Nikki Johnson No Comments

Cyberespionage Explained

Cyberespionage is a type of cyberattack that involves an unauthorized user (or multiple users) accessing a victim’s sensitive information in order to secure economic benefits, competitive advantages or political gain. Also known as cyber spying, the primary targets of such cyberattacks include government entities, large corporations and other competitive organizations.

Cybercriminals may leverage cyberespionage in attempts to gather classified data, trade secrets or intellectual property (IP) from their victims. From there, cybercriminals may sell this information for profit, expose it to other parties, or use it in conjunction with military operations, potentially threatening their targets’ reputations and overall stability. Oftentimes, cyberespionage is deployed across international borders by nation-state attackers.

Over the past few years, cyberespionage has become a rising concern, especially in certain countries. In fact, the Canadian Security Intelligence Service (CSIS) found that in 2020, Canada faced the highest levels of foreign espionage and interference since the Cold War. The CSIS also stated that Canada has been facing national security threats from violent extremism, foreign interference, espionage and malicious cyber activity. Canadian companies in almost all sectors of the economy have been targeted.

With this in mind, it’s crucial for businesses to understand cyberespionage and know how to effectively mitigate such incidents. This article provides a detailed overview of cyberespionage, outlines real-world examples of these cyberattacks and offers key prevention measures that businesses can implement to safeguard their operations.

Cyberespionage Overview

Although cyberespionage often involves nation-state attackers, it’s not interchangeable with cyberwarfare. While cyberwarfare is conducted with the intention of noticeably disrupting a target’s operations or activities, the goal of cyberespionage is for the perpetrator to remain undetected by their victim for as long as possible, therefore permitting them to gather maximum information. Yet, the information collected from cyberespionage efforts could be used later amid acts of cyberwarfare.

When leveraging cyberespionage, perpetrators may attempt to access a wide range of data from their targets, including:

  • Research and development activities
  • Critical organizational projects or IP (e.g., product formulas and blueprints)
  • Financial information (e.g., investment opportunities, employee salaries and bonus structures)
  • Sensitive stakeholder details
  • Business plans (e.g., upcoming marketing, communications or sales initiatives)
  • Political strategies or military intelligence

Cybercriminals may engage in a variety of tactics to execute cyberespionage, such as:

  • Exploiting security vulnerabilities in websites or browsers a target frequently visits and infecting them with malware to compromise the victim’s technology (as well as any data stored on it)
  • Utilizing phishing scams (i.e., deceptive emails, texts or calls) to steal login credentials and gain unsolicited privileges within a target’s network
  • Posing as employees or contractors and physically going to a victim’s workplace to steal hard copies of data or infect devices with malware
  • Bribing actual employees or contractors to share a target’s sensitive information in exchange for payment
  • Infiltrating another party in a victim’s supply chain and using that party’s digital privileges to compromise the actual target’s network
  • Injecting different forms of malware (e.g., Trojans and worms) within updates from third-party software applications, thus hijacking a victim’s technology upon installation of these updates

In any case, cyberespionage can lead to serious consequences for impacted organizations. What’s worse, as cybercriminals’ tactics get more sophisticated, these incidents could become increasingly common.

Examples of Cyberespionage

Over the years, multiple large-scale cyberespionage events have occurred, including the following:

  • The Microsoft Internet Explorer incident—Between 2009 and 2010, Chinese cybercriminals took advantage of a security vulnerability in Microsoft Internet Explorer to execute cyberespionage against at least 20 international media and technology companies, including Google, Yahoo and Adobe. Google reported that the cybercriminals, later coined the “Aurora” attackers, stole various IPs from the company and compromised many Gmail accounts.
  • The Sony Pictures Entertainment (SPE) incident—In 2014, a North Korean hacking group named the “Guardians of Peace” deployed cyberespionage against SPE during the months leading up to the entertainment company’s release of a film that depicted the assassination of the nation-state’s leader. The cybercriminals used malware to compromise SPE’s network and publicly expose a substantial amount of sensitive company data, such as personal details about employees, email exchanges between staff, information regarding executives’ salaries, copies of unreleased films and plans for future films. The incident significantly impacted the film’s release and garnered attention from the U.S. government.
  • The Zhenhua Data Information Technology incident—In 2020, global news sources revealed that Zhenhua Data InformationTechnology, which primarily serves China’s military and intelligence services, had been gathering sensitive data on 2.4 million individuals worldwide for several years. An estimated 20 per cent of this data was not publicly available and likely accessed through cyberespionage.

