The “additional insured” is a status in an insurance policy that provides coverage to a person or group other than the named insured. In this post, we’ll discuss what it means to be an additional insured and how the additional insured concept applies to cyber insurance.
Additional insured is a type of status in an insurance policy that provides coverage to anyone (a person or group) other than the named insured. An additional insured often gains the status if an endorsement is added to the policy. With the additional insured endorsement, the policy of the named insured will also protect the additional insured.
Here’s a simple additional insured vs. named insured scenario. A building owner may require a tenant to add him as an additional insured on the tenant's insurance policies. If an accident happens on the tenant's premises, the owner would get certain benefits and rights as an additional insured from his tenant's insurance. That means the additional insured (the building owner) may also file a claim in case he gets sued with the named insured (the tenant).
Being named as an additional insured provides several benefits, such as reduced loss history and premiums. Usually, it’s the named insured who incurs the loss and the premium increase.
Note, though, that the coverage of the additional insured may be limited as compared to coverage of the named insured. This will depend on the policy, but protections accorded to an additional insured will probably include defense coverage and coverage for certain third-party lawsuits. The coverage may be limited to one event or may last for the policy's lifetime.
Theoretically, anyone can be named as an additional insured. If you’re a contractor, subcontractor, or business owner, your clients may ask you to name them as additional insured. Just the same, if you’re a client, you may request a hired contractor or subcontractor to name you as an additional insured.
The coverage and endorsements of additional insureds are common topics of disagreements, misunderstandings, and litigation. For instance, it’s up for debate whether the additional insurance coverage should cover negligence on behalf of the additional insured independently or only negligence caused by the named insured.
Our clients often get confused about what a certificate holder is versus an additional insured. A certificate holder is an entity that is provided a certificate of insurance (COI) as proof that another entity has insurance coverage. The COI is just a way of saying “I have insurance” but acquiring one from your insurance provider and identifying another person or organization as a certificate holder does not modify your policy. For example, a client might ask you for proof of insurance before working with you. You would then ask your insurance provider to issue a COI naming your client as the certificate holder. This does not mean they are covered under your insurance policy. Whereas, if you add an additional insured to your policy, some or all of your insurance coverages are extended to them.
If you want to or are required to, you can name a certificate holder as an additional insured. They are not mutually exclusive.
Cybersecurity risks are usually outside the coverage of general liability insurance policies. Data breaches, identity theft, and cyber attacks can cost you sizable sums of money in terms of recovery, claims, and penalties. That’s where cyber insurance (cybersecurity insurance or cyber liability insurance) comes in – to help mitigate and cover the costs associated with recovering from a cybersecurity incident.
Cyber insurance comes with 2 types of coverage. First-party coverage covers reimbursable expenses, like monetary losses, investigation, notifying the insured’s customers, system repair, and data recovery. The other one is third-party coverage, which covers legal fees, claims, fines, and other penalties.
Cyber insurance usually does not cover bodily injury and damage or property loss. We already expect general liability insurance to cover such exclusions. Thus, today’s companies, including SMBs (small and medium-sized businesses), need to have cyber insurance. Many enterprises that often work with smaller vendors are realizing this and are requiring their SMB vendors to have a cyber insurance policy in place.
Some are asking to be named as an additional insured in the policy. Coverages for the additional insured depend on the policy; be sure to get clarity on this before purchasing.
Extending your coverage by adding an additional insured to your cyber insurance policy increases your risk, especially if your additional insured requests a waiver of subrogation. This prevents you from pursuing recovery from the additional insured and/or the additional insured’s insurer should a cyber claim arise.
Navigating the additional insured contract requirements can be challenging. You may need to negotiate exclusions and certain cyber insurance requirements in your contracts. The wording in these contract agreements can be instrumental in determining claim responsibilities.
Zeguro’s business cyber insurance offers comprehensive coverage for data loss, business interruption, extortion, third-party lawsuits, regulatory fines, and more, and is backed by a global 24/7 claims team with more than 20 years of experience in cyber insurance claims. Our licensed agents can help you navigate any questions around naming an additional insured in your policy. Get a quote today.