Newsletters & Articles

Design Professionals and Cyber Issues

A periodic feature of the LBCC newsletter for design professionals is an interview that provides insight and perspective on the most pressing issues of the day. In this issue we interview Christopher Ventrone, Vice President, Professional Liability for Markel Global Insurance. Chris has over fifteen years of experience underwriting all lines of professional liability. As you will see below, we have focused on the intersection of design professionals and cyber issues.

Chris, have you observed any trends in the industry with respect to cyber breaches/attacks?

Yes. We have noticed that A&E firms have become targets for cyber attacks. It seems the more advances we as a society make in technology, the greater the risk and exposure from a cyber attack. We obviously did not face these problems when our insureds were only dealing in blueprints.

Based upon your interaction with architects and engineers, what has been their feedback regarding cyber breaches?

It is now on their radar and they realize that most, if not all of their information is web based or saved into a computer.

What have been the typical types of cyber issues experienced by architects and engineers (e.g., ransomware, viruses, theft, etc.)?

Architect sends the plans via email to the contractor who is responsible for building the project. In the process of sending the plans Architect unknowingly sends a malicious code to the Contractor. As a result the malicious code deletes all data on the Contractor’s system. The project is delayed and the Contractor is suing for damages related to the loss of data which has an effect on all ongoing, past and future projects.

Engineering specs are needed by a steel fabricator in order for the steel to be produced in a timely and keep up with the project timeline. The Engineer has granted the steel fabricator access to their systems so the engineering plans can be reviewed and the steel can be fabricated. Due to the breach the fabricator is not able to access the engineering plans and doesn’t have the information they need to fabricate the steel. This results in a time delay as well as cost overruns.

Architect builds a custom home for a high end client. The signature home is unique and recognizable done by that Architect. A Contractor is hired to build the home using the plans done by Architect. Contractor stored the plans on their computer and experienced a breach in which the plans were stolen and later used by other builders. Contractor is sued by architect for damages related to their loss of IP etc.

Beyond architects and engineers adopting prophylactic measures that might prevent or minimize such breaches (e.g., an upgraded firewall, antivirus software, backup data off-site, etc.), what insurance is available to protect or cover an architect or engineer from a cyber security breach?

Markel offers first party coverage as a stand alone policy. Our standard A&E form includes third party coverage.

Recognizing that there are no “standard” cyber liability insurance policies, generally what type of claims does Markel A&E policies insure (explain)?

Insureds could make claims under a first party stand alone policy when they have been directly affected by a breach and, for example, personal information of employees such as Social Security Numbers have been breached. Under Markel’s A&E policy, insureds can submit a claim made against them by a third party affected by a breach similar to the examples we discussed above.

When and why did Markel decide to incorporate a Computer Network Security component to its Design Professionals policy?

From the launch of this product in 2010, Markel has provided a Computer Network Security component to its Design Professional policy. Markel Global recognized the need to protect Architects and Engineers due to the growing menace of cyber attacks.

What are the biggest concerns relayed to you by brokers?

As technology advances we want to be sure the policy keeps up with their needs and that each piece of the insured’s business is covered.

Many carriers are now facing claims that involve ransomware. Does Markel address this in the A&E policy?

Markel would consider a ransomware sublimit by endorsement.

Does pricing of cyber for design professionals present any special considerations?

Insureds with better protocols will see pricing credits.

Your policy provides coverage for “technology based services.” Can you elaborate on that term?

Generally, that section of the policy will provide errors and omissions coverage on a professional malpractice claim. For example, if an insured maintains and uses proprietary software that gives rise to a claim.

What is your target demographic with this product?

Markel’s target demographic is 10 million in revenue. With this product, Markel has a 90% renewal rate.

How has this product been received?

This product has been a difference maker in getting deals done. The product provides peace of mind for the insureds. They are also getting cyber coverage for approximately the same premium as other companies whose products do not provide cyber coverage. This product has been extremely well received by the biggest A&E firms handling the largest projects. Many of our clients engage in international projects, which require special attention. For example, Markel provides true worldwide coverage, which means Markel will defend its insureds in its international venue. One of the many metrics we used to measure the success of this project is annual growth, which is in the20-25% range. Markel provides an important product to this segment of the insurance industry and will continue to lead the way.

John R. Gonzo, Esq., is the Managing Partner of the New Jersey office of L’Abbate, Balkan, Colavita & Contini, L.L.P. Mr. Gonzo has over twenty five years of experience representing clients in professional malpractice matters. Mr. Gonzo can be reached at jgonzo@lbcclaw.com. `