Wouldn't it be fantastic if your key vendors easily complied with your (very reasonable in your mind) contractual requirements as part of your Vendor Governance program? For those of you that said YES! to your inner self just then, keep reading.

There is finally a solution!

Large enterprises that rely heavily on third party service providers for IT/OT support (FI, healthcare, manufacturing, and retail all come to mind) struggle on a daily basis to get their vendors to comply with the indemnity, insurance, and limitation of liability requirements that either legal or procurement has mandated.  In my experience, major companies will have hundreds of vendors, which when narrowed down to those that are “critical”; either because of the “uptime” they promise for certain systems, applications, or because they have access to PII or corporate confidential data, number an average of around fifty (50).  Some of these vendors are behemoths themselves and so you (or your client if you are a broker or attorney) feel that their balance sheet will be adequate protection if their insurance runs out. Others, though, have neither enough limit to support the indemnities they are handing out nor a strong enough balance sheet. And what if their coverage isn’t up to par in the first place?
So, let’s say there are 35 non-compliant vendors left.  What can you do besides negotiate until neither party is satisfied but there’s nowhere else to turn? 
You can mandate that the vendors buy contract-specific Tech E&O/cyber coverage! It only inures to the benefit of the Enterprise, and is primary to the vendors’ other insurance. This approach does several things for both parties:

  1. Reduces frictional cost and frustration on the part of both parties because the vendor can now agree to reasonable indemnity wording and can evidence excellent coverage at the proper limits; 
  2. It guarantees the 'Enterprise' that at least the dedicated limits will be available to them in the event of a catastrophic, systemic event caused by or at the vendor.  In a traditional insurance scenario, the insurance procured by any one vendor could be spread across dozens or even hundreds of customers at one time. 
  3. Allows both parties to tell their senior leadership they increased the insurance limits available to them arising out of the work performed in this particular contract.
  4. The Enterprise could deduct the cost of the insurance from the price they would have otherwise paid for the contracted services therefore, neither party has to come “out of pocket” to pay the premium.
  5. Perhaps the broker for the Enterprise could negotiate that its own cyber insurance carrier(s) would allow any payment by the vendor’s insurance to erode the retention of its program?  This would be a major win.

Depending on its structure and ownership, there might be a Captive play here as well since if the Enterprise took a portion of the risk, it could be considered third party business? 

MSR's VendorTech program, backed by Lloyds A rated paper, includes up to $10M of contract-specific Tech E&O coverage with an option for third party cyber and breach response. 

MSR plans on releasing other Cyber, Technology and Intellectual Property Insurance products in the upcoming months. 

"The vision of Miami Specialty Risk is to provide insurance coverage and risk management solutions for intangible risk like never before. Our number one focus is to provide our appointed brokers and their clients the most innovative cyber and intellectual property insurance products in the market." -Mary Guzman, Managing Director, Cyber and Technology Division

MSR is now accepting appointment requests from large retail and wholesale brokerages. For more information on the appointment process with MSR, visit their website at


Popular Posts