Considering these incidents and their associated ramifications, it’s clear that businesses need to take action to properly protect themselves against cyberespionage.

Cyberespionage Prevention Measures

Businesses should consider implementing the following best practices to help safeguard their operations from cyberespionage:

  • Educate employees. Be sure employees receive training on cyberespionage and related prevention tactics. Specifically, employees should be instructed to never respond to messages from unknown senders, avoid interacting with suspicious links or attachments and refrain from sharing sensitive company information online. In addition, employees should be required to form complex and unique passwords for all workplace technology.
  • Protect critical data. Review and update existing cybersecurity policies to ensure they promote maximum data protection. Implement new policies as needed (e.g., a Bring-Your-Own-Device policy and data breach response policy). Further, encrypt and store all critical data in safe, secure locations.
  • Restrict access. Only permit employees to access technology and data they need to perform their job duties. Require employees to implement multifactor authentication whenever possible.
  • Leverage sufficient software. Protect all workplace technology (and the data stored on it) with proper security software. This software may include endpoint detection tools, antivirus programs, firewalls, network monitoring services and patch management products. Review this software regularly for vulnerabilities and make adjustments when necessary.
  • Assess supply chain exposures. Assess whether suppliers have adequate measures in place to protect against network infiltration from cybercriminals. Consider including specific cybersecurity requirements in all supplier contracts and keeping the amount of sensitive information shared with these parties to a minimum.
  • Have a plan. Creating a cyber incident response plan can help ensure necessary protocols are in place cyberattacks occur, thus keeping related damages at a minimum. This plan should be well-documented, practised regularly and address a range of cyberattack scenarios (including cyberespionage).
  • Purchase proper coverage. It’s critical to secure adequate insurance to help protect against losses that may arise from cyberespionage. It’s best to consult a trusted insurance professional to discuss specific coverage needs.

Conclusion

Ultimately, cyberespionage is a pressing concern that businesses need to take seriously—especially as nation-state cyberthreats continue to rise. By understanding cyberespionage and implementing adequate prevention techniques, businesses can effectively safeguard themselves against these incidents and minimize associated losses.

For more risk management guidance, contact Reith & Associates.

Dan Reith, Principal Broker
Dan Reith, Principal Broker

Dan Reith

Principal Broker
Reith & Associates Insurance and Financial Services Limited
https://reithandassociates.com
Dan Reith BA(Hons) CAIB
Nikki Johnson No Comments

Cyber Security Tips for Business Travellers

Now that the world is generally taking a less restrictive approach to travel and business travel will be resuming, at some level, cyber security is a very real threat that need be considered.

Organizations face heightened cybersecurity risks when their employees travel. Business travellers are prime targets for cybercriminals, as they often carry valuable data and may not always be careful about securing their devices. This article discusses key cybersecurity exposures for business travellers and outlines steps employers can take to mitigate these risks.

Cybersecurity Threats While Travelling

Business travellers’ laptops, smartphones and tablets are particularly susceptible to data breaches, loss and theft. Some common cyberthreats that business travellers may encounter include:

  • Unsecured Wi-Fi networks—While convenient, public Wi-Fi networks are unsecure and can allow cybercriminals easier access to connected devices (as well as the data stored on them) than private Wi-Fi networks.
  • Publicly accessible computers—Business travellers sometimes find the need to use their login credentials to access accounts on public computers. However, public computers often lack sufficient security capabilities and may even be infected with malware.
  • Stolen or misplaced devices—Theft or loss of devices is a major threat to business travellers, as this can result in the exposure of important data. Devices could be lost or stolen in airports, hotel lobbies, conference rooms or rental cars. 

