Insuring your technology contracts

09 September 2025

Hamish Fraser
Partner
Sparke Helmore Lawyers

Hamish Fraser
Partner
Sparke Helmore Lawyers
t: +61 2 9373 3616

Hamish is an accomplished senior technology lawyer with more than 30 years’ experience advising clients on commercial issues and regulatory matters across the information technology and communication industries. Hamish enjoys demystifying the complex interaction of technology and the law.

Jon Tyne
Partner
Sparke Helmore Lawyers

Jon Tyne
Partner
Sparke Helmore Lawyers
t: +61 2 9260 2683

Jon is an insurance lawyer and litigator with a breadth of experience across complex financial lines matters and reinsurance disputes. Acting for national and international insurers and reinsurers, Jon advises clients on coverage issues and acts for their insureds in all lines of speciality risk including professional indemnity, directors and officers, management liability, warranty and indemnity, and cyber. He advises on the application of reinsurance arrangements and acts in commercial disputes. Jon also has an interest in emerging risks and associated insurance products.

Technology contracts often contain a clause that mandates some form of insurance. Clauses such as this can often be a legacy from a less digital age. Do such clauses have a place in the modern technology contract and, if so, what should they say?

This article looks to address both the meaning of some of the “older” style clauses, addresses a few common misconceptions and considers what sort of clause a modern digital contract might benefit from.

Why require insurance at all

It is perhaps trite to point out that a business takes out an insurance policy to manage risk. But why does an insurance clause find its way to a contract. What is it there for and what should it oblige a party to do?

A prudent acquirer of digital services (the customer) should look to ensure its suppliers will survive misfortune – whether a business interruption, a claim from the customer (or the suppliers' other customers) or other business shock. Following that logic, it is also therefore prudent for the customer to ask to know, or perhaps even mandate, what insurance the supplier should have.

Sometimes it is possible or even necessary for a particularly large project to have specific insurance (e.g., to take an extreme example, a satellite launch). However mostly the purpose of the insurance clause is to know and understand what protections the supplier has or should have to perform the work that is to be delivered.

One function of such clauses is to mitigate contract risks that can be insured against – for example, the risk that a supplier, which fails to meet its duties, has no assets to meet a claim by the customer. However another important purpose of the requirement to insure is to ensure (so far as possible) the supplier will remain financially viable and able to continue providing services.

Insurance clauses, like so many clauses thought of as “boilerplate”, require planning and a consideration of the circumstances of the contract and a fair allocation of the risk between the parties. An understanding of the purpose of the insurance can go a long way to ensuring the right clauses are used for the right reasons, instead of the use of default language. As well as keeping contractual language clear and relevant, a tailored approach may simplify contract administration and could even improve pricing.

Common clauses

Below are some types of clauses or parts of clauses commonly found – together with a short discussion of their strengths, weaknesses and when and how they might be used.

Named on the Policy:

One misconception is that customers should always ask to be “named” in the supplier’s insurance policies. This misconception can lead to clauses that are more onerous than needed. Depending on the class of insurance product and the structure of the supplier’s program, it may not be possible or practical to name the customer – or the insurer simply may not agree. While there are situations where naming the customer on the policy may make good sense, it’s important to understand the possible implications for policy coverage – for example, some policies exclude claims made by one insured against another.

Noted on the Policy:

Like naming, a clause may ask that an interest be “noted”. The problem with this kind of clause is that it may achieve very little, if taken literally. If a customer wants to have a right to access a supplier’s insurance directly, the right it wants has to be set out clearly in the contract and must be available in the insurance market. Often, what a customer is really after is cover for liability claims against it that result from actions taken by the supplier on its behalf (a cover commonly available in the market). If so, the clause should be tailored appropriately.

Policy wording:

Some clauses require the supplier to provide a complete copy of the policy wording, which is typically confidential between the contract and its insurer. It is not uncommon for insurers to refuse to allow the supplier to provide policy documents to others, and the supplier may not want to do so for its own risk management purposes. The customer should assess how critical it is to see contract wordings – in some cases, it will be important; while in others seeing a certificate of currency issued by the supplier’s broker or insurer, or a summary of the insurance terms, will be sufficient.

Change of insurer:

Clauses sometimes stipulate that the supplier must notify the customer of a change in insurer. This requirement is often unnecessary, especially when the contract already has sufficiently clear requirements for insurance.

