Technology companies can be charged with breach of contract for any number of reasons and at any time during the life of a project. However, historical claim activity suggests certain activities, decisions and situations are more prone to land IT providers in hot water. Understanding these red-flag areas can make you a more valuable partner in helping your IT clients avoid and manage the potential risks they face.
It seems logical to assume most breach of contract (BOC) claims against IT companies would be made after projects go live and don't live up to clients' expectations. In reality, the vast majority of claims are made before the acceptance stage, when projects are being scoped, developed, implemented and tested. That's important to know because some insurance policies don't protect IT companies against claims made before acceptance.
Why do so many IT projects go awry and result in BOC claims? Here some of the red flags:
- IT companies may set overly ambitious timeframes or oversell their qualifications to get contracts, especially with untested or not-yet-attempted technologies. When this happens, it usually becomes apparent early on. If there's an obvious mismatch in size and capabilities between an IT company and its client, the BOC risk will be higher.
- Hiring additional staff to help with large projects can be as risky as not having enough resources. In the rush to get started, IT companies might be tempted to take shortcuts in vetting and training talent, which could lead to problems later on.
- IT company clients may oversimplify their needs, not have a clear understanding of the project scope or not be adequately engaged. That's why it's important to have robust documentation, signoff and quality control procedures in place — especially when there are midstream changes involving time, scope or money.
- Third-party involvement is another concern because it can make your IT clients liable for the shortcomings of its subcontractors. For example, if an IT company hires a cloud service provider for a project, and that provider is victimized by a cyber attack, the IT company could be sued by its customer. That's why it's critical for IT companies to have both first- and third-party BOC coverage.
- The higher the sensitivity of the information being processed, the greater the risk. If the IT customer is a hospital and it is fined for Health Insurance Portability and Accountability Act violations, you can bet that hospital will seek remuneration from its IT provider.
- Similarly, the more critical information is to helping a company achieve its mission, the more likely the IT provider will be targeted if problems arise. Issues with a metrics system may be tolerated and addressed without consequences, but if an e-commerce company's website crashes, the ramifications could be severe.
- If the end user of the product or service is the general public, the risk increases simply because of the number of people who may be affected by problems and the increased likelihood of class action lawsuits. The risk multiplies if property damage or bodily injury could result from failures linked to the IT provider.
The best IT risks are those companies whose size and capabilities are suited to the projects and clients they accept. Of course, small providers can't become big providers unless they stretch their abilities and tackle more complex challenges. When this happens, it's important those IT firms are protected by appropriate coverages backed by companies with people who have the technical knowledge to mitigate risks and navigate around contractual challenges.