How Employers Can Mitigate Cybersecurity Risks

Neglecting cybersecurity when employees are on the road or abroad can be detrimental to a business. In fact, the latest Cost of a Data Breach Report from IBM and the Ponemon Institute found that a single data breach costs a business $4.24 million on average.

Here are some measures employers can implement to minimize cybersecurity risks for business travellers:

  • Establish Wi-Fi policies. Employers should have policies in place requiring employees to confirm the network name and precise login procedures with the appropriate staff before connecting to public Wi-Fi networks in airports or hotels. Sensitive activities, such as banking or confidential work-related projects, should not be conducted on public Wi-Fi networks. Auto-connect should also be disabled so devices don’t connect to Wi-Fi networks automatically.
  • Enforce Virtual Private Network (VPN) use. Via a VPN, all online traffic is routed through an encrypted virtual tunnel. Such a network can help can reduce the risk of cyberattacks by establishing a secure connection between users and the internet. Employers should create VPNs and require employees to utilize these networks whenever possible, especially during business travel.
  • Conduct physical security training for digital valuables. Most travellers let their guards down once they arrive at their destinations, but that can be one of the times they’re most susceptible to theft. Employers should encourage business travellers to never leave their devices unattended. Employees should also be instructed to utilize strong passwords or multifactor authentication capabilities (if possible) and lock devices in hotel safes upon leaving their rooms.
  • Encourage employees to pack minimal devices. Leaving unnecessary technology at home can help reduce the chance of theft or data loss. As such, employers should only permit employees to bring devices that are essential to completing their job duties on the road or abroad.
  • Require regular software updates. Cybercriminals typically look for security flaws in outdated software. Updates are sent out to patch any holes in the software and reduce the opportunity for cybercriminals to attack. Employees should be required to update software on all their devices regularly.
  • Establish response plans. Employers should have specific response plans that outline steps to take when devices containing confidential information are compromised, lost or stolen on the road or abroad.

Conclusion

Business travellers often carry sensitive personal- and work-related data on various devices, leaving them vulnerable to cyberattacks. However, taking the proper precautions while travelling can help them keep their devices and data secure.

For more risk management guidance beyond cyber contact us today.

Dan Reith, Principal Broker
Dan Reith, Principal Broker

Principal Broker
Reith & Associates Insurance and Financial Services Limited
https://reithandassociates.com
Dan Reith BA(Hons) CAIB

Nikki Johnson No Comments

Cyber Crime: SMISHING Explained

Most businesses and individuals are familiar with phishing, a cyberattack technique that entails cybercriminals leveraging fraudulent emails to manipulate recipients into sharing sensitive information, clicking malicious links or opening harmful attachments. While these email-based scams remain a pressing concern, a new form of phishing—known as smishing—has emerged over the years, creating additional cyber exposures for organizations and individuals alike.

Smishing relies on the same tactics as phishing. The sole difference between these two cyberattack techniques is that smishing targets victims through text messages rather than emails. As a growing number of individuals utilize their smartphones for both personal and work-related purposes (e.g., interacting with colleagues and clients on mobile applications), smishing has become a rising threat. In fact, in 2021, the Canadian Anti-Fraud Centre totaled 4,451 reports of phishing and 1,323 reports of spear phishing, both of which can involve texting platforms.

With these numbers in mind, it’s evident that organizations need to address smishing exposures within their operations. The following article provides an overview of smishing and offers best practices for organizations to protect against this emerging cyberattack technique.

What Is Smishing?