Insurer rating:

An insurance clause will commonly seek to ensure that any insurance taken has been issued by an insurer with a minimum rating from a credit rating agency. While this may give some comfort that the insurer is in a position to back their product, it may limit the supplier’s access to other potentially acceptable insurance solutions.

Notice of any claims:

A clause seeking to be notified of claims (unrelated to the contract) is likely to be misguided. If the reason for the policy is contract specific, then claims may be known in any case. If the reason is customer prudence, an unrelated claim on a policy may be of little relevance, providing there is ongoing cover, and could well be confidential.

Customer’s liability cover (often called principal’s liability cover)

Sometimes the risk that is appropriate to mitigate with insurance, is that a claim may be made against the customer based on the acts or omissions of the supplier, if acting on behalf of the customer.

Principal's liability cover extends a liability policy (taken out by the supplier) to provide cover for the loss of the customer in this scenario. This is to protect the customer in circumstance where it might have vicarious liability for the supplier’s conduct. The need for this type of insurance might arise, for example, where the supplier may have some people located at the customer’s premises (e.g., in software development, but this is becoming less common with the move to the cloud). Whilst the customer may already have its own insurance, it is possible (for example) that it doesn’t believe it should pay for any premium uplift by having additional personnel and/or it may want to protect its claims record.

So what if you don’t comply

One difficulty with insurance clauses is the consequences of a breach of the clause. It is well understood that damages for breach of a contract are there to put the party in the position it would have been in had the contract been performed.

Assuming the obligation to insure exists, working out what loss a customer has sustained because a supplier has not taken out a required policy is problematic. If there has been no loss for which the policy would respond, it is hard to envisage a loss caused by the breach. Equally, if the party that does not effect the insurance causes a loss, either it is capable of meeting the liability (so there is no need for a policy anyway) or it is not capable of meeting the loss, in which case it may become insolvent, and there will be little value in making a claim as there are no funds to meet it.

If the purpose of the requirement to be insured is what has been described above is a prudence exercise, then best practice is to follow up that prudence with a requirement to ensure the supplier does in fact hold the policies by way of certificates of currency or other means to confirming compliance.

Types of Policies

A key element in mandating insurance in a contract is to understand the different types of insurance.

Claims made v occurrence policies: A claims made policy is a policy intended to cover claims made (or circumstances notified) during the term of the policy. A claim may not be made for a significant time – potentially many years – after the events which give rise to it. For this reason, it is common to require that runoff insurance for (commonly) seven years be maintained after the end of a contract. Professional indemnity insurance (discussed below) is usually a claims made policy. Occurrence policies, on the other hand, provide cover for claims arising from events that occur during the policy period.
Professional indemnity policy: A professional indemnity policy covers the risks taken by a business that provides professional advice or services (e.g., a doctor or a lawyer). If a supplier is giving advice, making recommendations or providing other professional services, a prudent customer would ask the supplier to hold professional indemnity insurance (and keep it for seven years after the end of the contract).
Public liability cover: This type of insurance typically covers personal injury and property damage. It is commonly written on an occurrence basis.
Cyber insurance: Increasingly, customers are requiring their suppliers to hold cyber insurance. The principal should give thought to what precisely they want the supplier to hold insurance against and the reasons why. Cyber insurance covers first party losses – such as the costs of responding to a cyber incident, which can ensure there is a financial “safety” net and experts in place who can act quickly to rectify a breach. This class also often includes cover against third party claims based on a cyber event, but the scope of the cover can vary between products.

Other issues

Insurance brokers are an invaluable asset when a business is trying to assess suitable insurance needs, its risk and to investigate the market for insurance.

Conclusion

Our key tips:

Think about your contract wording and tailor it appropriately, rather than using “default” clauses.
Remember that insurance is only one way to manage risk. And that a supplier may pass on the cost of insurance it is required to take out to the customer. Decisions about the scope and limits of insurance required under a contract need to consider both the advantages and costs of managing risk in this way.
Assess risk, determine who carries it, and choose suitable insurance – ideally with professional advice.
Obtain evidence of cover and actively manage the contract.

11-09-2025 | Financial Services, Funds and Superannuation legal update - August 2025

10-09-2025 | Sparke Helmore MAD (Motor Accidents Division) - Issue 141

09-09-2025 | Sparke Helmore's MAD (Motor Accidents Division) - A special edition

04-09-2025 | Tracking the evolution: a snapshot of the Hunter's history with energy and resources

02-09-2025 | (Re)Insurance and Regulation Focus - fortnight commencing 1 September 2025

26-08-2025 | Understanding the moving target for changes to superannuation

Media room