability policies often have strict definitions of which professional services are covered – which do not encompass all internet exposures – and are normally only available to professional service entities. Moreover, they may have “old economy” exclusions, which are restrictive to the new technology service providers.
Companies can face serious losses – and liability to shareholders – if network security is breached leading to losses of revenue and critical information over the internet. Standard property policies, however, are designed to cover losses sustained by direct physical damage, and cover tends to be given for tangible property only. Business interruption policies cover consequential losses arising from such physical damage to tangible property.
Likewise, crime policies cover loss of tangible property, and may only cover loss occasioned by the company's own employees.
Help is at hand. Innovative insurers are developing a range of solutions for risks presented by the new economy. Internet policies for ordinary users have entered the marketplace, which are designed specifically to cover many of these new economy exposures. Specialist policies have also appeared for ISPs, giving cover for the truly “virtual” risks associated with these new professional services.
Cover can be bought for third party liability resulting from a security failure, internet-related defamation, infringement of copyright/trademark and invasion of privacy.
Also for asset protection, ebusiness interruption (including dependant business interruption), extortion cover (including the investigation) and “settlement” of bona fide “cyber-attack” threats.
Computer attack funds are also in existence and at least one insurer provides a fund for a reward that leads to the arrest and conviction of any individuals involved in a computer attack. In addition, there are crisis communication management funds which provide fees and expenses of public relations or crisis management firms to help respond effectively to a computer crisis.
Specialist ISP policies will also provide tailored cover for professional liabilities arising out of the transmission of computer viruses, causing or allowing unauthorised access or loss of service.
While these specialist policies are a step in the right direction, the fact remains that ISPs and users are vulnerable to a multitude of claims, some of which may not become obvious until tested in court.
The development of both the technology and its business applications are also likely to produce new exposures. The challenge for insurers and their clients alike is to ensure their policies keep apace with these developing exposures.
In the rapidly evolving world of ecommerce, there is, however, one certainty. With access to the internet and email now becoming freely available, more and more people are “getting connected” – which means that there will be more potential customers and more companies wanting to sell to them. The thorny issues of liability and exposure are here to stay.