Smishing follows the same format as phishing, using deceiving messages to manipulate recipients. These messages are generally sent via text but can also be delivered through mobile instant messaging applications (e.g., WhatsApp). In these messages, cybercriminals may implement a wide range of strategies to get their targets to share information or infect their devices with malware. Specifically, they will likely impersonate a trusted or reputable source and urge the recipient to respond with confidential details, download a harmful application or click a malicious link. Here are some examples of common smishing messages:

  • A message claiming to be from a financial institution, saying the recipient’s bank account is locked or experiencing suspicious activity and asking them to click a harmful link to remedy the issue
  • A message impersonating a well-known retailer (e.g., Amazon, Costco or Walmart), encouraging the recipient to download a malware-ridden application to receive a gift card or similar prize
  • A message claiming to be from an attorney or law enforcement, saying the recipient is facing legal trouble or criminal charges and urging them to call an unknown number for more information
  • A message impersonating the government, asking the recipient to click a suspicious link for details on their taxes or participation in a federal loan program
  • A message claiming to be a research organization, requesting the recipient download a malicious application to complete an informational survey
  • A message impersonating a delivery service, informing the recipient that they are receiving a package and providing them with a fraudulent link for tracking the item

If a recipient is tricked into doing what a smishing message asks, they could end up unknowingly downloading malware or exposing sensitive information, such as login credentials, debit and credit card numbers or Social Insurance Numbers. From there, cybercriminals may use the information they obtained from smishing for several reasons, such as hacking accounts, opening new accounts, stealing money or retrieving additional data. Since individuals may use their smartphones for work-related tasks, smishing has the potential to impact businesses as well. For example, an individual who falls for a smishing scam could inadvertently give a cybercriminal access to their workplace credentials, allowing the criminal to collect confidential data from the victim’s employer and even steal business funds.

The nature of smishing has made this cyberattack technique a significant threat. This is because individuals are typically not as careful when communicating on their smartphones compared to their computers, often engaging in multiple text conversations at a time (sometimes while distracted or in a rush). Due to the large number of texts sent and received daily, individuals may be less wary or observant of a message from an unknown number than an email, making them more likely to interact with a malicious text message.

Furthermore, many individuals falsely assume that their smartphones possess more advanced security features than computers, thus protecting them from harmful messages. However, smartphone security has its limits. Currently, these devices are unable to directly safeguard individuals from smishing attempts, leaving all smartphone users vulnerable. That’s why it’s important for businesses to take steps to protect against smishing.

How to Protect Against Smishing

To effectively minimize smishing exposures and prevent related cyberattacks, businesses should:

  • Conduct employee training. First, businesses should educate employees on what smishing is and how it could affect them. Additionally, employees should be required to participate in routine training regarding smishing detection and prevention. This training should instruct employees to:
  • Watch for signs of smishing within their text messages (e.g., lack of personalization, generic phrasing and urgent requests)
  • Refrain from interacting with or responding to messages from unknown numbers or suspicious senders
  • Avoid clicking links or downloading applications provided within messages
  • Never share sensitive information via text
  • Utilize trusted contact methods (e.g., calling a company’s official phone number) to verify the validity of any request sent over text
  • Report any suspicious messages to the appropriate parties, such as a supervisor or the IT department
  • Ensure adequate bring-your-own-device (BYOD) procedures. Apart from providing smishing training, businesses should establish solid BYOD procedures to ensure employees act accordingly when utilizing their personal smartphones for work-related purposes. Such procedures may include using a private Wi-Fi network, implementing multifactor authentication capabilities, conducting routine device updates and logging out of work accounts after each use. These procedures can help deter smishing attempts and decrease the damages that may ensue from smishing incidents.
  • Implement access controls. Another method for limiting smishing exposures is the use of access controls. By only allowing employees access to information they need to complete their job duties, businesses can reduce the risk of cybercriminals compromising excess data or securing unsolicited funds amid smishing incidents. To further protect their information, businesses should consider leveraging encryption services and establishing secure locations for backing up critical data.
  • Utilize proper security software. Businesses should also make sure company-owned smartphones are equipped with adequate security software. In some cases, this software can halt cybercriminals in their tracks, stopping smishing messages from reaching recipients’ devices and rendering harmful links or malicious applications ineffective. In particular, smartphones should possess antivirus programs, spam-detection systems and message-blocking tools. Security software should be updated as needed to ensure effectiveness.
  • Purchase sufficient coverage. Finally, it’s vital for businesses to secure proper cyber insurance to protect against potential losses stemming from smishing incidents. Businesses should reach out to their trusted insurance professionals to discuss specific coverage needs.

