CANCUN, Mexico -- With only about 425 days left until zero hour, businesses must prepare now to minimize their exposure to liability from the Year 2000 computer bug, an attorney says.

Although companies in many industries are doing all they can to eliminate the exposure from their own computer systems, they still may be exposed to claims on several fronts, she said. The question of whether those claims are insured has yet to be resolved, especially because some of the defenses businesses use to avoid liability may also be used by their insurers to avoid coverage.

In the United States alone, Year 2000 remediation costs are estimated to top $600 billion, noted Julia Frost-Davies, an associate in the litigation department of Bingham Dana L.L.P. in Boston. Once litigation costs are factored in, that total could rise to $1 trillion, she said.

Faced with this potentially enormous liability exposure, many businesses are asking what kind of insurance coverage they will have, Ms. Frost-Davies said during a presentation at a seminar on the Bermuda market, sponsored by broker Park International Ltd. in Cancun, Mexico, last week.

"When insureds are sued, they will first turn to their CGL policies for coverage, asking whether their insurer will defend or cover them," she said.

In many jurisdictions, she noted, there is a broad duty to defend the policyholder under standard commercial general liability policies if the suit against the policyholder states a potentially covered claim, or if even only part of the suit's claims may be covered.

Indeed, she noted, insurers generally can avoid providing a defense only by seeking a declaratory judgment that none of the claims against the policyholder would be covered.

As a result, policyholders may be able to obtain coverage for defense of third-party Year 2000 suits, even in cases where indemnification is not assured, Ms. Frost-Davies said.

Another issue surrounding how CGL policies respond to Year 2000 claims is how coverage would be triggered.

Insurers may seek to argue that Year 2000 losses are the result of a known exposure and, therefore, are not fortuitous losses covered by the policy, Ms. Frost-Davies said.

"It's difficult to argue we didn't know the year 2000 was going to arrive," she said. It also can be shown that a policyholder hired companies to try to remedy the Year 2000 problem, she added.

Another issue is that "CGL policies often require property damage or bodily injury to trigger coverage," Ms. Frost-Davies noted. Many claims for coverage of Year 2000 lawsuits are not going to meet this threshold, she said.

Insurers also may argue that timely notice of a claim was not provided, thereby voiding coverage.

That argument will arise as a result of questions about what "occurrence" actually triggers coverage under the policy, Ms. Frost-Davies said. If it's successfully argued that the occurrence was the installation of defective computer equipment or software, that may have occurred several years ago. This could form the basis for an insurer to argue that it was not notified of a potential claim until years after the original occurrence, she said.

In addition to claims under CGL policies, the Year 2000 bug also is expected to trigger claims under directors and officers liability policies.

Shareholder and derivative actions are likely to follow any drop in a company's stock price allegedly caused by Year 2000 losses, Ms. Frost-Davies said.

Lawsuits against directors and officers most likely will assert a failure to adequately disclose Year 2000 problems, she said. This arises because the Securities and Exchange Commission requires that companies make adequate disclosure of risks, she said.

The SEC has issued specific guidance, available on its Web site at www.sec.gov, as to what sort of Year 2000 information must be disclosed by public companies.

One risk manager in the audience expressed concern about being required to disclose information about his readiness for the Year 2000 problem that could be used in a lawsuit against the company.

Ms. Frost-Davies pointed out that President Clinton recently signed into law legislation that gives companies some immunity from liability lawsuits and relief from antitrust statutes if they share information about dealing with the Year 2000 bug (BI, Sept. 21).

However, that law does not protect statements made in SEC statements, she said. But a provision in the Private Securities Litigation Reform Act of 1995 provides a safe harbor from shareholder litigation for companies that make forward-looking statements, as long as the statements are accompanied by cautionary language noting that actual results could differ from those projected in the statement.

Therefore, she said, "you have to be cognizant of what you are saying -- whether you are describing the current situation or forward-looking scenarios."

By the same token, some companies may be reluctant to disclose to their insurers any Year 2000 problems for fear of losing coverage if they are hit with a lawsuit.

But failure to fully and accurately disclose information about any known risks can be an even more powerful reason for the insurer to deny a claim, Ms. Frost-Davies warned.

In either case, the policyholder's goal should not be to broadly state that it has successfully eliminated the Year 2000 problem, but that it is taking all reasonable steps to do so, she advised.

An audience member echoed Ms. Frost-Davies' advice.

"The bet that the D&O underwriter takes is that the client has a reasonable plan for managing the problem. We can't evaluate how successful the client will actually be at eliminating the exposure, or we'd never write a policy," said Nicholas L. Bozzo, vp and underwriting manager-professional liability for Chubb Atlantic Indemnity Ltd. in Hamilton, Bermuda.

"As long as they have a reasonable plan and are disclosing efforts at remediation, that's their defense," he said.

"The standard for defense is whether (directors and officers) took reasonable steps," agreed Ms. Frost-Davies.

"You want to avoid blanket statements like 'We are Y2K-compliant,' or 'We are not Y2K-compliant,' " Ms. Frost-Davies said. "Instead, focus on providing the details of the steps being taken."

As a side issue, Ms. Frost-Davies warned the audience to also avoid broad statements in internal e-mails regarding Year 2000 remediation efforts or audits. In any lawsuit against a company, e-mails are routinely sought as part of discovery, she said. The danger is that they may suggest or demonstrate a scenario contrary to a company's public pronouncements of its Year 2000 readiness.

Other insurance coverage that may be triggered by Year 2000 claims include professional liability policies and business interruption policies.

Companies that specialize in Year 2000 remediation or consulting, in particular, are likely to seek coverage under their errors and omissions policies, Ms. Frost-Davies said. "If their efforts don't work, or only partially work, they will likely be sued," she said.

As for business interruption coverage, Ms. Frost-Davies said some claims are possible in the wake of Year 2000 problems. However, so-called soft crashes, or business slowdowns caused by computer problems, may not be adequate to trigger coverage, she said. Ultimately, the applicability of business interruption policies to Year 2000 will depend on policy wording.

In addition to looking at many of these coverage issues, insurers are also grappling with whether to add specific Year 2000 exclusions to their policies, according to Ms. Frost-Davies. Both the Insurance Services Office Inc. and the Assn. of British Insurers have developed Year 2000 exclusions for insurers to adopt.

However, if a specific exclusion for coverage of Year 2000 losses is added to policies in 1999 or 2000, the policyholder may be able to successfully argue that coverage therefore must have existed in 1998 and prior years, she said.

Ultimately, Ms. Frost-Davies advised that in addition to making sure efforts are underway to remedy the Year 2000 problem within an organization, companies should also be sure there are contingency plans in place in case those remedies don't work.