Insurance For Startups

Insurance For Startups

Small businesses have many of the same insurance needs as large companies, and there are resources to help entrepreneurs understand insurance categories.

Many first-time entrepreneurs believe their companies are too small to need insurance. Others don’t even think about it. They should all think again, according to industry experts.

“What we often see is folks forget about insurance. That’s the biggest issue,” says Jason Paulnock, managing director of Wells Fargo Insurance Services for Minnesota.

The second-biggest issue: New business owners assume their homeowners’ insurance will cover their home-based businesses. But a business is a different legal entity with different insurance needs than a home, Paulnock explains.

Many entrepreneurs do not know what types of coverage they need, according to Stacy Bury, small business team manager at the Christensen Group, a business insurance and employee benefit brokerage in Minnetonka.

“A lot of times it’s going to be—depending on what they do—their landlord requiring them to have insurance because they’re renting a space, or they might need coverage because they’re signing a contract with somebody for their services,” Bury says. “It’s not so much what they can afford as it is what they should have.”

Insurance 101

The Minnesota Department of Employment and Economic Development describes the different types of coverage a small business may need. Here’s a quick take.

  • Property insurance covers the physical building in which the business is located, and the company’s assets, including equipment, machinery, inventory, furniture, supplies and non-tangible assets, such as trademarks and copyrights.
  • Business interruption insurance covers earnings lost when a business must shut down temporarily due to fire or theft.
  • Liability coverage protects a business against losses that arise from legal responsibility due to death, injury or damage to a person or property resulting from negligence.
  • Fidelity bonds cover loss due to the dishonesty of employees.
  • Surety bonds guarantee a company will perform obligations described in a contract or imposed by law, mostly for construction projects.
  • Workers’ compensation insurance provides benefits to employees injured on the job.
  • Group health and life insurance provides medical and death benefits.
  • Product liability insurance covers losses incurred when an end user sues a manufacturer for bodily injury or property damage.
  • Cyber insurance protects companies from losses incurred when online customer or vendor data is stolen or compromised.

Business owners’ insurance generally covers property and liability losses, while enhancement endorsements can add coverage for other items, such as valuable papers and records, laptop computers that employees take on the road, and signage. Insurers include enhancement endorsements on their standard business insurance forms and usually include the price in the premium, Bury says.

“It’s kind of built for the small businesses to have those so they don’t have to try to pick and choose,” she says of the standard policies. “It’s a nice way of giving them good coverage for an affordable price.”

Restaurants, floral shops and other businesses that deal in perishable goods should buy spoilage insurance in case their refrigerators fail, Bury adds.

Many insurance companies offer business insurance packages for small companies, according to Pam McCarthy, who owns an insurance agency in Farmington and volunteers with the business support nonprofit WomenVenture in Minneapolis to advise small business owners on insurance needs.

“I always tell people to check with your current insurance agent. A lot of them offer business insurance,” McCarthy says. “Sometimes you can get discounts if you bundle.”

If an agent is unable to provide business coverage, the agent may be able to recommend another trusted agent, McCarthy adds.

Once a company grows beyond one employee, it must provide workers’ compensation insurance. It should also add employment practices liability insurance (EPLI), according to Paulnock. EPLI covers losses that stem from employee lawsuits over allegations of sexual harassment, discrimination, wrongful termination, breach of employment contract, negligent employment evaluation, and other issues, according to the Insurance Information Institute.

It used to be that only large companies needed to worry about such lawsuits, but not anymore. A small business without EPLI coverage could be devastated by defending itself against or losing such a suit. Insurers may include EPLI in their standard business coverage or offer it separately, as an endorsement.

Computer-borne threats

Small to midsize businesses are particularly vulnerable to losses from cyberattack, but they often fail to understand their risk, according to Beth Watkins, director of management liability for national insurance agency Marsh & McLennan in the Upper Midwest. That could be the result of all the media attention to major-retailer data breaches, including one at Target in 2013 and the larger hack of Home Depot customers’ credit card data in 2014.

A retailer will have more exposure to cyber-liability than a manufacturer will, but every business has confidential information that needs protection, Watkins says. Even if an employer outsources payroll, for example, the business would be responsible for notifying affected employees and responding to a breach of the payroll vendor’s data because the employer owns its employees’ payroll information, she explains.