Conclusion

In summary, smishing is a serious cyber threat that both individuals and businesses can’t afford to ignore. By staying aware of smishing tactics and implementing solid mitigation measures, businesses can successfully protect against this rising cyberattack technique, deterring cybercriminals and minimizing associated losses.

For more risk management guidance, contact us today.

Dan Reith, Principal Broker
Dan Reith, Principal Broker

Principal Broker
Reith & Associates Insurance and Financial Services Limited
https://reithandassociates.com
Dan Reith BA(Hons) CAIB

Nikki Johnson No Comments

Protection of Intellectual Property in a Manufacturing Environment

Some of the most important assets in your business may be your intellectual property. These are intangible assets, including patents, trademarks and trade secrets. The Canadian government created these protections to keep your intellectual property safe from infringement.

Patents

What is a patent?

A patent is a legal protection granted by the federal government to an inventor to encourage progress and prevent others from benefiting from the invention.  Patents cover inventions new to the marketplace or improvements on existing inventions.

There are three basic criterion an invention must meet in order to be patentable in Canada: novelty, utility and ingenuity. An invention is novel if it is the first of its kind in the world. Utility is established if an invention has a useful and functional purpose. Lastly, an invention’s ingenuity is demonstrated if an invention represents something new to an industry that is not already available and readily apparent to someone skilled in that industry.

What does patent protection provide?

Patent protection involves the right to exclude others from making, using or selling anything that would fall under the claims of the issued patent. Canadian patents have a maximum life of 20 years from the date the patent application is filed.

What factors are considered when determining whether a patent has been infringed?

Determining whether a patent has been infringed entails the court examining the claims of the patent and comparing them to the invention or evaluating the validity of the patent. This may be more complex in situations where the claims terms are unclear or ambiguous. The court can determine that infringement exists even if the invention isn’t identical to the original. If the device performs substantially the same function in largely the same way to produce substantially identical results, a court may find infringement.

What are my rights if someone infringes my patent?

You may file a lawsuit for damages in the appropriate court to enforce your patent against an infringer. If you are successful, there are many possible outcomes. Courts have the authority to compensate the patent holder for losses associated with the infringement.

Copyrights

What is a copyright?

A copyright is the legal protection granted by the government to an author. In the case of works created by an employee during the course of his or her job, the copyright would belong to the employer.

What can be protected by a copyright?

The Copyright Act of Canada sets types of creative works to be protected. A non-exhaustive list of material that may be protected under copyright includes:

  • Books, magazines, advertising copy and computer programs
  • Songs
  • Dramatic works, including any accompanying music
  • Paintings and designs
  • Motion pictures
  • Sound recordings (CD, cassette, digital audio tapes, MP3 files)
  • Architectural works

The Copyright Act of Canada provides immediate protection for creative works. As soon as works are written down or recorded, they are immediately copyright-protected.  The copyright protection lasts until the author’s death and for an additional 50 years after the date of the author’s death.

What does copyright protection provide?

Copyright ownership grants the author or owner of the work the sole and exclusive right to reproduce the work in any form. These rights can be limited by some doctrines, like fair dealing.

What factors are considered when determining whether a copyright has been infringed?

A copyright can be infringed by violating any of the rights granted: reproduction, modification, publication, performance and public display of the work.

However, “fair dealing” is allowed without the author’s permission if an individual uses a copyrighted work or a portion of copyrighted work for personal use, or for limited instances of news reporting, criticism or review if certain requirements are met.

What are my rights if someone infringes my copyright?

