Protection when your expertise is questioned.
The foundation of every business insurance program.
Data breaches don't just happen to big companies.
- Professional Errors
E&O insurance covers your legal defense and any damages awarded, whether the mistake was real or merely alleged.
- Negligent Acts
Your policy covers the cost of defending against negligence claims and any resulting settlements.
- Failure to Deliver
Professional liability covers claims arising from missed deadlines, incomplete work, or unmet contractual obligations.
- Bodily Injury
General liability covers their medical expenses, your legal defense costs, and any settlement — up to your policy limits.
- Property Damage
Your policy covers the cost to repair or replace the damaged property, plus legal fees if the claim escalates.
- Personal & Advertising Injury
General liability covers defense costs and damages for claims of libel, slander, copyright infringement, and false advertising.
- Data Breach Response & Incident Management
Your policy activates a full incident response team: forensic investigators to determine the scope, breach coaches (specialized attorneys) to manage legal obligations, customer notification services, credit monitoring for affected individuals, and crisis PR to protect your reputation. These costs can exceed $150 per compromised record. The policy pays them directly — you don't front the money.
- Ransomware & Cyber Extortion
Your policy covers ransom payments (including cryptocurrency, when authorized by law), professional ransom negotiation, system restoration and data recovery costs, and business income lost during the attack. Leading policies also cover the forensic costs to determine whether data was exfiltrated before encryption — because a ransomware attack is often also a data breach.
- Social Engineering & Funds Transfer Fraud
Cyber crime endorsements cover social engineering fraud (an employee is tricked into transferring money), funds transfer fraud (a criminal tricks your bank into moving money from your account), and computer fraud (unauthorized access to your systems to steal funds). These are the fastest-growing category of cyber claims.
- Business Interruption from Cyber Events
Cyber business interruption coverage reimburses lost net profits and continuing operating expenses during the downtime. Contingent business interruption extends this to outages at your outsourced technology providers — so if your cloud host, payment processor, or SaaS platform goes down, you're still covered.
- Regulatory Defense, Fines & Penalties
Your policy covers regulatory defense costs, fines, and penalties arising from data privacy violations — where insurable by law. This includes HIPAA, CCPA/CPRA, state breach notification laws, PCI-DSS assessments, and GDPR if you handle EU data. Coverage extends to the cost of retaining specialized regulatory counsel.
- Media Liability & Digital Content
Media liability coverage handles legal defense and settlements for claims arising from your digital content — including defamation, invasion of privacy, copyright and trademark infringement in electronic media.
Any business that provides professional services, advice, or expertise to clients. If someone pays you for your knowledge, you need E&O coverage.
Nearly every business needs general liability insurance. If you interact with customers, work on client property, or have a physical location, you're exposed.
Any business that stores customer data, processes payments, uses email, or relies on computer systems to operate. The question isn't whether you're a target — it's whether you can absorb the cost when it happens. Small businesses are disproportionately targeted because attackers know they have weaker defenses and are more likely to pay ransoms quickly.
An accounting firm files a client's taxes with an error that triggers an IRS audit. The client sues for $200,000 in penalties, interest, and legal fees.
Without E&O coverage, the accounting firm pays for its own defense attorney plus any judgment — costs that can easily exceed annual revenue.
A delivery person slips on your wet floor and sues for $150,000 in medical bills and lost income.
Without general liability, you pay every dollar out of pocket — legal fees, medical costs, and the settlement. For many small businesses, a single uninsured claim means closing the doors.
A bookkeeper at your 30-person company receives an email that looks exactly like it's from your CEO, requesting an urgent wire transfer of $85,000 to a new vendor. She follows the instructions. The email was spoofed by a criminal. The money is gone within hours — transferred overseas and unrecoverable. Your bank says the transfer was authorized. Your general liability policy says it's not covered. Your crime policy has a $100,000 deductible.
Without a cyber policy with social engineering fraud coverage, the $85,000 loss comes directly from your operating budget. Add the forensic investigation to determine if your email system was compromised ($15,000–$30,000), potential notification costs if the attacker accessed other data, and the operational disruption while you lock down systems and retrain staff. Total exposure: $100,000–$150,000. The average small business cyber claim is $115,000 — and 60% of small businesses that suffer a major cyber incident close within six months.
A web developer builds an e-commerce site that crashes during a client's biggest sales event. The client claims $75,000 in lost revenue.
The developer's professional liability policy covers the legal defense and negotiated settlement, preserving the business and professional reputation.
A plumbing contractor accidentally floods a client's finished basement while repairing a pipe. The homeowner files a claim for $40,000 in water damage restoration.
The contractor's general liability policy covers the restoration costs and legal fees, keeping the business solvent and the client relationship intact.
A 15-person accounting firm's email system is compromised through a phishing attack during tax season. The attacker sits in the system undetected for three weeks, reading emails and harvesting client tax returns containing Social Security numbers, income data, and bank account information for 2,300 individuals. The attacker then uses the stolen credentials to send fraudulent emails to the firm's clients requesting wire transfers.
The firm's cyber liability policy covers the full incident response: forensic investigation ($45,000) to determine scope and close the vulnerability, breach notification to all 2,300 affected individuals ($35,000), 24 months of credit monitoring ($55,000), regulatory defense when the state AG opens an investigation ($60,000), and crisis PR to manage client communications and media inquiries ($15,000). The policy also covers three weeks of business interruption while systems are rebuilt. Total claim: approximately $280,000 — paid by the insurer, not the firm.
No statistics available
No statistics available
Contact us for exclusion details
Contact us for exclusion details
- Bodily injury and property damage (covered by GL and commercial property)
- Prior known incidents or pending litigation at policy inception
- Intentional, dishonest, or criminal acts by the insured
- War, military action, and certain nation-state cyberattacks (evolving area)
- Infrastructure failures outside your control (power grid, internet backbone)
- Failure to maintain minimum security standards specified in the application
- Unpatched known vulnerabilities beyond the carrier's grace period (typically 30–45 days)
- Loss of cryptocurrency held as an asset (vs. ransom payments, which are covered)
- Contractual liability assumed under agreement (unless specifically endorsed)
- Telephone or utility fraud not related to a network security event
Pricing varies by business
Pricing varies by business
Healthcare, financial services, and technology companies pay more because they handle regulated data (HIPAA, PCI, SOX) and face higher claim frequency. A healthcare practice may pay 2–3x what a general contractor pays for the same limits.
Revenue is the primary rating factor for most carriers. It serves as a proxy for the volume of data you handle and the business interruption exposure if systems go down. Premiums scale proportionally — a $5M revenue company pays roughly 2–3x what a $1M revenue company pays.
The more records you store — and the more sensitive they are (SSNs, health records, financial data vs. just email addresses) — the higher your exposure and premium. A company storing 100,000 patient records has fundamentally different risk than one storing 500 business email addresses.
Carriers actively underwrite your cybersecurity practices. Having multi-factor authentication (MFA), endpoint detection and response (EDR), encrypted backups, and a documented incident response plan can reduce premiums by 15–30%. Lacking these controls can result in higher premiums, higher deductibles, or outright declination.
Prior cyber claims — even small ones — signal elevated risk. A business with a recent ransomware claim will face higher premiums and potentially reduced coverage terms at renewal. Conversely, a clean claims history for 3+ years can earn premium credits.
If your business relies heavily on cloud providers, SaaS platforms, or outsourced IT, carriers evaluate your supply chain risk. Contingent business interruption coverage — which protects you when a vendor's systems fail — is priced based on how dependent your operations are on third parties.