Today’s tech companies operate in a fast-moving, high-risk environment. From data breaches and intellectual property (IP) disputes to contract liability issues, the chance of experiencing more than one incident in a single policy year is becoming increasingly likely. Here, there’s a problem. Many traditional tech E&O and cyber policies still rely on a single aggregate limit, meaning each claim chips away at the total available coverage. When that limit runs out, businesses can be left footing the bill.
At CFC, we do things differently. With separate towers of indemnity for each major insuring clause, our policy provides multiple reinstatements for unrelated events—offering tech companies greater peace of mind and protection when facing a series of claims. Let’s take a look at how it works.
Incident one: Missed deadline results in breach of contract
A custom software and app developer with $25 million revenues secured a contract with a major retail chain to design and host their point-of-sale (POS) software. With the agreement starting in January and a go-live date set for April, the timeline was tight but achievable.
However, as demand for the developer’s services grew, the company took on several other contracts with ambitious delivery expectations. To keep up, the developer outsourced parts of the work to third-party subcontractors. Despite the additional support, the developer had overstretched its resources—leaving the POS project behind schedule.
By April, the software was still incomplete. The retailer, relying on the new system to process sales, experienced payment disruption for a number of days, causing significant business interruption costs. Due to the downtime and reputational damage, the client took legal action against the software developer for breach of contract, seeking to recover the full contract value of $2.5 million.
Fortunately, the software developer had a $2 million limit of indemnity for breach of contract in its technology policy with CFC. After lengthy negotiations lasting several months, all parties agreed a settlement for $1.9 million, with the insured’s legal fees totalling an additional $100,000. As CFC’s tech policy includes payment for sums the insured is legally required to pay, as well as claimant costs and expenses, the insured received full cover for the financial loss, ensuring it wasn’t left out of pocket.
Incident two: Ransomware locks down systems
While navigating the fallout of the contractual dispute, one of the developer’s employees received a phishing email that appeared to come from a trusted client. The email referenced a design fault in an application under development and included a link for urgent review. Unfortunately, the link contained ransomware, and upon opening it, the company’s entire system was encrypted—rendering it inoperable. The attackers demanded a ransom of $400,000 to be paid in Bitcoin in exchange for the decryption key.
The insured alerted CFC as soon as it discovered the incident. Our in-house incident response and claims team stepped in to assess the situation. Although the attackers had infiltrated the company’s live backups, a separate offline backup—kept on a USB flash drive—remained unaffected. With support from CFC, the developer successfully restored its systems without paying the ransom, avoiding extended downtime.
To assess the extent of the breach, CFC conducted a forensic investigation to understand if the hackers had accessed or stolen third-party IP or sensitive data. With legal guidance from CFC’s cyber panel breach counsel, it was ultimately confirmed that no data had been exfiltrated, allowing the insured to move forward
without notification obligations or reputational damage.
While no ransom had to be paid, the incident’s financial impact was still significant. The forensic investigation and business interruption loss came to $100,000, in addition to $15,000 in legal expenses and $10,000 for crisis communication services—amounting to a grand total of $125,000.
With a single aggregate tower of cover, the insured would have been significantly out of pocket because the initial breach of contract claim had maxed out the policy. But with CFC’s combined technology E&O and cyber cover, the cyber event was covered on top of the first limit loss, ensuring the insured benefited from complete protection.
The outcome: Why separate towers matter
This case demonstrates just how crucial separate towers of cover can be. For tech companies facing fast-moving threats and complex liabilities, a single loss can quickly exhaust their insurance limit—leaving them exposed if another incident follows. CFC’s technology policy is designed to go further, offering robust, layered protection that helps safeguard our clients when it matters most.
Legal disclaimer: These examples are intended for illustrative purposes only and not intended to address the circumstances of any particular insured. Each claim submitted to CFC by an insured is based on the terms and conditions of the coverage provided to that particular insured and the facts and circumstances relating to a particular claim.
Learn more about separate towers of cover per insuring clause, and other market leading coverages in our technology policy, by contacting our team at tech@cfc.com.
You can find our regulatory information on our website by visiting cfc.com/support/regulatory-information.
© 2025 CFC Underwriting Limited. All rights reserved.
