Technology companies underpin the daily operations of businesses around the world. They provide the pipes that allow commerce to flow. This global infrastructure is under increasing attack from cybercriminals. Change Healthcare, CDK Global, SolarWinds. The list of third-party technology providers which have been the victims of cyber breaches continues to grow.

When these attacks occur, the financial, operational and reputational impact on the industries which these businesses serve can be profound and long lasting. The attacks trigger cyber liability, business interruption, and professional liability claims. Yet, despite the proliferation of these attacks and the demonstrable cross class impact, the insurance industry has been slow to respond. When one attack creates cyber liability, business interruption, and professional service failure claims simultaneously, traditional coverage boundaries become meaningless.

Every company is now a tech company

Technology E&O isn't just for traditional IT companies anymore. Almost any company offering a service or technology product now carries E&O risk. Management consulting firms may develop bespoke software when helping streamline customer operations. Law firms may create digital document management platforms and then provide access to their peers. Accounting practices deliver cloud-based financial systems. With even traditional professional services moving to digital-first delivery, the benefits are clear and business models are increasingly reliant on digital-led services as a result.

However, these dependencies create a growing vulnerability when systems fail. A network outage means there is no fallback. The digital services cannot be done by alternative means. Business stops. Alongside being technology companies, producing content has turned companies into content creators and distributors. This article, for example, which a decade ago may have just been written for a trade publication, will now be published on a range of owned online channels. But this process exposes businesses to media liability and intellectual property risks.

The growing risk

IT and software supply chain incidents are increasing as threat actors continue to hone their approaches and exploit weak points in supply chains which can cascade across the rest of the ecosystem.  Software supply chain attacks increased from an average of just under 13 a month during the eight months of February-September 2024 to just over 16 a month from October 2024 to May 2025, an increase of 25% in the most recent eight-month period. June and July 2025 averaged nearly 25 cyberattacks[1].

Changing an outdated approach

As these risks increase and converge, insurance coverage lines are becoming less clear and the traditional approaches less effective. A business might have some advertising cover under General Liability, a cyber policy covering technology services, and miscellaneous professional liability for non-tech risks. When complex incidents occur, this fragmented approach creates potential for coverage gaps. It is combatting the cyber threat of 2015 not 2025. Our industry requires an approach designed for the next generation of threats.

The IP Gap

Many of the world’s largest companies today hold greater value in their intangible rather than physical assets. Patents, proprietary software, and trade secrets represent core competitive advantages, particularly for technology providers. This IP makes them targets. Hackers know that if businesses rely on access to online data to provide their services and retain their value then withholding access will create the leverage they need to extort significant ransoms.  Simultaneously, developing technology solutions increases risk of accidentally infringing patents or misappropriating trade secrets while delivering services.

The intellectual property insurance market remains significantly underserved compared to cyber coverage. It's an emerging product with limited carrier capacity. This creates a potential coverage gap for organisations whose business models depend on IP assets.

For technology service providers, IP infringement allegations often arise directly from professional service delivery. When consulting firms' software allegedly infringes competitors' patents, or professional services firms are accused of misappropriating client trade secrets, claims blur boundaries between professional liability and IP protection. By integrating IP coverage within existing insurers can provide increasingly essential protection.

The next generation of cover

Recognising these evolving risk landscapes, Tokio Marine Kiln has launched the market-first Enterprise Ctrl suite as an enhancement to our recently introduced Cyber Ctrl offering. This integrated solution combines professional liability, cyber insurance, and intellectual property coverage under a single policy. 

As the risk of cyber incidents, professional service failures, and IP disputes become increasingly interconnected, Enterprise Ctrl reduces the risk of coverage gaps and brings clarity in place of blurred lines.

[1] https://cyble.com/blog/supply-chain-attacks-surge-in-april-may-2025/