- D&O insurance and EPLI help cover management liability.
- Cybersecurity insurance has become increasingly important in the post-pandemic world.
- Make sure you’ve got enough umbrella coverage.
Whether you are a seasoned business owner or a new startup entrepreneur, your company will need some type of commercial insurance.
The reason: Without it, you might have to pay for expensive claims against the company out of your own pocket—a situation that could leave you in dire financial straits in no time. And depending on which state your business is located in, you may be legally required to have certain types of commercial insurance.
But there are some common commercial insurance mistakes that business owners should avoid. Take a look at our list—perhaps with your insurance specialist—and ask yourself whether you’re making any of these errors right now.
Mistake #1: No (or faulty) management liability insurance
Management liability coverage is obtained through two types of insurance: directors and officers (D&O) insurance and employment practices liability insurance (EPLI). These policies differ slightly from vendor to vendor, but in essence:
- D&O policies protect the company from the mistakes of officers and directors.
- EPLI policies provide liability coverage for wrongful acts related to employment. (The items most often addressed in EPLI are sexual harassment, wrongful termination and discrimination, but the policies cover claims for many types of inappropriate conduct in a business setting.)
Clearly, you can put your firm at great risk without these types of coverage. But even if you do have these policies in place, mistakes can be made.
Example: Does your company have shared limits between the D&O and the EPLI policies? Since legal costs are part of the policy limits, having shared limits can exhaust the amount of coverage quickly. The solution is to have separate limits.
Another example: You may not have third-party coverage in your EPLI. This covers an employer for liability claims brought by non-employees for EPLI acts committed by employees of the firm against outside parties—such as a vendor or customer. Often this coverage is not offered automatically, so it can be easily overlooked. What’s more, outside EPLI types of claims often are not covered by general liability policies—leaving businesses entirely exposed. The upshot: The more your business deals with the public, the more important it is to have third-party coverage as part of your EPLI program.
Mistake #2: Lack of cybersecurity insurance
We are all increasingly aware of cyberthreats to our businesses. Such threats are growing at an unprecedented rate. The move to virtual and remote working models that started during the pandemic—and may very well continue in some form for the foreseeable future—showed that businesses of all sizes can be vulnerable to security breaches, ransomware attacks and the like. A digitally spread-out workforce can create new vulnerabilities.
Yet surprisingly few business owners have put the proper insurance protections in place.
If your business stores client information data or receives electronic payments, a cybersecurity policy might need to be part of your commercial insurance program. And don’t think of opting out simply because you’re not a huge company. As noted, any size organization can be a target these days. Indeed, the impact of a data breach can be especially hard on smaller businesses: Losing a handful of clients because of a breach can prove deadly to a small firm.
All of these policies serve to assist clients in a number of ways after an attack. The policies available for this protection are evolving quickly to meet the needs of business owners, and insurers often have preventive measures available to assist in protection. Business owners need to let the insurers do their due diligence to properly assess the risk, and they must keep insurers updated about any IT-related changes. Remember: This insurance will not prevent an attack, but it will help mitigate the damage.
Mistake #3: Lack of social engineering fraud coverage
Many business owners and managers have not even heard of social engineering fraud—a relative newcomer in the world of fraudulent crimes.
It’s a type of fraud in which an organization is targeted and researched by criminals who gather information on top managers and executives from public records and deeper background sources. The criminals then use this information to essentially trick their targets into disbursing funds or giving out sensitive information. They might do this by posing as outside businesses with fake domains and web sites. They often flatter individuals—for example, by telling a CEO that they will let him invest in a venture because of his lofty position or because of his level of expertise. They usually back up the fraud with fake email chains and fake phone calls.
The social aspect of this fraud comes from the fact that the criminals bypass the usual safeguards a company has. They might, for example, demand that all conversations between them and a victim remain secret because of the sensitive nature of the topic.
If you’re a victim of this fraud, you’ll likely discover—too late—that your existing crime policy probably won’t cover it. It’s also not likely to be covered in your cyber policy—even though email and electronic means are used to perpetrate the crime.
Mistake #4: Lack of proper liability umbrella limits
No entrepreneurs want to think that their businesses will face a large liability. Unfortunately, the odds of that happening can be high, and certain industries have higher risks than others. That means business owners need the right level of coverage.
A general liability policy is the first line of defense. Once that is exhausted, an umbrella policy kicks in to cover larger claims. The potential size of these claims is what drives the decision on the amount of the umbrella policy limits.
Example: Consider a developer who builds and leases out shopping centers. All the tenant leases are triple net, so they carry their own insurance. The developer feels this is a safety net—so she carries only a small umbrella policy. But if the shopping center has a large liability claim against it, everyone will be named—including the owner (even if the issue occurred on a tenant site). If the settlement is so large that it exceeds the policy limits of the tenant, the developer will be next in line.
Mistake #5: Lack of hired and non-owned auto coverage
If your employees occasionally use their personal vehicles for company business, you need this coverage. We believe this coverage is overlooked by a surprisingly large number of businesses—even though it is both inexpensive and necessary for many companies.
Say you ask one of your employees to run over to the office supply store to pick up some items. On the way, the employee is involved in an accident—for which they are at fault and held liable. The employee’s personal auto policy would respond first, of course.
But if the claim exceeded the liability limits, guess where the claim would go—to your company! Without hired and non-owned auto insurance, you could have a very big financial outlay. Whenever the vehicle used is not registered to the company and insured on a commercial policy, the above situation exists.
Important: Say you have a commercial auto policy for your firm because you have several owned vehicles that are driven by employees. Even so, you still likely need hired and non-owned auto insurance if an employee uses his or her vehicle for company business.
Time to assess your risk exposure
These five mistakes are not an exhaustive list of the errors made with commercial insurance—but they do represent mistakes that we see made more often than most others. A knowledgeable insurance professional and plenty of due diligence can help you put in place the protection you need so you can concentrate on building your business instead of worrying about worst-case scenarios.
Next step: Seek out a commercial insurance professional who is a recognized expert in the overall insurance industry and who also has expertise with insurance issues in your particular industry. Better yet, find one who comes highly recommended by a capable professional you trust. Invite that individual to do their due diligence, and help them understand all aspects of your business. This takes a little time—but it is one of the best risk control strategies you can employ.