The Copyright Act of Canada gives you the right to receive civil remedies, including court costs. Additionally, an infringer may be subject to criminal prosecution. If convicted of copyright infringement, an individual may face criminal penalties of $25,000 or imprisonment up to six months, or both.

Trademarks

What is a trademark?

A trademark is a mark that is used by a person for the purpose of distinguishing wares or services manufactured, sold, leased, hired, or otherwise entered into commerce from others in the marketplace. Canadian federal law and common law allows for the protection of trademarks.

What does trademark protection provide?

The scope of the protection can vary widely, depending on the strength and fame of a mark. For instance, many brand names are famous marks that are very strong. The length of time that a mark can be protected is indefinite because it is based upon use, but registered marks in Canada have an initial term of 15 years. A mark may be renewed in successive 15-year increments as long as the mark is still in use.

What factors are considered when determining whether a trademark has been infringed?

Whether a trademark has been infringed is most often dependent upon whether a likelihood of confusion has been found. In determining whether there is a likelihood of confusion, courts generally look at factors like the inherent distinctiveness of the marks, the extent to which the marks are known, the time the marks have been in use, the nature of the goods or services associated with the marks and the degree of resemblance between the marks.

What are my rights if someone infringes my federally registered trademark?

Remedies are available for trademark infringement under both federal law and common law. After a finding of infringement, damages can include, but are not limited to, a temporary or permanent injunction, damages and legal costs.

Trade Secrets

What is a trade secret?

A trade secret is any information that is or may be used in business that is not generally common knowledge in that trade or business.  The information must also have economic value because it is not common knowledge in the trade or business and the holder of the information must make efforts to keep it from becoming generally known.

What factors are considered when determining whether a trade secret has been misappropriated?

The owner of the trade secret must prove that a misappropriator owed an express or implied duty of confidentiality or some other fiduciary duty to the owner, or that the misappropriator obtained the trade secret through some improper means.

What are my rights if someone misappropriates my trade secret?

A lawsuit may be filed for trade secret infringement, depending upon the circumstances. Individuals may be subject to injunctions, may be ordered to pay damages and will be subject to any other remedy the court finds appropriate if convicted. 

Are there applicable common laws?

Quebec also has its own trade secret laws which may need to be considered when developing your policy.

Protect Your Business

Patents, copyrights, trademarks and trade secrets may be integral parts of your business. It is vital that you understand the laws associated with these concepts to protect your intellectual property. You also need to ensure that your behaviour does not infringe on someone else’s intellectual property. This piece is not exhaustive and should be read as an overview. For more information, consult legal counsel.

Dan Reith, Principal Broker
Dan Reith, Principal Broker

Principal Broker
Reith & Associates Insurance and Financial Services Limited
https://reithandassociates.com
Dan Reith BA(Hons) CAIB

Nikki Johnson No Comments

Insuring Your Intellectual Property

Insuring Your Intellectual Property

As intellectual property becomes a vital part of more firms’ assets, businesses must consider the additional exposures they face. There are several types of intellectual property protected under federal law: trademarks, copyrights, patents, trade dress and trade secrets. To help protect your business, there are two types of intellectual property coverage available: the first protects a company sued for infringement by paying for legal defense, and the second helps pay the legal expenses of suing an alleged infringer.

If your company could be sued by a competitor for infringement or intellectual property theft, or you do not have the funds to cover legal fees associated with defending your patent or trademark, it is vital that you purchase coverage. Defending infringement litigation can cost hundreds of thousands of dollars, not including the cost of damages and prejudgment interest. In patent infringement cases, attorney’s fees can easily top $1 million.

Budgeting and planning for the protection of intellectual property rights may not only save your company a significant amount of capital; it may also help keep your business viable when legal bills accumulate rapidly. There are several options to cover these exposures: the “advertising injury” provision in the standard Commercial General Liability policy, endorsements to Errors and Omissions policies and specialized policies offered by certain insurers specifically designed for the protection of intellectual property rights.   

