slice icon Context Slice

Business Insurance Policies

Businesses face unique risks requiring specialized insurance coverage. Unlike personal insurance, commercial policies are often tailored to specific operations, industries, and exposures. Understanding business insurance helps evaluate coverage adequacy, interpret contract requirements, and assess risk management needs. For insurance fundamentals (deductibles, limits, policy structure), see sliceInsurance Primer.

General Liability (GL)

General liability insurance protects businesses from claims of bodily injury, property damage, and personal/advertising injury caused to third parties. GL is foundational business coverage—most commercial leases and contracts require it.

GL covers incidents like customer slips and falls, property damage from operations, and advertising claims (libel, slander, copyright infringement). It does not cover professional errors, employee injuries (workers' comp), or damage to the business's own property (commercial property insurance).

Typical limits are $1 million per occurrence with $2 million aggregate (total for the policy period). Higher limits ($2M/$4M, $5M/$10M) are common for larger businesses or high-risk operations. Limits are often stated as "per occurrence / aggregate."

Occurrence vs. claims-made matters for GL. Most GL policies are occurrence-based, covering incidents during the policy period regardless of when claims are made. Some professional services use claims-made GL, which only covers claims reported during the policy period.

Contract requirements often specify minimum GL limits (e.g., "General liability insurance with limits of not less than $1,000,000 per occurrence and $2,000,000 aggregate"). These requirements protect the contracting party—if your business causes damage, your GL pays rather than their insurance.

Errors & Omissions (E&O) / Professional Liability

Errors & omissions insurance (also called professional liability or professional indemnity) covers claims arising from professional services. E&O protects against allegations of negligence, mistakes, or failure to perform professional duties.

E&O is essential for service businesses: consultants, lawyers, accountants, architects, engineers, technology services, healthcare providers, and financial advisors. GL excludes professional services, so E&O fills that gap.

What E&O covers: Claims that professional services were performed incorrectly, negligently, or failed to meet standards. Examples include incorrect advice leading to client losses, missed deadlines causing damages, or design errors requiring rework.

Typical limits range from $250,000 to $5 million or more, depending on profession and risk exposure. Technology services often carry $1M-$5M limits. Professional services with high-stakes outcomes (medical, legal, financial) may need higher limits.

Claims-made basis is standard for E&O policies. This means coverage applies only to claims reported during the policy period. If you cancel E&O coverage, you lose protection for past work unless you purchase "tail coverage" (extended reporting period) that extends the reporting window.

Prior acts coverage (retroactive date) determines how far back E&O covers. A policy with a retroactive date of January 1, 2020 covers work done since that date, even if the policy started later. New policies without prior acts coverage only protect future work.

Directors & Officers (D&O)

Directors & officers insurance protects company leadership (board members, executives) from personal liability for management decisions. D&O covers claims alleging breach of fiduciary duty, mismanagement, securities violations, or employment practices.

D&O is critical for corporations, especially public companies and venture-backed startups. Shareholders, employees, regulators, and competitors can sue directors and officers personally for company decisions.

What D&O covers: Defense costs and settlements for claims against directors/officers. Common claims include shareholder lawsuits (alleging poor decisions reduced stock value), merger disputes, regulatory investigations, and employment-related claims against leadership.

Typical limits range from $1 million to $50 million+ for large corporations. Startups often carry $1M-$5M. D&O policies have separate limits for Side A (individual protection), Side B (company reimbursement), and Side C (entity coverage for securities claims).

Entity coverage extends D&O to protect the company itself for securities claims, not just individuals. Public companies typically need entity coverage; private companies may not.

Employment practices liability (EPL) is often bundled with D&O or sold separately. EPL covers employment-related claims (discrimination, harassment, wrongful termination) against the company and leadership.

Cyber Insurance

Cyber insurance (cyber liability, data breach insurance) covers losses from cyber attacks, data breaches, and technology failures. As businesses become more digital, cyber risk has become a primary exposure.

Cyber insurance covers first-party losses (your costs) and third-party losses (claims from others). First-party includes: business interruption from system downtime, data recovery costs, ransomware payments, notification expenses (required breach notifications), and credit monitoring for affected individuals. Third-party includes: claims from customers whose data was breached, regulatory fines, and defense costs.

What cyber insurance covers: Data breaches exposing customer information, ransomware attacks, business email compromise (BEC), system failures causing business interruption, and regulatory investigations. Coverage varies significantly between policies—some focus on data breaches, others include broader technology errors.

