Do contract confidentiality/prorietary requirements leave you confused?

Jul 12, 2017Risk Management

Q: When the contract requires protection of confidential/proprietary information, what information may NOT fall into that category?

A: Keeping in mind that this is not an all-inclusive list, following are some examples of information that may NOT be truly confidential or proprietary.

Information that was known to you previously but not protected as confidential
Information that is in the public domain
Information that you may be legally or ethically obligated to disclose
Information that needs to be shared with subconsultants or your own employees
information that you have a right to retain as part of your project records

To learn about our Insurance Offerings and our Risk Management program, visit our website or Contact us today at 713-552-1900. Be sure to have a lawyer or licensed Risk Manager review your contracts for insurability and other risk implications.

So what might be considered confidential/proprietary?

According to www.contractstandards.com, “Confidential Information” means material, non-public, business-related information, written or oral, whether or not it is marked as confidential, that is disclosed or made available to the recipient, directly or indirectly, through any means of communication or observation by the disclosing party or any of its Affiliates or Representatives.

Proprietary Information is information that is not public knowledge (such as certain financial data, test results or trade secrets) and that is viewed as the property of the holder.

The recipient of proprietary information, such as a contractor in the procurement process, is generally duty bound tom refrain from making unauthorized use of the information.

Be sure to have a lawyer or licensed Risk Manager review your contracts for insurability, confidential/proprietary requirements and other risk implications.

Gears and Confidential Mechanism on Whiteboard

Did you know Risk Specialty Group offers free contract reviews?

When you become a client of Risk Specialty Group, one of our free services is to help review your contracts for insurability and other risk implications with our licensed Risk Manager. We will walk you through any potential risks before you sign a contract and address any concerns or potential exposures. Visit our website to learn more about our Risk Management program.

Are your firm's Cyber risks actually covered? If you're like most design professionals, the answer might surprise you.

According to the World Econo

Does your E&O policy cover cyber attacks?

For most design professionals, the answer is no.

The most common coverage in Professional Liability policies regarding any type of virus transmission is called "network security" liability. But this is only for "3rd party" expenses, such as when a design firm gets sued by one of their clients for the transmission of a virus. It covers the cost of defense and any "3rd party" costs that the client incurs. However, it does not provide any "1st party" coverage for the design firm itself in the event of a cyber attack or breach. Also, these endorsements typically offer sublimits that cap payouts at a fraction of actual incident costs.

Only true Cyber Liability covers 1st party costs associated with a cyber attack or breach on the design firm. That is why the coverage within a Professional Liability is called "network security" and not "cyber liability".

What about a major ransom demand? What about two weeks of system downtime? What about paying a fake invoice for $85,000?

That's a different category of loss entirely. The vast majority of design firms enter 2026 without true cyber coverage.

The FTC's cyber insurance guidance recommends standalone cyber coverage for businesses.

Why are engineering firms prime targets?

Fifty-nine percent of AEC firms experienced a cybersecurity threat in the past two years, according to Dodge Data & Analytics. Cyberattacks on construction companies doubled in Q1 2024 compared to Q1 2023.

The reasons are structural. Engineering firms hold exactly what attackers want:

Time-sensitive projects where delays cost real money
Critical infrastructure plans of interest to nation-state actors
Detailed client information across multiple projects
Smaller IT budgets than the data they protect would suggest

Design professionals are more than twice as likely to face ransomware attacks compared to other industries, according to research from CyberPress and FalconFeeds.

DragonForce, a ransomware group that attacked O&S Engineers & Architects in February 2025, specifically targets architecture and engineering firms. They kn

Frequently Asked Questions

Does my professional liability policy cover cyber attacks?

Just 3rd party claims, if at all. Typical coverage within an E&O policy that is associated with cyber threats are usually called "Network & Security" Liability endorsements and these only cover 3rd party claims. These are claims from your clients alleging you (the design firm) spread a virus to them and would cover the costs to restore your client. There is usually no coverage for the design firm itself for a cyber breach it experiences and the internal expenses associated with it. That's why a standalone Cyber Liability policy is needed to cover these 1st Party expenses. Review your policy language carefully.

