The biggest risks web3 companies face
At Superscript, 100% of our web3 claims come from off-chain risks. This might feel like a shocking statistic considering the complexities of on-chain products within the digital assets industry, but it’s often the places people overlook that turn out to be the most important.
With everyone so focused on their on-chain environments, the real business risks can go unnoticed. So what kind of risks are we talking about, and how can they be mitigated? Let’s go on a journey through the web3 insurance landscape so you can better navigate your off-chain risk.
The real risks facing web3 companies
Risk: Cyber attacks You get a call from your CTO telling you that your company data has been hacked. Your payment system has been breached, customers’ private card details are stolen and the hackers are demanding a ransom payment be made within the next 48 hours. This is called cyber extortion and data exfiltration; effectively, threat actors have encrypted your data and copied it for themselves. This is done to put extra pressure on you – the victim – to pay the ransom. As most companies today can get around paying the ransom by restoring from backups, the exfiltration element allows the threat actors another vector for ransom demand.
If this sensitive data gets out – and then the inevitable news stories – it could potentially lead to reputational damage and fines, but also interrupt your business, leading to loss of trust in the market and a dent in your profits.
Mitigation: Cyber insurance Cyber insurance – also known as cyber liability insurance or cybersecurity insurance – is designed to cover companies that store and handle data. The scope of coverage provided by a cyber policy is far broader than just data, and depending on the type of policy you get, you could be covered for a number of risks from malware and Denial-of-Service (DoS) attacks, to business interruption and client compensation.
Any type of company may be at risk from cyber crime, and as a web3 company, not only are you handling and storing personal identifiable information, your service may also be an integral part to your clients operations. Any type of contingent business interruption can be incredibly costly for your business and your clients.
Risk: Wrongful dismissal Imagine you set up your web3 company with two other founders. After some time, you feel that one of them wasn’t pulling their weight, so you let them go and part ways. You now assume that the problem has been put to bed.
But no, your ex-co-founder sues your company for millions as they felt “forced out” of the firm. You spend months – and millions – litigating in court, hurting your company growth, solvency and reputation.
Mitigation: D&O insurance and employment practices liability Directors' and officers' insurance, also known as management liability insurance or D&O insurance for short, is designed to protect entrepreneurs, regardless of company size, from the risks associated with running a business. Any issues arising out of employee hiring or severance is typically covered by an employment practices liability (EPL) policy which insures the company against allegations of wrongful dismissal.
D&O insurance has a three-pronged cover. One prong covers directors personally for fines, penalties and legal expenses. The second reimburses the company for paying on behalf of the directors. And the last covers the company should it itself be named in the lawsuit.
Risk: Trademark infringement Say your web3 company is doing really well in your home market, so you think it’s the right time to expand overseas. You pick a country where you see growth potential and start your expansion. But then you receive a cease and desist letter from a company in that country with a similar name and business.
You open lines of negotiation and suggest a compromise, but there is no acceptance from the other side. Instead you receive an injunction, which is then held up by a judge. You then agree to settle out of court costing millions and halting your expansion plans.
Mitigation: Intellectual property is an umbrella term for any type of idea or invention – from design, art, music and photography to logos and brand names. These intangible items can be ring fenced within patents, trademarks and copyrights, but that doesn’t always stop others from infringing on your intellectual property.
Digital assets are increasingly thought of as intellectual property and cover a variety of assets from proprietary code, algorithms and software to online content such as NFTs, or non-fungible tokens.
Depending on the cover you get, intellectual property insurance (IP) may cover legal costs and damages involved in defending or settling a claim of infringement, like the example above. It may also cover legal costs if you want to take action against another party for infringing on your IP.
An IP policy can sometimes be wrapped up into a technology errors and omissions (tech E&O) policy. Tech E&O insurance is a type of professional liability that can cover the costs if the services or products you provide are blamed by a customer for causing damages due to errors, omissions or negligent acts.
In conclusion
While on-chain might be the more cutting edge and innovative part of your company, as you can see, risks can often come from the humdrum of daily business.
It’s important to note that in the UK, only one type of insurance is usually required by law if you have employees: employers’ liability insurance. You’re only likely to need this cover if anyone works for you, and if you don’t get the right cover, you can be fined £2,500 every day you’re not properly insured. Although other types of insurance aren’t required by law, it’s still a good idea to consider getting covered.
If you’re interested in learning more about the off-chain risks that web3 companies can face, and how insurance can support your business, get your eyes on my most recent webinar, where I chat with Jennifer Stivrins and Meredith Challender, Partners at law firm Kissel Straton & Wilmer on this very topic. Alternatively, reach out to any of the Superscript web3 team.
This content has been created for general information purposes and should not be taken as formal advice. Read our full disclaimer.