Professional indemnity insurers have shied away from IT consultants based on a high-risk reputation. However, John Eastlake says there are still opportunities for the brave
Professional indemnity insurance and IT consultants have not historically been a marriage made in heaven. Faced with a largely unregulated industry where work often begins without there being a contract in place, UK insurers have shied away from insuring IT professionals; therefore, the sector remains a niche area.
In reality, this area is not that different from other professions in terms of PI cover and it is one that holds enormous potential for the UK insurance industry. In 2004, the government is planning to spend £12.4bn on major public sector IT projects. There is no doubt that IT systems have become crucial in the modern workplace. The result has been a proliferation of IT consultants.
There have been problems, however. Between 1999 and 2003, PI claims for IT consultants increased by more than 40%, according to insurer Hiscox.
Typical errors by small consultants that have resulted in claims include accidentally wiping a client's data; supplying software that infringes someone else's intellectual property rights; failing to integrate a new system; and delivering a system that does not meet the client's requirements.
Time for change
Such figures should not dissuade other insurers from entering this market, however, particularly as the sector is taking steps to clean up its act.
It is accepted that change is needed in the way that the profession works, and the way it is regulated.
Having a contract in place at the start of a job is the first issue that needs addressing. There exists a real opportunity for IT consultants to get their house in order by drafting detailed contracts prior to the start of work. As matters stand, it is common for a project to be started without a formally signed agreement in place, despite the fact that the industry is becoming more complex.
Multiple vendors often work interdependently to provide solutions to clients and IT consultancy services, including the supply of hardware and software. Furthermore, the solutions that are provided are often complex, with cutting-edge technology involved that may not have been previously used in a commercial environment and may be bespoke to the client. Faced with such complexity, the vendor may end up with a solution they neither expected nor needed and that was not properly agreed on. The shocking statistic is that fewer than 20% of all IT projects can be considered successful.
No one is suggesting that a move in this direction will automatically eradicate the problems that have beset the sector. After all, no contract - however carefully drafted - is watertight and there will always be disagreements as to the nature of the agreement that was entered into. Also, incorporating exclusion clauses in a written contract, which may seek to exclude liability for negligence or fitness of purpose, may well look good to insurers but will not necessarily help their insureds if an action proceeds to litigation.
As a general rule, the courts have been more than willing to strike out such exclusion clauses in IT disputes, especially where there has been little meaningful negotiation between the parties. Despite such issues, better codified contractual arrangements will be a huge step forward for the profession and should ease the concerns of wary insurers.
Another of the main developments in this sector, and a key factor that could help to alleviate insurers' fears, will be the establishment of a proper regulatory environment. At present, several other professions are regulated by statute - architects, for example, are subject to statutory regulation by the Architect Registration Board. Such bodies have defined codes of conduct and rules. Where there is statutory regulation, there is still room for professional bodies; for example, the Royal Institute of British Architects, in the case of architects.
IT consultants, on the other hand, are not regulated and although there is some self-regulation, the profession is not subject to the same standards as the majority of others.
This is not to suggest there are no professional bodies serving the sector.
There are, in fact, several, with the largest being the British Computer Society, founded in 1957 and with some 40,000 members. The BCS is also the chartered body for information systems practitioners. However, although the body has made a huge effort in attempting to raise standards in recent years and has a clear code of conduct for its members, it has a long way to go. The stark fact is that professional obligations for BCS members are simply not as strict as those of other professional bodies - the fact that purchasing PI insurance is not compulsory is one of the most telling examples of this.
While the profession would undoubtedly benefit from a greater degree of regulation, there is already a move towards greater professionalism.
This should serve to reassure those insurers that are becoming interested in this area. With a reasonable degree of risk analysis, management and a good understanding of IT exposures, there is no reason insurers should not consider entering this market. Perhaps then PI insurance for IT consultants will cease being a niche area and take its deserved place in the mainstream.
John Eastlake is a partner at Plexus Law.
- Gallagher Bassett acquires claims management firm
- Finch and ICB owner on acquisition trail with sight set on €500m revenue by 2022
- Top 100 Insurtech: Quarter four update
- Green light for UK-US insurance trade deal
- Roundtable: Is a single customer view taking off in insurance?
- Analysis: The mystery of the missing Insurance Fraud Taskforce report
- Blog: You really need to listen before walking the walk