Is the cyber add-on to my E&O policy enough protection?

Usually not. Cyber endorsements tend to offer lower limits, narrower coverage, and more exclusions. And they usually only cover the expenses to restore a client or other 3rd party. Not the Design Firm itself.

Why are engineering firms prime targets for ransomware?

Three reasons: deadline pressure, valuable data, and inadequate defenses. Attackers know engineering firms can't afford extended downtime. That pressure makes engineering firms more likely to pay ransoms quickly.

What happens if client data or CAD files are breached?

You face immediate costs for forensic investigation, legal counsel, and notification. Longer term, you may face lawsuits, regulatory penalties, and reputational damage. Cyber insurance covers these costs. Your E&O likely won't.

How much does cyber insurance cost for design firms?

Premiums vary based on firm size, revenue, and security measures. Many design firms find coverage more affordable than expected, especially compared to the potential cost of an uninsured breach. For firms with Revenues of $1M to $5M the annual premiums can range from $1,000 to $3,000 depending on the limits and coverages selected.

What should design professionals do now?

Effective risk management services start with understanding your actual exposure.

Don't assume your current coverage is adequate. Pull your policy. Read the cyber-related language. Look for exclusions, sublimits, and gaps.

Then ask yourself:

What would two weeks of downtime cost in lost revenue?
What would you do if you paid out $50,000 to a fake invoice?
What would you do if you could no longer access your design plans and email account?

If those questions concern you, it's time for a real conversation about standalone cyber coverage.

At Risk Specialty Group, we're not just another insurance provider. We're your guide in navigating the complex world of cyber risk for design professionals.

We work with over 20 "A" rated carriers who specialize in architects, engineers, and design firms. We know what questions to ask because we've seen what happens when firms don't have the right coverage.

Ready to understand where you stand?
Just a Quote — For those who know what coverage they need
Conversation & Quote — For those unsure about cyber coverage gaps
Full 360° Review — Comprehensive risk analysis including emerging cyber exposures

Contact Risk Specialty Group: 713-552-1900 | info@riskspecialtygroup.com

About the Author

Travis Landers, ARM, is the President and Founder of Risk Specialty Group, a Houston-based insurance and risk management firm serving design professionals. A UT Austin McCombs School of Business graduate with over 25 years of entrepreneurial experience, Travis founded RSG in 2010 to help architects, engineers, and consultants navigate the complex world of insurance and risk management. Under his leadership, RSG has earned the IIABA Best Practices Agency designation multiple years running. Risk Specialty Group serves design professionals across Texas, Arizona, Arkansas, California, New Mexico, and Oklahoma.

← Jobsite Safety – Contract Tip of the Week Should I be concerned about a Set-off Provision? →



4801 Woodway, Suite 300E
Houston, TX 77056



713-552-1900 / 713-552-1900



info@riskspecialtygroup.com

Insurance

Risk Management

About Us

David Nelson

15:10 01 Apr 19

Risk Specialty Group has handled my micro-company's insurance for almost three years. They have consistently provided prompt, professional, friendly, and effective customer service. I am always sure that I have access to their "A" team and that they are in my corner. Of all my service providers, they are #1 in that department. 6 stars if I could.

Todd McMakin

16:00 04 Dec 18

We have been using the Risk Specialty Group for our company insurance for two years and have been very happy with our rates and with the customer service that we have received. They are always quick to respond to questions and requests. Highly recommended!

Su Young

18:52 04 Dec 18

Risk Specialty's owner is great to work with, excellent knowledge of the marketplace and clients' insurance needs. The staff is thorough, experienced and friendly. Great shop to consider for your insurance needs.

Elizabeth Schlitzberger

15:23 17 Jan 19

Very professional group with great attention to detail. They care about their customers! I highly recommend them!

Parallax Consulting Group

01:30 19 Dec 18

I am currently renewing my coverage for year (2) of my business. Everyone at RSG has been extremely helpful, while also being clear and concise with all my options and/or questions through every step of my growth, risk management and company success. I would highly advise and/or recommend RSG to anyone looking to find a firm you can count on...but most importantly, trust!