Business insurance

Insurance is the part of the business most operators ignore until they're in a situation where they wish they hadn't. Insurance isn't about expecting to collect, it's about ensuring that one bad event doesn't end the company. A few standard policies prevent nearly all catastrophic outcomes. Get them in place early; adjust limits as the company grows.

The essential policies

General Liability (GL)

Covers bodily injury and property damage claims. Customer slips in your office. Visitor gets injured. Someone sues claiming your booth at a conference damaged their equipment. Usually $1M per occurrence / $2M aggregate is the starting point.

Professional Liability / E&O (Errors & Omissions)

Critical for anyone who provides a service, software, or advice. Covers claims that your product or service failed to perform, caused financial loss, or had errors. A customer claims your software caused them to lose money. E&O covers the defense and potential settlement. $1M, $5M depending on customer profile.

Cyber / Data Breach

Covers costs of a data breach: forensics, customer notification, credit monitoring, regulatory fines, business interruption, ransomware recovery. If you store any customer data, this is non-optional. $1M, $10M+ depending on data volume and sensitivity. Be very careful about exclusions, many policies exclude social engineering or nation-state attacks.

Directors & Officers (D&O)

Protects directors and officers personally from claims by shareholders, employees, or regulators. Required before raising institutional capital. Becomes more important as the board grows. Without D&O, you cannot recruit experienced board members.

Employment Practices Liability (EPLI)

Covers employment-related claims: wrongful termination, discrimination, harassment, wage/hour disputes. Claims frequency is higher than most operators expect, across a company's life, statistically one of these claims is almost guaranteed. Critical once you're over ~25 employees.

Workers' Comp

Mandatory in most states. Covers injuries that happen during work. Usually cheap; administrated through payroll.

Employee Benefits (Health, Dental, 401k Fiduciary)

If you offer benefits, the administrator role creates fiduciary exposure. Fiduciary liability insurance protects against claims of mismanagement.

Business Interruption

Covers lost revenue if operations are interrupted by a covered event (fire, natural disaster). Included in most property policies.

Property Insurance

If you own real estate or have material office equipment. Becomes less relevant in remote-first companies.

Key Person

Covers the company if a critical founder or executive dies or becomes disabled. Usually purchased when the company has institutional investors who demand it.

What drives premium

• Industry, high-risk industries (construction, healthcare, crypto) pay more
• Revenue size, larger = higher premium (more exposure)
• Claim history, past claims raise premiums
• Controls, security posture for cyber; HR practices for EPLI
• Deductible, higher deductible, lower premium
• Limits, higher coverage, higher premium

Reading a policy, what to check

1. Named insured, is the legal entity name correct? Subsidiaries included?
2. Limits, per-occurrence and aggregate. Is the aggregate enough for multiple claims in a year?
3. Deductible / retention, what you pay before coverage kicks in
4. Territory, coverage worldwide or US-only?
5. Exclusions, read these. Often buried. Common exclusions: war, nuclear, intentional acts, pollution, prior acts
6. Claims-made vs, occurrence, claims-made policies only cover claims filed while the policy is active; need tail coverage when you switch insurers
7. Notification requirements, how fast must you notify of a potential claim? Missing the window voids coverage

Working with a broker

Don't buy insurance direct from carriers. A good commercial insurance broker:

• Shops multiple carriers for each policy
• Negotiates terms beyond just price (exclusions, endorsements)
• Advocates for you if a claim happens
• Reviews your coverage annually as the business changes

Interview 2, 3 brokers. Pick one who specializes in your industry + stage. Broker commissions are paid by carriers; you don't pay the broker directly.

Claims process

If something happens:

1. Document immediately (photos, logs, witnesses)
2. Notify the broker within 24, 48 hours
3. Don't admit fault or settle anything without the broker's knowledge
4. Preserve evidence, for cyber claims, don't wipe/rebuild systems until forensics team examines

Annual review

Insurance needs change as the business changes. Every year, review:

• Have revenue or headcount grown enough to raise limits?
• Any new lines of business creating new exposure?
• Any new countries or regulatory jurisdictions?
• Are customer contracts requiring higher limits than your current policies?
• Claims trends in the industry suggesting new policies needed?

What good looks like

• Core stack in place: GL, E&O, Cyber, D&O, EPLI, Workers' Comp
• Limits scaled to revenue and customer contract requirements
• Broker relationship with annual review
• Claims process documented so the first call happens within 24 hours
• Certificates of insurance can be issued to customers on same-day request

Related: Risk management basics · Data + IP protection · Cash flow forecasting

What to do with this

• Get general liability + E&O at minimum before first customer, basic coverage is cheap and non-negotiable
• Add cyber insurance once you handle customer data, breach response without coverage bankrupts small companies
• Buy D&O before accepting investors, board seats + outside capital require executive protection
• Review coverage annually as the business scales, policies written for $500K revenue won't cover $5M revenue
• Read the exclusions carefully, insurance declines happen on exclusions more often than on denied claims