Commercial General Liability Policy – Advertising Injury

The Commercial General Liability Policy, or CGL, is a standard liability policy offering broad coverage. Coverage for an advertising injury often falls under Coverage B in a CGL. Any act by the insured that somehow violates or infringes on the rights of others (referred to in the policy as an offence) is the subject of personal and advertising injury liability coverage, although only those acts that are specifically listed in the policy are covered. The coverage under the “advertising injury” provision is limited to those injuries that are directly related to the advertisement. Therefore, the policy covers debts owed by the insured party due to claims filed against it.

Coverage B policyholders are sometimes covered in cases relating to trademark infringement; however, copyright claims are only successful where they are directly related to advertising, and patent claims are rarely covered under the “advertising injury” provision. The cases which allow for coverage in a patent infringement case are generally limited to instances in which a court finds contributory infringement or inducement to infringe through an advertising medium. Since the “advertising injury” provision in a standard CGL is rather limited, many businesses consider additional coverage.

Special Endorsements and Policies

Beyond the CGL, specialized policies can be better suited to a business’s unique exposures. These are Errors and Omissions liability policy endorsements that can vary in focus from media and communications to patent infringement. Note that these policies have not been the subject of much litigation, and therefore, judicial guidance on coverage determinations is comparatively limited. It is important to consider multiple carriers, since available coverage varies widely from carrier to carrier.

Infringement Defence and Abatement Insurance

A third option relates primarily to patents, though riders for copyrights and trademarks may be available. Carriers have developed policies specific to intellectual property, generally with patents in mind. In relation to patents, there are three basic policy types: defense and indemnity, defense only and offensive, or infringement, abatement insurance.

A defense and indemnity policy provides defense coverage in a patent infringement suit and, if the party in question is found liable, pays for damages, including prejudgment interest. A defense only policy, much like it sounds, covers only the cost of defense and does not cover damages awarded to the successful party. In addition, an offensive policy covers only the costs of pursuing an infringer. Certain carriers will amend some of the above-mentioned policies to include endorsements for trademark and copyright infringement for an additional premium.

Exclusions to Coverage

In addition to special exclusions, there is a general exclusion to the CGL stating that there is no coverage “for an offence committed by an insured whose business is advertising, broadcasting, publishing or telecasting.” With the increase in claims, many carriers are drafting exclusions that specifically omit coverage for copyrights that fall outside of infringement of copyrighted advertising materials, patents, trademarks and the like.

It is important to be aware of the exclusions to any policy that you purchase. The most common exclusions specified in intellectual property policies are for willful infringement, anti-trust violations, infringement existing or known on the effective date of the policy and criminal acts.

Asserting Coverage

To maximize coverage, there are a number of steps that your company should follow. Failure to investigate the existence of coverage in a timely manner can absolve a carrier of liability and create grounds for a malpractice case against the intellectual property legal counsel. While courts have held outside intellectual property counsel liable for failure to pursue coverage determinations, companies should still proactively recognize and review the potential for insurance coverage for protection of their intellectual property assets.

  1. If a claim has been asserted against your company, you have a duty to notify your carrier. In fact, notifying your carrier immediately is in your best interest because a delay could be grounds for denying coverage. In the case where a formal complaint has been served on the company, the following six steps are recommended.
  2. The policy or policies should be analyzed by counsel to determine under which policies the claim may be covered. In this step, the complaint should be closely examined for types of issues raised and should be compared to the relevant policy clauses.
  3. The company should promptly tender defense to the carrier. In the tender, all policies that may provide coverage should be identified, including the specific clauses.
  4. Demand a prompt response to the tender. If a sufficient extension of the time to answer is not granted, it is possible that a response to the complaint will be due prior to the issue of coverage being resolved. If that is the case, then defense counsel should be retained until the issue of coverage is determined.
  5. Review the carrier’s response to the company’s tender. The carrier may accept defense; it may defend under a reservation of rights; the carrier or the policyholder may seek a declaratory judgment for a coverage determination; or it can reject tender.
  6. If there is a conflict in the interests of the carrier and the policyholder, the policyholder should insist on the right to control the litigation and should further insist upon independent counsel.
  7. Be diligent about which documents are shared with the carrier, especially in cases where the carrier has reserved its rights to deny coverage. While the policyholder has a duty to cooperate with the carrier, in a case where a reservation of rights to deny coverage has been tendered, the production of certain documents to the carrier could result in the waiver of the attorney-client privilege as to the subject matter of the produced documents.

