Joined-up insurance at a pivotal time for tech companies

CRE talks to Aaron Belair, head of liability, ProFin, technology, RSA Luxembourg, about the risks facing tech companies in Europe and the launch of the insurer’s tech coverage. 

Why launch the RSA Europe Tech Vertical now?

Following Intact’s acquisition of RSA in 2021, we have been expanding our global specialty lines business to leverage capabilities and expertise across the regions and better serve customers. Our North American business has been serving the technology industry for over 25 years and we’re excited to bring this to Europe at a pivotal time for the industry when technology customers need insurance partners with solutions as dynamic as they are.

What competitive advantages does it offer over other solutions available on the market?

Our value proposition is a one-stop-solution for technology companies. We have deep expertise across property, casualty, professional indemnity (PI) and cyber insurance. Technology companies can partner with RSA on the full suite of products. Very often, economic loss to customers is the leading risk for technology providers. Meanwhile, cyber risks, both first and third party, continue to evolve. These risks for technology providers often come with blurred lines when it comes to insurance coverage. Separate policies can lead to coverage gaps and claim disputes. RSA’s Information Technology Solutions Product is a market-leading way to insure against these risks with a single policy and insurance partner, mitigating any coverage gaps and eliminating the nuisance of multiple parties managing the same claim.

What are the main risks facing tech companies in Europe?

Technology companies face an array of risks that stem from the rapid pace of innovation, the complexity of global operations, and increasing regulatory scrutiny. Firstly, there are cybersecurity and data privacy risks resulting from system failures, privacy violations and cyberattacks. There are also supply chain and vendor risks from a dependency on third parties and potential disruptions to supply chains. Finally, there are geopolitical and economic risks from evolving regulations, geopolitical tensions and companies’ global expansion plans. By proactively addressing these risks through robust security measures, business continuity planning, and compliance strategies, companies can navigate the challenges and continue to innovate while protecting their long-term sustainability.

What are the important regulations facing EU tech companies and how do RSA’s solutions respond to these?

European technology companies face a range of important regulations that impact both their operations and their insurance requirements. Key areas include GDPR, the ePrivacy Directive and the EU Cybersecurity Act. The common theme here is privacy and data. RSA’s Information Technology Solutions product provides broad coverage for privacy regulatory fines.

What impact will the development of Europe’s AI market have on tech companies in Europe and what risks will they face as a result?

The technology industry is in the early days of a boom cycle that is being driven by AI. The technology will deliver tremendous opportunities through product development, operational efficiencies and workforce transformation. But alongside that will come new and significant liability risks. One very interesting example is the judgment element when comparing a human to AI. If you take autonomous vehicles, it can be argued that an AI system can detect an object in the road and react faster than a human. Let’s say there are two objects in the road – a tree and a child. Only one can be avoided – a human can make that decision easily, but does today’s AI recognise the difference?

As AI systems make such autonomous decisions, determining accountability in cases of error, failure or harm becomes more complex. If an AI system causes damage or harm, as in the case of autonomous vehicles or healthcare AI, businesses may struggle to identify who is legally responsible – the AI system itself, the developers or the business that deployed the system.

Another risk is the impact AI will have on data breaches. These systems require vast amounts of data, increasing their vulnerability to data breaches. On the other hand, bad actors can deploy AI systems to access private information, especially if data storage and processing mechanisms aren’t adequately secured.

In terms of regulation, governments worldwide are introducing rules specifically aimed at AI. The EU has proposed the AI Act, which categorises AI systems based on risk and imposes strict requirements on high-risk applications.

Finally, AI can be misused for unethical purposes, such as surveillance, manipulation or disinformation. For example, AI-generated deepfakes or automated bots can spread misinformation, harming public trust or causing social unrest. Businesses using AI must take steps to ensure their systems are not misused or lead to harmful outcomes.