Chapter 24 Quiz

Twenty questions to check your grasp of the professional and specialty lines: E&O, D&O, EPL, cyber, and the claims-made machinery that binds them. Answers and brief explanations are in the collapsed key at the bottom — try the whole set before you open it.

Multiple choice

1. Errors & omissions (E&O) coverage responds primarily to:

  • A. Bodily injury caused by the insured's premises
  • B. Property damage caused by the insured's products
  • C. Financial harm a third party suffers because the insured's professional work was negligent
  • D. The insured's own lost income after a fire

2. "Professional liability insures a standard of care, not a guaranteed result" means:

  • A. The professional is liable any time the outcome is bad
  • B. The professional is liable only when their work fell below the competence a reasonable peer would have shown
  • C. The policy guarantees the client a successful result
  • D. The policy covers intentional wrongdoing

3. Which "side" of a D&O policy protects individual directors directly when the company cannot indemnify them (for example, in insolvency), typically with no retention?

  • A. Side A
  • B. Side B
  • C. Side C
  • D. The tail

4. Side B of a D&O policy:

  • A. Covers the entity's own securities liability
  • B. Reimburses the company when it indemnifies its directors and officers
  • C. Protects individuals when indemnification is barred
  • D. Is the same thing as EPL

5. A company preparing for an IPO faces elevated D&O risk mainly because:

  • A. IPOs are illegal without D&O
  • B. Selling stock to the public invites a securities suit if the stock later drops
  • C. Private companies cannot buy D&O
  • D. The IPO eliminates the duty of care

6. Employment practices liability (EPL) is best described as coverage for claims by:

  • A. Customers injured on the insured's premises
  • B. Shareholders alleging the board destroyed value
  • C. Employees and applicants alleging wrongful employment conduct
  • D. Vendors alleging breach of contract

7. The most appropriate exposure base for EPL is closest to:

  • A. Annual revenue
  • B. Square footage
  • C. Headcount and turnover
  • D. Building value

8. For a manufacturer with little sensitive customer data, the dominant cyber loss is usually:

  • A. Privacy class actions over leaked credit cards
  • B. Business interruption from ransomware
  • C. Media/content defamation
  • D. Regulatory fines for data sales

9. Which is a first-party cyber coverage (the insured's own loss)?

  • A. Privacy liability to affected individuals
  • B. Regulatory defense and penalties
  • C. Network security liability to a partner
  • D. Business interruption while systems are down

10. Cyber is exceptionally hard to model because, relative to the law of large numbers, it is:

  • A. Independent, similar, and stable
  • B. Correlated, heterogeneous, and non-stationary
  • C. Low-frequency and low-severity
  • D. Identical to fire risk

11. In current cyber underwriting, the single highest-value control — often a hard requirement — is:

  • A. A firewall
  • B. Antivirus software on one machine
  • C. Multi-factor authentication (MFA) on email, remote, and privileged accounts
  • D. A printed security policy

12. Why are tested, offline or immutable backups so important to a cyber risk?

  • A. They prevent phishing emails from arriving
  • B. They let the insured restore rather than pay ransom, shrinking the business interruption
  • C. They are required by the GINA statute
  • D. They eliminate the need for a claims-made trigger

13. On a claims-made policy, the retroactive date is:

  • A. The date the policy expires
  • B. The date before which wrongful acts are not covered no matter when the claim is made
  • C. The date the tail begins
  • D. The date the first premium is due

14. A professional who is retiring and closing their practice most needs:

  • A. A new claims-made policy with a fresh retro date
  • B. An occurrence policy
  • C. A tail / extended reporting period (ERP) on the expiring policy
  • D. Higher limits on a new policy

15. A broker switches an established firm to a new carrier and the new policy's retro date is set to inception. The likely result is:

  • A. Broader coverage than before
  • B. A coverage gap for all of the firm's prior work
  • C. No change in coverage
  • D. Automatic prior-acts coverage

Short answer

16. In two or three sentences, distinguish E&O from D&O by who sues and over what conduct, and explain why a commercial general liability policy responds to neither.

17. Explain the difference between a claims-made policy's retroactive date and its tail (ERP). State which device an insured switching carriers needs and which a closing/retiring insured needs.

18. A company suffered a ransomware attack last year and is now applying for cyber. Name the two opposite things this fact could mean, and identify the single category of evidence that tells you which is true.