Comparing Policies

Insuring your company’s intangible assets and its liability is a vital part of risk management. Insurance for both infringement of intellectual property and for an assertion of infringement against your company can provide financial security and peace of mind.

Reith & Associates will compare your desired coverage to the specifically named offences in policies based upon enumerated risks and will examine any exclusions that may weaken the coverage you seek. We are skilled at identifying the perils associated with intellectual property and high-technology companies, and we can assist you in selecting the right policy. Let us help you protect your most precious assets. Contact us today to ensure that the coverage you buy meets your needs in today’s marketplace

Dan Reith, Principal Broker
Dan Reith, Principal Broker

Principal Broker
Reith & Associates Insurance and Financial Services Limited
https://reithandassociates.com
Dan Reith BA(Hons) CAIB

Nikki Johnson No Comments

Manufacturers and Errors & Omissions Insurance

Consider this scenario: A customer asks your company to manufacture a part according to certain specifications, which were outlined in a contract. It is needed to add the part to an existing product and ship it to their customers by a set deadline.

Your company creates the part, but due to an error that occurs during the production process, the part isn’t made to the customer’s exact specifications. You ship it, they receive it, and realize it can’t be use it in the final product and requests that the part be remade. The delay in production causes your client to miss the deadline to ship their final product to their customers.  As a result of them missing their contractual obligations they face penalties and/or loss of business income/reputation and so they files a lawsuit against your company. Now what?

Exclusions in General Liability Insurance

You might assume that your Commercial General Liability (CGL) policy will cover this claim, but in many cases it will not. Most CGL policies contain “damage to impaired property” and “property not physically injured” exclusions. That means that unless the manufacturing error results in bodily injury or property damage, the CGL policy will not cover the loss.

The customer’s financial loss in the scenario described above would not fall into either of these two categories, so it would not be covered under a typical CGL or products liability policy. In order to protect your business from a product failure resulting in a third-party financial loss without bodily injury or property damage, you need Manufacturers Errors & Omissions (E&O) coverage.

Manufacturers E&O Insurance

Manufacturers E&O is professional liability insurance that covers a manufacturing mistake or negligent service that results in a third-party financial loss without bodily injury or property damage. E&O insurance covers damages that result from:

  • Poor, incorrect or faulty products that you manufacture, handle, sell or distribute
  • Errors and omissions when caused by material defect, including property damage to the product, property damage to the work and property damage to impaired property
  • Negligence or failure to deliver promised services

If customers allege that your product failed or that you were negligent in performing services outlined in a contract, they will likely seek to recoup their financial losses by suing you. You could be saddled with significant legal costs, as well as potential damages if the case is lost. Even if the customer’s lawsuit is found to be frivolous, you’d still incur the cost of defending yourself. That’s where Manufacturers E&O insurance comes in.

Manufacturers E&O insurance will cover both the customer’s financial loss and your defense costs. Most E&O policies are “claims-made policies,” which means that in order for the claim to be covered, both the work in question must be performed and the claim must be made during the policy period.

E&O premiums vary based on the type of product or service you need coverage for, your company’s financial stability and the policy’s limits. Contact Reith & Associates at 519.631.3862 to learn more about adding this important coverage to your risk management portfolio.

Dan Reith, Principal Broker
Dan Reith, Principal Broker

Principal Broker
Reith & Associates Insurance and Financial Services Limited
https://reithandassociates.com
Dan Reith BA(Hons) CAIB