Typical limits range from $100,000 to $10 million+, depending on business size and data exposure. Small businesses often carry $250K-$1M; larger businesses with significant customer data may need $5M-$10M+.

Exclusions commonly include: known vulnerabilities not patched, intentional acts, war/terrorism, and certain types of social engineering. Some policies exclude cloud provider failures if the business didn't maintain backups.

Incident response services are often included: legal counsel, forensic investigators, public relations, and credit monitoring. These services help manage breaches effectively and are valuable even if claims don't exceed deductibles.

Workers' Compensation

Workers' compensation insurance covers employee injuries and illnesses arising from work. Workers' comp is mandatory in most US states for businesses with employees (requirements vary by state and employee count).

Workers' comp provides: medical expenses for work-related injuries, wage replacement (typically 60-70% of wages) during disability, death benefits for families, and rehabilitation services. In exchange, employees generally cannot sue employers for workplace injuries (exclusive remedy).

State requirements vary significantly. Some states require coverage from the first employee; others have thresholds (3-5 employees). Rates vary by state, industry, and claims history. High-risk industries (construction, manufacturing) pay higher rates than low-risk (office work).

Experience modification (mod factor) adjusts premiums based on claims history. A mod factor above 1.0 increases premiums; below 1.0 reduces them. Good safety records and low claims lead to lower mod factors and premiums.

Independent contractors are generally not covered by workers' comp, but misclassification (treating employees as contractors) can create liability. Some states have specific tests for employee vs. contractor status.

Policy Combinations and Gaps

Businesses typically need multiple policies working together. A technology company might carry: GL ($1M/$2M) for general liability, E&O ($2M) for professional services, cyber ($1M) for data breaches, D&O ($2M) for leadership protection, and workers' comp (state-required).

Coverage gaps arise when policies don't overlap properly. Common gaps: E&O excludes certain services (read exclusions carefully), cyber excludes cloud provider failures, GL excludes professional services (need E&O), and employment claims may need separate EPL coverage.

Umbrella/excess liability policies provide additional limits above underlying policies (GL, auto, etc.). Umbrellas typically require underlying policies to meet minimum limits (e.g., $1M GL required for $5M umbrella). Umbrellas are cost-effective ways to increase total coverage.

Contract Insurance Requirements

Contracts often require specific insurance coverage. Understanding these requirements helps evaluate contract risk and ensure compliance.

"Insurance requirements" clauses typically specify: types of coverage (GL, E&O, workers' comp), minimum limits, additional insured status (extending coverage to the other party), and certificate of insurance (proof of coverage). Requirements protect the contracting party—if you cause damage, your insurance pays.

Additional insured status extends your policy to cover another party. If a vendor is additional insured on your GL policy, your GL covers claims against them arising from your work. Additional insured status is common in vendor agreements, leases, and construction contracts.

Certificate of insurance (COI) provides proof of coverage. COIs show policy types, limits, effective dates, and additional insureds. Contracts often require providing COIs before work begins and maintaining coverage throughout the contract term.

Failure to maintain required insurance can breach contracts, potentially voiding indemnification or allowing termination. Some contracts require 30-60 days notice before coverage cancellation.

Key Numbers

Typical business insurance limits: GL $1M/$2M (small business) to $5M/$10M (larger), E&O $500K-$5M depending on profession, D&O $1M-$10M for startups to $50M+ for public companies, cyber $250K-$5M for small to $10M+ for large businesses.

Workers' comp rates: Vary by state and industry, typically 0.5% to 15%+ of payroll. Office work might be 0.5-1%, construction 5-15%+. Experience modification can adjust rates ±25-50%.

Premium payment: Commercial policies often allow 30-day payment terms. Late payments can trigger cancellation with 10-30 day notice depending on state and policy terms.

Common Misconceptions

"GL covers everything" — GL excludes professional services (need E&O), employee injuries (need workers' comp), and cyber incidents (need cyber insurance). Multiple policies are typically needed.

"E&O is only for mistakes" — E&O covers negligence, but also covers failure to perform, missed deadlines, and other service failures even without clear errors.

"D&O is only for public companies" — Private companies face D&O claims from investors, employees, and regulators. Venture-backed startups especially need D&O protection.

"Cyber insurance covers all technology problems" — Policies have exclusions for known vulnerabilities, certain attack types, and cloud provider failures. Read exclusions carefully.

"Workers' comp is optional" — Most states require it for businesses with employees. Operating without required workers' comp creates significant legal and financial risk.