19. Why is claims-made the natural trigger for long-tail professional lines while occurrence suits a short-tail line like commercial property? Tie your answer to the gap between act and claim and to the insurer's ability to reserve.

20. You are handed an emerging risk with no credible loss history that fails the "calculable chance of loss" insurability test from Chapter 1. Name the three disciplined ways to respond, and explain why writing it at scale on a standard form at a standard price is the option to avoid.

Answer key (try the questions first) **1. C** — E&O covers the *economic* harm negligent professional work causes a third party; bodily injury and property damage belong to the CGL. **2. B** — Liability attaches only when the work fell below the standard a reasonably competent peer would have met; a bad outcome alone is not malpractice. **3. A** — Side A protects individuals directly when the company cannot indemnify (e.g., insolvency or where indemnification is legally barred), typically with no retention. **4. B** — Side B reimburses the *company* for the indemnification it provides to its directors and officers (the usual case). **5. B** — Going public invites securities litigation if the stock subsequently drops; IPO D&O is one of the hardest D&O exposures to write. **6. C** — EPL responds to claims by employees, applicants, and sometimes third parties alleging wrongful employment conduct (termination, discrimination, harassment, retaliation). **7. C** — EPL scales with headcount and turnover, not revenue; a labor-intensive, high-churn employer generates more claims than a capital-intensive one at the same sales. **8. B** — For a manufacturer, the operational dependence on systems makes *business interruption from ransomware* the dominant loss, even when the privacy exposure is small. **9. D** — Business interruption is a *first-party* (the insured's own) loss; privacy, regulatory, and network- security liability are *third-party*. **10. B** — Cyber losses are correlated (one vulnerability hits many at once), heterogeneous (no stable "similar" pool), and non-stationary (the threat evolves) — the antithesis of the law of large numbers' requirements. **11. C** — MFA defeats the stolen-password attack, the most common entry point, and is frequently a hard requirement; the absence of MFA on email/remote access became close to an automatic decline in the hardened market. **12. B** — Tested offline/immutable backups let the insured *restore* instead of paying ransom, shrinking the business interruption; this is why attackers now try to destroy the backups first. **13. B** — The retroactive date is the line in the past before which wrongful acts are not covered, regardless of when the claim is made. **14. C** — A retiring/closing professional needs a *tail (ERP)* on the expiring policy to extend the reporting window for old work; a new policy would not cover claims for acts predating it as the practice winds down. **15. B** — Resetting the retro date to inception strips prior-acts coverage and leaves all of the firm's earlier work uninsured — a classic, avoidable gap (and a broker E&O exposure). **16.** E&O: the *client/customer* sues over negligent *professional work* causing economic loss. D&O: the company's *investors, creditors, regulators, or the entity itself* sue over the *leaders' management decisions* and breach of duty. The CGL responds to neither because it covers bodily injury and property damage, not negligent professional services and not management/securities conduct. **17.** The *retroactive date* governs how far *back* into the past coverage reaches (acts before it are never covered); the *tail/ERP* extends how far *forward* an insured may *report* claims for acts that occurred during an expired policy. A *switching* insured needs the retro date *preserved* (prior-acts coverage matched to the old policy); a *closing/retiring* insured needs a *tail* on the expiring policy. **18.** It could mean the company *learned and genuinely hardened* (now possibly a better risk than a complacent never-breached peer) or that it *bought a policy and changed nothing* (attackers may still have a foothold). The deciding evidence is the *remediation* — incident response engaged, MFA deployed everywhere, clean rebuild, segmented and tested backups, independent post-incident assessment. **19.** Long-tail professional lines have a large gap between the negligent act and the resulting claim (years). On occurrence, the insurer would carry uncertain IBNR on a peril whose severity keeps changing — hard to reserve and price. Claims-made closes the books nearer the policy period, so the insurer knows its exposure sooner, making a volatile long-tail line priceable. Short-tail property has act and claim close together, so occurrence works cleanly. **20.** Write it *small* (a modest sublimit capping downside while you learn), write it *narrow* (tightly worded coverage for a defined peril, often manuscripted on surplus lines), or *decline and watch* (let competitors absorb the early losses and price it once data exists). Writing an emerging risk at scale on a standard form at a standard price is how the industry got hurt on cyber and asbestos — the price and limit must reflect the ignorance.