The difference between an IT contractor and an IT company
An IT contractor is a subcontractor operating for another, larger IT company or directly for companies from various industries. Contractor is responsible for a specific scope, e.g. creating software, integrating it or testing the work of others. Working on larger projects, in larger teams, he performs the assigned elements of work. Most often, it is other people who decide what the contractor is to perform.
His responsibility for the work he does depends on what exactly he does and what responsibility he takes for his work. In the event of a bug or cyber incident to which he contributed, the claim goes to the company implementing the project. This company, in turn, may put forward a recourse claim against the contractor. Thus, the contractor’s PI and cyber risk assessment is less detailed than for IT companies.
An IT company may also be a subcontractor of another IT company. This trend is particularly visible in Central Europe. For the proper assessment of the insurer’s risk, it is crucial to define the scope of the project and the liability of the IT subcontractor. When an IT firm is a subcontractor to another IT firm, the liability of the subcontractor may or may not be smaller.
Key areas for IT risk assessment
These are, for example:
- precise definition of what the IT company does;
- indication of the industries for which it works;
- IT company’s responsibility for its clients’ infrastructure;
- IT security level of the company’s own infrastructure;
- contractual liability of an IT company.
Each of these areas may have a different importance in the risk assessment proces. It depends on the specifics of the company’s activity. This shows the most important and difficult task of an underwriter – understanding what the company does and how the services / technologies offered translate into risk for the insurer.
The difficulty is that a comprehensive picture of the company cannot be obtained from descriptions from a standard risk assessment form, the same for the entire industry. Vague formulas do not say much. So it is important that intermediaries „feel” the IT industry.
When will the representatives of IT companies take you seriously?
You don’t necessarily need „super technical” knowledge to build a relationship with the IT community. More important is the willingness to learn „their” language, communication and trying to understand the challenges posed by new clients. While basic technical knowledge may prove useful, there is no substitute for practice based on meeting clients. Contrary to popular stereotypes, the IT community is very open and willing to communicate. What is most important is a simple conversation and not offering the client „standard”, incomprehensible forms of many insurance companies.