Are Your Vendors Properly Insured?
How can you protect your business from financial loss, reputational damage, and regulatory scrutiny related to your third-party vendors? One step is to require that your vendors carry the proper insurance coverage.
Most contracts require a vendor to provide proof of their insurance coverage. Yet problems arise when companies fail to monitor if those vendors have the proper coverage.
What kinds of insurance are required?
Vendors in the United States must have Worker’s Compensation and liability insurance. Worker’s Compensation is accident insurance paid by employers while liability insurance protects your organization from the risks of liabilities from lawsuits.
Jay Fitzhugh, Chief Regulatory Officer for Mitratech, warns that insurance requirements may vary by industry. He suggests financial institutions and other organizations require vendors to have:
- Professional Liability Insurance/Errors and Omissions (E&O) that protects against claims of inadequate work or negligent actions
- Crime Insurance that protects vendors from losses due to petty theft, burglary, extortion, fraud, and robbery
- Cyber insurance as an internal rider within other policies to cover the cost for computer and data loss restoration, notification costs, and credit monitoring due to mismanagement of customer information
Protect yourself by verifying that your vendors have suitable insurance coverage. This offers a layer of protection that goes beyond Worker’s Comp and general liability insurance.
Pay attention to the limits and aggregates
“Most third-party organizations appear to have appropriate coverage,” says Fitzhugh. “The problem is most clients don’t understand the extent of their vendors’ insurance coverage.”
Some companies have a generic expectation that a vendor just have insurance. Having coverage, however, is not necessarily enough to ensure that many potential exposures are avoided. Pay attention to the limitations and aggregates of coverage.
For instance, is your cyber insurance rider enough to handle a data breach? A limited scope may be enough for a small vendor who only has 50 customers. If a vendor has millions of customers, however, a low limit can be a problem. “It can cost over $100 per customer for an account that’s been compromised,” explains Fitzhugh. “Are you able to cover $0.5 on the dollar? $0.75?”
“There needs to be deeper analysis at the company level of your vendors’ insurance coverage,” says Fitzhugh. Don’t just determine that your vendors are covered — make sure they’re covered enough.
Your vendor reviews and document collection should include certificates of insurance (COIs) as part of your vendor onboarding. It’s critical to assess whether your vendor insurance policy satisfies your vendor policy requirements.