Sensing confusion over cyber risk exposure from its small to midsize customers, Marsh & McLennan surveyed Minnesota businesses in 2013. Of the 167 respondents, 16 percent said they had purchased cyber risk insurance.

In 2014, the company expanded the survey to its customers across the country. Thirty-three percent of the 582 total respondents and the same percentage of Minnesota respondents to the national survey said they had cyber risk insurance. The company is still tabulating results from 2015’s national survey.

The stakes for small business owners rose in May 2014, when the Insurance Services Office Inc., a trade group that makes and issues policy forms and endorsements used by many insurance companies, began to offer a new exclusion clause in its business owners’ and general liability/umbrella policies.

The clause precludes coverage for unauthorized access to or disclosure of a person’s or an organization’s confidential or personal information, including patents, trade secrets, processing methods, customer lists, financial information, credit card information, health information or any other type of nonpublic information. The exclusion also applies if a company files claims for the costs of notifying those whose information has been compromised, credit monitoring, forensic or public relations expenses. The loss of, damage to, or inability to access or manipulate electronic data are also excluded.

Forensics to investigate a data breach generates the bulk of up-front cleanup costs, according to Watkins. If those costs are not covered, it could spell the end of the business, she says.

Companies around the world resist buying cyber-liability coverage, according to an independent survey done by the Ponemon Institute and conducted for Aon Risk Services. The survey results, released in April, showed that 52 percent of respondents acknowledged their risk of cyberattack would likely increase in the next 24 months, while only 19 percent said they had cyber insurance. Fifty-four percent said they had no plans to buy it, citing inadequate coverage, expensive premiums and other reasons.

Wild West of policies

Compounding business owners’ confusion about their risks is the lack of a standard cyber-insurance policy form, according to Nick Nierengarten, an attorney specializing in insurance matters for Gray Plant Mooty in Minneapolis. Different carriers use different names for similar types of coverage, and those plans may not offer the same protections.

“Even within a specific policy, there are a bewildering array of specialized definitions, exclusions, exceptions to exclusions and other limitations. This makes deciphering the policy (and what it covers and doesn’t cover) a daunting task and comparison of policies even more complex,” Nierengarten wrote in an email. “Hopefully, in the future the insurance industry will move away from the many and varied forms of cyber coverage and achieve some standardization. Right now, however, it’s the Wild West.”

Categories of cyber liability insurance include:

  • Breach response, which provides coverage for a computer security expert, notification of customers, public relations to handle reputation issues, credit monitoring and a breach coach—a legal expert who helps manage notification and regulatory issues. “Breach response is sort of a package,” Nierengarten says. “If there’s an incident, then the insurer brings on pre-retained experts to deal with these components, which can be pretty handy, especially for a smaller business to have all that capability immediately available.”
  • Regulatory defense and penalties coverage for claims brought against the company by the Federal Trade Commission or the Federal Communications Commission.
  • Liability coverage, which protects against customer claims.
  • Business interruption coverage for companies that must close temporarily due to a security breach.
  • Breach preparedness insurance, which gives a business access to a website that describes new laws and procedures, so they can stay abreast of cyber issues.
  • Data protection coverage.
  • Cyber extortion coverage.

“This is written on an à la carte basis so you can pick and choose that which you think is important,” Nierengarten says. “In order to really figure out what you really need, the insured needs to do a cyber-assessment.”

Retailers’ point-of-sale (POS) credit and debit card machines dominate current cyber-security concerns. More than 28 percent of the 2,122 data breaches discussed in the 2015 Verizon Data Breach Intrusion Report were POS intrusions.

“You’ve got to figure out what types of connections you have to the outside world, how you’re managing those connections, whether you need all of them, whether you’re evaluating evolving cyber threats and vulnerabilities, and how your connections’ products and services collectively affect the organization’s cyber-security risk,” Nierengarten says. “Those are the kinds of questions you have to drill down and figure out. All businesses are at risk, and ignorance is not bliss in this marketplace.”

Nancy Crotti is a St. Paul-based freelance writer and editor.