Been reviewing my E&O policy renewal and noticed some exclusions that could bite us. Anyone else seen carriers excluding claims related to 'cybersecurity incidents' or 'data breach response costs'? With more utilities going digital and us accessing their online portals, seems like this could be a growing exposure.
E&O exclusions to watch out for
Good catch Greg. I had to specifically add a cyber liability endorsement to my Philadelphia policy after KCPL started requiring us to use their secure customer portal. Cost an extra $200/year but covers us if client data gets compromised while we're doing analysis. Standard E&O policies are behind the times on this stuff.
Also watch out for 'regulatory fine' exclusions. Some policies won't cover penalties imposed by state utility commissions. Georgia PSC can levy fines for unauthorized practice if they decide we're giving engineering advice instead of just analyzing bills. Had to get that exclusion removed from my Hartford policy.
The 'pollution exclusion' can be problematic too. Some carriers try to apply it to environmental consulting work. If you do any energy efficiency audits or carbon footprint analysis alongside utility auditing, make sure that work isn't excluded. OG&E has been pushing green energy programs that blur the lines.
Don't forget the 'insured vs insured' exclusion if you have business partners. Nearly got burned on that when my partner missed an Idaho Power Schedule 9 billing error. Policy wouldn't have covered a claim between us. Had to restructure our partnership agreement and get separate policies.
Great thread Greg. I'd add that the 'prior knowledge' exclusion is critical to understand. If you know about a potential problem before buying coverage, it won't be covered when the claim materializes. I always document my renewal dates and make sure there are no pending issues with MLGW or other utility clients.