When it comes to insuring your startup, the choices seem endless—and confusing. What types of insurance do you actually need, and how much? What can you skip? Daniel Struck, an experienced policyholder attorney and partner with the Insurance and Litigation Practice Groups at Culhane Meadows, weighs in.
Connecticut Innovations: Thanks for sharing your expertise, Dan. Let’s get right to it. What types of insurance coverage do high-tech startups need (keeping in mind that most are cash strapped)?
Daniel Struck: An assessment of the specific risks and liability exposures of any business is necessary to make accurate recommendations concerning that business’s particular insurance needs. Nonetheless, as a general matter, there are some commonalities in the insurance needs of startup companies. For any startup business, comprehensive general liability (CGL) insurance and property insurance (or possibly a business owner policy) likely are necessary. These two types of insurance are the most basic forms of business insurance.
- CGL insurance provides coverage for claims for alleged third-party bodily injury, property damage, personal injury and advertising injury. In other words, this type of insurance covers claims by non-employees that a business or one of its employees has caused injury to a third party or to the property of a third party. Of particular importance, CGL insurance requires the insurance company to defend the insured for any such third-party liability claims. However, CGL policies also contain a number of exclusions that limit what would otherwise be the expansive scope of the policies. Of relevance to a high-tech startup, CGL policies generally contain exclusions for intellectual property claims, such as patent or copyright infringement. In addition, CGL policies almost always exclude cyber-related liabilities such as data breaches or the theft of personal, financial or business-confidential information.
- In broad terms, property insurance provides coverage for damage or the loss of use of an insured’s property or business equipment as a result of a covered hazard. This is the type of insurance that provides coverage in the aftermath of a fire, a windstorm or some other casualty event. This type of insurance also may provide coverage for the business interruption (the cost of resuming operations and the loss of operations in the aftermath of an insured event). As with CGL insurance, however, property insurance typically contains exclusions and limitations that are relevant to a high-tech company. For example, the destruction or loss of data or the bricking of a device, particularly if that loss is the result of a ransom attack, is not likely covered under this type of insurance policy.
- Some businesses (depending on size, the nature of the business and its risks, and other factors) may be able to purchase a business owner policy (BOP), which is, in general terms, a combination of a CGL and property insurance. If available, there may be cost benefits to BOP insurance insofar as the premium for a BOP is typically less than the cost of separate CGL and property insurance policies. However, those cost savings typically mean that there will be fewer opportunities for customization or endorsements responding to the specific risk profile of an insured.
In addition, for any business with employees, state law likely requires workers’ compensation insurance.
The insurance needs of a high-tech startup are different from the insurance needs of other startup companies. In addition to the basic forms of business insurance discussed above, high-tech startups also should consider purchasing the following kinds of insurance: (1) cyber/media liability, (2) professional liability/errors and omissions (E&O), (3) directors & officers (D&O) and (4) employment practices liability (EPL). In some cases, fiduciary liability insurance also may be important. Each of these types of insurance provides coverage for categories of risk that may be significant for a high-tech startup.
- Cyber/media liability policies have a wide range of terms, but these policies typically offer a suite of insuring agreements that may include some or all of the following kinds of coverage: (1) privacy liability (covering potential third-party liabilities for the disclosure of private or business-confidential information); (2) data breach response (covering the costs of providing remediation such as notification, call center and credit monitoring in the aftermath of a privacy breach; (3) regulatory privacy violations (covering fines and penalties as the result of an unintentional breach of a privacy law or regulation); (4) first-party data recovery (covering the reconstruction or recovery of data following a covered event); (5) business interruption (covering the loss of operations and some costs of restoration in the aftermath of a covered event); (5) professional liability (covering claims that the insured committed errors or omissions in the course of providing technology-related professional services; (6) media liability (covering defense and liabilities associated with the publication/distribution of information); and (7) cyber-extortion (covering the costs of investigating and responding to a ransom attack). This list is not necessarily complete, and the scope of the insuring agreements provided under different policies varies widely. Given the range of policy terms and insuring agreements that are available, it is vitally important to be careful in selecting the cyber/media liability insurance form and insuring agreements that best fit the needs of an insured. But for a startup that is engaged in handling data, operates in the clouds, operates in the Internet of Things or provides a forum for exchanging information, the coverage provided by a cyber/media liability policy may respond to essential business risks.
- Professional liability (E&O) polices in general terms cover the defense and liabilities resulting from claims that an insured or its employees committed errors and omissions/breaches of duty in the course of providing services to customers. For a business that interfaces with and provides services requiring special expertise or skill to clients, this type of insurance may respond to key risks. As noted above, this coverage may be offered to some degree in some cyber/media liability insurance forms. But it is important to be careful in selecting the E&O insurance that responds to the risk profile of a particular insured.
