Business Insurance: What Types of Coverage Do You Need?

General Liability: The Foundation Layer

GL insurance covers third-party bodily injury, property damage, and personal injury claims arising from your business operations. If a client trips and falls in your office, if your work damages a client's property, or if someone alleges that your advertising infringed their copyright, GL covers the legal defense and any resulting settlement or judgment up to policy limits.

GL is the most widely required coverage type: it is mandated by most commercial leases, required for most contractor licenses, and specified in the vendor or supplier agreements of virtually every enterprise client. The SBA identifies it as the baseline policy for any business that has physical contact with customers or clients or operates out of a commercial location.

Median annual premiums for small businesses (under $500,000 revenue) range from $400 to $1,500 depending on industry, with higher-risk sectors like construction or food service paying significantly more. Coverage limits of $1 million per occurrence and $2 million aggregate are standard for most small business applications. Businesses with more contractual exposure typically carry $5 million aggregate via an umbrella policy layered above the base GL.

What GL does not cover: professional errors (that is E&O), employee injuries (that is workers' compensation), intentional acts, and damage to your own property.

Professional Liability (E&O): Required for Service Businesses

E&O insurance, also called professional liability, covers claims that your professional services caused a client financial harm through negligence, errors, or omissions. If you are a consultant who provided advice that a client followed and lost money on, if you are a software developer whose code had a bug that caused data loss, or if you are an accountant whose tax filing contained an error that triggered penalties, E&O is the coverage that responds to those claims.

This is the coverage category most frequently purchased reactively — after a client threatens litigation. The problem with that timing is that E&O policies are claims-made policies, meaning the policy in force at the time the claim is made (not when the error occurred) is the one that responds. A gap in coverage, even a brief one, can leave prior work unprotected.

State licensing requirements mandate E&O for licensed professionals in most states: attorneys, real estate agents, insurance brokers, architects, engineers, and healthcare providers all typically face statutory E&O requirements. Consulting firms, marketing agencies, technology service providers, and financial advisors increasingly face E&O requirements through client contracts rather than statute, but the practical effect is the same.

Premiums vary widely by industry and risk profile. A solo IT consultant might pay $800 to $1,200 annually for $1 million in coverage. A mid-size management consulting firm might pay $15,000 to $40,000 for $5 million in coverage with a broad scope of services. The NAIC tracks E&O as one of the fastest-growing commercial lines by premium volume, driven by increasing litigation activity in professional services sectors.

Cyber Liability: The Fastest-Growing Required Coverage

Cyber liability insurance covers first-party losses (your own costs) and third-party claims arising from data breaches, ransomware attacks, business email compromise, and other cyber incidents. First-party coverage typically includes forensic investigation costs, notification expenses, credit monitoring for affected individuals, business interruption losses, and ransom payments (where legal). Third-party coverage responds to lawsuits from customers, partners, or regulators alleging inadequate data protection.

The enterprise market has effectively made cyber liability mandatory: most Fortune 500 vendor agreements now require cyber liability certificates from suppliers at minimum limits of $1 million, and many specify $5 million or higher for vendors with access to sensitive data. State-level data privacy laws (California's CPRA, New York's SHIELD Act, and similar legislation in 20-plus states) have increased the regulatory exposure for businesses that suffer breaches, which in turn increases the value of cyber coverage.

Premium data from AM Best shows average cyber insurance premiums rose approximately 28% from 2023 to 2025, as ransomware frequency and severity increased. The average ransom demand for businesses with under 250 employees reached approximately $1.2 million in 2025. For businesses with revenue under $5 million, annual cyber premiums range from $1,500 to $6,000 for $1 million in coverage, depending on security posture, industry, and data type handled.

Insurers are increasingly requiring minimum security controls as a condition of coverage: multi-factor authentication on all remote access, endpoint detection software, and documented incident response plans are now standard underwriting questions. Businesses that cannot demonstrate these controls may find coverage unavailable or prohibitively expensive.

Workers' Compensation: Legally Required in Almost Every State

Workers' compensation covers medical expenses, lost wages, and rehabilitation costs for employees injured on the job. It also provides death benefits to dependents of employees killed in work-related incidents. In exchange for this coverage, employees generally cannot sue their employer for workplace injuries, a tradeoff that benefits both parties.

Workers' comp is legally required in 49 states for businesses with one or more employees (Texas is the only state that does not mandate it, though most businesses carry it anyway due to contractual requirements). Sole proprietors without employees are typically exempt from the mandate but can purchase voluntary coverage to protect themselves.

Premium rates are calculated as a percentage of payroll, with rates varying dramatically by industry classification. Office workers might generate rates of $0.30 to $0.50 per $100 of payroll. Construction laborers might generate rates of $8 to $15 per $100 of payroll. Businesses with strong safety records can qualify for experience modification discounts that meaningfully reduce premiums over time.

The most common compliance gap for small businesses is misclassification of employees as independent contractors to avoid workers' comp requirements. State labor departments have increased enforcement of misclassification in recent years, and the penalties (retroactive premiums plus fines) often far exceed the savings from not carrying the coverage.

Business Owner's Policy: The Bundled Middle-Market Solution

A BOP packages general liability, commercial property insurance, and (increasingly) business interruption coverage into a single policy at a combined premium lower than purchasing each coverage separately. The SBA identifies it as the standard starting point for small businesses with physical locations and moderate risk profiles.

Commercial property insurance within a BOP covers your owned or leased business property, equipment, inventory, and sometimes improvements you have made to a leased space. Business interruption coverage compensates for lost revenue and ongoing expenses during a covered event that forces temporary closure.

The key limitation of a BOP is that it does not include E&O, cyber liability, workers' comp, or commercial auto — businesses need to add those separately. It also typically excludes flood and earthquake damage, which require separate coverage in high-risk geographic areas.

Directors and Officers, EPLI, and Specialty Lines

D&O insurance protects company directors and officers from personal liability for decisions made in their official capacity. It is most relevant for companies with formal boards, outside investors, or governance structures where fiduciary duty claims are plausible. Venture-backed startups typically purchase D&O at the first institutional financing round as a condition of investment, because sophisticated investors will not join a board without it.

EPLI covers claims of wrongful termination, discrimination, harassment, and retaliation by current or former employees. It is not legally required but has become strategically necessary for businesses with more than a handful of employees — employment claims represent one of the most common categories of small business litigation, and defense costs alone often exceed $100,000 even for claims that are ultimately dismissed.

Product liability insurance covers claims that a product you manufactured, distributed, or sold caused bodily injury or property damage. It is particularly important for businesses in the food, cosmetics, medical device, and consumer goods sectors. E-commerce businesses that source products from overseas manufacturers and resell them in the US often carry product liability as the manufacturer's home-country coverage typically does not apply to US-based claims.

What Coverage Actually Costs: The 2026 Market

Insurance premiums have increased meaningfully across most commercial lines over the past three years. Hard market conditions, driven by increased claims frequency in cyber and professional liability and by catastrophic weather events affecting property insurers, have pushed rates higher. The NAIC data through 2025 shows commercial property rates up approximately 12% to 18% year-over-year, cyber rates moderating from the extreme increases of 2021 to 2023 but still elevated, and GL rates roughly flat with modest increases in high-hazard classifications.

The business case for annual coverage review is straightforward: as your business grows, your exposure changes. A $500,000 revenue consulting firm has meaningfully different liability exposure than a $5 million one with enterprise clients and a team of employees. Coverage limits adequate at founding may be inadequate three years later. The flip side also applies: businesses that have substantially reduced a particular risk (exited a high-risk product line, for example) may be over-insured in some areas and can reallocate premium dollars.