1. Forms
2. CY
3. CY-20-11

What the Form Is

The CY 20 11 "Provide Coverage for Unintentional Errors and Omissions" is an endorsement to a commercial cyber insurance policy. Its primary function is to grant coverage for financial losses that arise from unintentional mistakes made by an insured's employee during electronic data entry into a computer system. This is typically achieved by negating or amending a specific exclusion (identified as exclusion 24 in one source) that would otherwise preclude coverage for such events.

Classes of Business It Applies To

This endorsement is relevant for a broad range of businesses that utilize ISO commercial cyber insurance policies, specifically forms CY 00 10, CY 00 11, CY 00 12, or CY 00 13, and face risks associated with human error in their data processing operations. Examples include:

• Financial Institutions: Banks, credit unions, or investment firms where an unintentional data entry error could lead to incorrect fund transfers or account mismanagement.
• Healthcare Providers: Hospitals or clinics where an accidental error in inputting patient data into electronic health records could result in privacy breaches or incorrect medical information.
• Retail and E-commerce: Businesses that process numerous online orders or manage large customer databases where data entry mistakes could lead to shipping errors, incorrect billing, or data breaches.
• Professional Services: Firms that handle sensitive client data where an unintentional keystroke error could compromise data integrity or lead to a financial loss for the client or the firm.

For instance, an employee at an online retail company might unintentionally enter an incorrect discount code for a large batch of orders, leading to a significant revenue loss for the company. This endorsement could potentially cover such a loss.

Special Considerations

Key considerations for the CY 20 11 endorsement include:

• Scope of "Unintentional": The coverage is strictly for unintentional errors. Deliberate, malicious, or fraudulent acts, even if committed by employees, are generally not covered by this specific endorsement and may require other endorsements (such as CY 20 10 for dishonest employee acts) or fall under different policy terms.
• Interaction with Base Policy: It is crucial to understand precisely which exclusion in the base cyber policy this endorsement modifies. The effect of the endorsement is tied to the wording of that specific exclusion.
• Compatibility: This endorsement is specifically designed to be used with cyber coverage forms CY 00 10, CY 00 11, CY 00 12, and CY 00 13. Using it with other forms may not be appropriate or effective.
• Preventative Measures: While this endorsement provides a layer of financial protection, it does not replace the need for strong internal controls, employee training, and data verification processes to minimize the occurrence of such errors. For example, a business that has implemented dual-entry verification for critical financial data might still opt for this endorsement as a backstop for human errors that slip through.

Key Information for Agents and Underwriters

Agents and underwriters should consider the following:

• Risk Assessment: Underwriters will need to evaluate the insured's exposure to data entry errors. This includes assessing the volume and sensitivity of data handled, the complexity of the data entry processes, the quality control and verification procedures in place, employee training programs, and any history of losses due to such errors.
• Pricing: The premium for this endorsement may be influenced by the underwriter's assessment of the insured's risk profile and the limits of liability requested.
• Coverage Gaps and Overlaps: It's important to analyze how this endorsement interacts with other coverage parts of the cyber policy and any other policies the insured may have (e.g., crime or professional liability) to ensure there are no unintended gaps or overlaps in coverage.
• Client Counseling: Agents should discuss this endorsement with clients who have significant data entry operations and rely on the accuracy of their computer systems, explaining both the coverage provided and its limitations, particularly the distinction between unintentional errors and intentional acts.