- Directors and officers (D&O) insurance may seem like an unusual type of coverage to include in a discussion of insurance for a high-tech startup, but this can be an essential coverage for some businesses in the technology startup space. As a general matter, any business, public or private, that has officers and a board should consider D&O insurance to the extent that those key individuals may be exposed to claims that they committed breaches of duty in the course of acting as an officer or director. Moreover, it is good practice as a company grows to ask highly qualified or well-known outsiders to serve on a corporate or advisory board. The startup can benefit from the perspective of a qualified outside director. But an outside director almost certainly will require, as a condition of service, that the company backstop its indemnification obligations with adequate D&O insurance. Even if a startup decides to take the risk of going without D&O insurance, it is likely that such insurance will become a necessity as it brings in new management members and outside directors.
- If a business has employees (or even if a business is exposed to the risk that its freelance contractors will be characterized as employees), it should consider purchasing employment practices liability (EPL) insurance. Among other things, this insurance covers the defense and liabilities associated with claims of discrimination on account of race, gender, orientation, nationality and age. For businesses that often operate in a highly charged environment and that have highly skilled and compensated employees, the kinds of claims covered by EPL insurance can be extremely expensive and may arise with some frequency.
This list likely appears somewhat daunting. And it is, because there are a wide variety of challenges facing businesses in today’s economic and legal environment. Just saying “we have insurance” is not enough—it does not mean that the business has the appropriate insurance. It is important to treat insurance not merely as an expense item but as a potentially important asset that should be incorporated into the strategic planning for any business.
CI: What type of insurance is a must, and what can startups skip?
DS: The discussion above points to the dilemma of trying to provide a list of “essential” insurance coverage for a high-tech startup. It is equally difficult to provide general rules about what types of insurance are unnecessary for a young company. The particular risks for which insurance is necessary vary from company to company, and there really is no one-size-fits-all answer. In addition, potential customers may require that a company have certain types of insurance.
Determining what insurance is a “must” or can be “skipped” really is a function of the particular footprint of the potential insured. Does the company have employees? Does the company operate in a particular place and have equipment, or is the company really based on the expertise and ideas of the founder? Does the company handle personal information or provide services in the cloud? Does the company produce a tangible product, or does it provide services? Are officers and directors of the company concerned about the preservation of their personal assets? Is the company subject to insurance requirements from potential customers or business partners? These are a few examples of the kinds of questions that must be asked in order to determine what insurance is a “must” for a young company.
CI: Should startups use an agent or broker, or go directly to a carrier?
DS: As discussed above, it’s important to select the type of insurance and the insurance form that are right for the needs of a business. In some lines of insurance, the available scope and limitations of coverage are fairly uniform. But in other insurance lines, such as cyber liability and technology E&O insurance, there are wide differences in the scope of the coverage offered by different insurers, and it is important to find the coverage that fits the needs of a business. For this reason, there really is not a simple answer to this question. In my view, the most important considerations in selecting an insurance advisor include: expertise and knowledge about the insurance market, the risks facing a business, and the scope and impact of available coverages; the good judgment to be able to provide meaningful counsel about evaluating risk, completing insurance forms and the difference between a perfect solution and a practical solution; and the level of trust in the reliability of an adviser.
CI: Which milestones should trigger a change in a startup’s insurance policies?
DS: Anything that changes the risk profile of a business should trigger a reevaluation of the business’s insurance program. Some of the events that can trigger changes in an insurance program were discussed above and include things like the addition of new employees, asking outsiders to join an advisory board or conducting business over the cloud. As new operations or markets are added, insurance needs may change. With growth and increased competition or visibility, insurance needs may change. Legal or regulatory changes may trigger a need to reevaluate an insurance program. The simple answer to the question is that the reevaluation of a business’s insurance program should be an ongoing project insofar as insurance is not just an expense item but is an important business asset that can be an element of strategic planning.
CI: Thank you, Dan.
DS: You’re welcome.
Daniel Struck is a partner with Culhane Meadows and is part of the firm’s Insurance and Litigation Practice Groups. Dan advocates on behalf of corporate and individual insurance policyholders throughout the United States. Dan has represented clients in insurance coverage litigation and advocated on behalf of insureds in contested claims across the country, successfully securing the payment of defense costs, indemnification and first-party losses under a wide variety of circumstances. Reach him at firstname.lastname@example.org.