Cyber Insurance Alert: The potential insurance impact of discontinued Windows XP support

Cyber Insurance Alert: The potential insurance impact of discontinued Windows XP support


Professional liability insurance, otherwise known as errors and omissions insurance, is generally intended to cover alleged errors, omissions or negligent acts in the provision of products or services that result in economic or financial loss (as opposed to bodily injury or property damage). Similarly, network risk insurance, also known as cyber insurance, is intended to address privacy and security exposures. Typical cyber and professional liability policies have a variety of exclusions that can eviscerate coverage if insureds are not careful to customize the policy wording.

Microsoft is scheduled to discontinue technical support, including automatic updates that help protect a PC, for Windows XP as of April 8, 2014. What this means is the following: if you continue to use Windows XP after support ends, your computer will still work but might become more vulnerable to security risks and viruses because Microsoft will no longer identify and patch breach vulnerabilities (except for some limited anti-malware related updates through July 15, 2015).

According to PC World, Windows XP was “powering 27.69 percent of all worldwide PC usage during the month of March.” In addition, “Windows 8 and 8.1 combined account for just 11.3 percent of PC usage worldwide – less than half of XP’s market share.” Furthermore, many ATM machine networks, healthcare and educational institutions rely on Windows XP.

Some professional liability and cyber polices have one form or another of the following exclusion:

“This policy does not apply to any claim based upon or arising out of any actual or alleged failure to install available software product updates and releases, or to apply security-related software patches, to computers and other components of a computer system.”

Will professional liability and cyber insurance carriers interpret such provisions to exclude coverage for a security or privacy breach or software bug for any network that continues to use Windows XP? It is important that insureds understand how their continued usage of Windows XP may affect coverage under their cyber/network risk or E&O policies. We recommend that you review your organization’s usage of Windows XP and any applicable exclusions in your insurance policies.

Aon Contact

Related Practice