Category: Insurance Concepts & Scope

Selecting Professional Indemnity Cover

Selecting Professional Indemnity Cover

When deciding what limit to take, you should consider:

• Type of work undertaken. Commercial, Residential, Govt
• Size of client and ability to fund litigation against you.
• Value of the projects undertaken.
• Complexity of the projects undertaken.
• Size of your practice – the number of staff and the amount of project work.
• Contractual obligations that specify a limit of indemnity and period of time

Remember that you could be the subject of more than one claim during a policy year and the potential accumulation of claims losses should be part of your consideration when selecting an indemnity limit, not just the limitation of liability under a single project engagement.

Quotations for higher levels of indemnity beyond your existing limit can be provided at any time during the insurance period. The pricing difference to increase your cover may not be as much as you think, so we encourage you to get a quote for a higher limit.

The policy provides one reinstatement of the Limit of Indemnity i.e. the indemnity limit you choose is for any one claim and twice that limit will be available for all claims in the insurance year (subject to any sub limits and policy conditions). Example: $1,000,000 any one claim during the period of insurance up to $2,000,000 in total for all claims during the period of insurance.

Cyber Liability & Risks

Cyber Liability & Risks

As a result of COVID-19, many of you are managing the transition to new working arrangements, which include working remotely from home. Hackers often exploit large scale events, such as COVID-19 to strike, seizing opportunities that are potentially more stressful, busy, or when staff are away.

Hackers look for all kinds of ways to access employee credentials and data. Once they have access to computer systems, they will cause havoc, both in downtime and expense (extortion and ongoing money transfers).

An example of an increasing trend in Cyber-attack is unauthorised access to valid purchase order invoices and email addresses (often very subtle changes to the address are common). They will amend the invoice bank accounts to their own. You then receive this email from your ‘supplier’ and the result is a mis-payment to the hacker rather than your supplier. It may be days or weeks until this theft is known, at this time it is then too late for your bank to recall funds from the incorrect account.

Another example is receiving an email from a supplier advising you that they have changed their bank account for invoice payment. How do you know if this email is legitimate? The key difference is that with this kind of circumstance, your supplier should communicate with you well in advance. If you receive this kind of email and are ever in doubt, ensure you speak with the ‘sender’ before clicking on any links or changing any bank account details.

Here some steps you can take to reduce cyber risk.

• Ensure all bank account changes require a second means of verification – this being a phone call or text to your verified contact at the business to ensure the change is valid.
• Where applicable, a minimum of two internal persons within the organisation to verify the change is valid, this includes the above process and to contact your own bank if required to acknowledge the change. Large one off transactions should have this in place already.
• Record all changes, dates and signatories involved.
• Have the above processes documented including staff training, to ensure that in the event of annual leave or a staff member being away from their duties, this doesn’t provide an opportunity for the process to be missed.
• Be extra diligent, take a bit of extra time to consider the request and its legitimacy.

Covid-19 for cyber criminals is like the holiday period for burglars – their business model is thriving! Aon has seen a rise in phishing-style attacks and Cyber liability claims targeting all businesses, even the small ones. Some ‘digital hygiene’ is prudent:

• ‘Bring Your Own Device’ and remote/agile working have the potential to create situations where claims will arise.
• Stay alert for phishing emails and websites – be on the lookout for emails or websites that ask you to click on suspicious links or request sensitive information. Criminals are skilfully crafting communications which can be very difficult to identify as a phishing email or website.
• Test remote working capabilities and policies: this should be part of a regular Business Continuity Plan. Ensure that all staff understand the protocols they must adhere to when working remotely.
• WiFi may be your enemy: public and personal WiFi networks may be compromised in certain circumstances. Delete WiFi credentials from your device as soon as you disconnect and enforce a strong password to your router and, where possible, operate within a VPN.