Managed service providers (MSPs) play an important role in the IT and compliance spaces. Oftentimes hired as an independent contractor, MSP business owners may not realize that not only is business insurance important, in some states it could be required. The most important type of MSP insurance is tech E&O. This is followed by cyber liability insurance and commercial property insurance. While it depends on the size of your business and the state it is located in, workers’ compensation policies might also be required.
Why do MSP businesses need insurance?
Small businesses are three times more likely than a larger company to be the target of a cyberattack. Not only are the odds high that your clients are at increased risk, but MSP businesses are themselves targeted. Making matters more challenging, MSP businesses can also be held liable for attacks or the consequences of attacks, and if not handled correctly, the business can be fined by a regulatory agency. Even if your business operates with a zero trust framework, it can still suffer a data intrusion leading to costly complications for you, your clients, or both.
That’s why MSPs need to consider the following insurance policies:
- Tech E&O: Regardless of how many seats your business has, this policy is best for any MSP.
- Cyber insurance: This policy is best for MSPs that manage any sort of cloud network or have access to important information like HIPAA or PII.
- General liability: Best for a business that brings any sort of client on site or is renting a building.
- Workers’ comp: Best for any MSP that has employees.
- Inland marine: Best for an MSP that provides traditional infrastructure on site for the client.
Remember: It is always a good idea to review your specific business needs with an insurance agent to make sure the type of insurance and limits purchased are right for your company.
Tech E&O
Professional liability insurance, or errors & omissions (E&O), is a type of liability insurance designed for businesses in the professional service sector. The policy addresses claims that through the services of your business, a client suffered damage or harm. Usually, the damage is in the form of a financial loss. For example, if you fail to properly set up a firewall and then your client gets hit with an attack and loses income, then the service you offered failed to deliver and caused financial harm.
For MSPs, most insurance providers have created a specialized type of professional liability insurance policy called tech E&O insurance. This policy takes cyber liability, general liability, and professional liability and pulls elements of each coverage into one policy. For example, a quality tech E&O policy may cover a failure to prevent a disruption of service or personal injury caused by defamation through content.
Even if you think your software isn’t susceptible to the normal weaknesses or your confidence in your abilities is high, all it takes is an allegation and a lawsuit against your business to make your financial position uncomfortable. And that is where an insurance policy like tech E&O can help your business out. It will investigate the loss, provide defense if necessary, and if a payment or settlement is required, it will do so within the limits of the policy. The primary benefit of tech E&O is in providing financial assistance if a claim is filed against your business.
The cost of a tech E&O policy will vary significantly on a number of factors. However, a minimum premium between $600 and $700 annually is a good starting place.
Some E&O policies have a deductible. The deductible is the amount you agree to pay on a claim before the insurance covers any of the loss. So if you have a $2,500 deductible and a loss that is $2,000, you would handle it out of your own pocket. However, if the covered loss is $50,000 and there is a $2,500 deductible, the carrier would handle the claim less the $2,500 deductible.
Cyber liability insurance
While tech E&O helps your business if it makes a mistake, cyber liability insurance helps when it has suffered a cyberattack. Since the risk of cyberattacks is so high, this coverage is almost essential. Cyber insurance is broken down into two parts of coverage, known as first-party and third-party coverage.
First-party coverage: This helps an MSP with the related expenses to a loss like a data breach. If you need to notify impacted individuals, whether through a special website, snail mail, or both, cyber insurance can help with that cost. Some policies have provisions to help you hire a PR firm to handle the response. This portion of the insurance may carry a deductible.
Third-party coverage: Building on the example above, third-party coverage can help with people who are impacted by a data breach file suit against your business.
Some insurance companies make a tech E&O policy that includes cyber insurance. If that is the case, review the policy to make sure it has all of the coverage you would need. Conversely, some insurance companies will offer a cyber endorsement on the property policy. This may not have enough coverage, and in a situation like that, it is better to still purchase a standalone MSP cyber insurance policy.
Alternatively, you may think since all of the data is hosted in a cloud, you don’t need cyber insurance. But if your business stores any data, even as a backup, then your company is still at risk for an expensive loss and you’ll want to consider cyber insurance.
For a smaller MSP, cyber insurance costs can range from $800 to over $2,000 annually.
General liability
Commonly called slip and fall insurance, general liability is the most common type of small business policy. It protects your business in three different categories:
- Bodily injury: An example of bodily injury would be a customer slipping, falling, and being injured while inside your office.
- Property damage: An example of property damage would be if someone’s property was damaged due to business operations.
- Personal or advertising injury: An example of personal and advertising injury could be someone accusing your business of defamation in a commercial. This can include copyright infringement coverage.
While general liability is a common business insurance, depending on how your MSP operates, it may not be necessary. If your MSP has a space where clients are regularly inside of your business, then general liability is essential. Or, if you rent an office space, the landlord may require it since general liability covers damage to rented premises.
However, if you run the MSP out of your home and you only meet with customers or potential clients on site or at a public venue, then you may not need this coverage. This is especially true if your tech E&O policy includes copyright coverage or protects you from claims of defamation from your content. Ultimately, the best course is to review your specific business structure and operation with an agent to make sure you’re only purchasing the insurance you actually need.
Of the policies described in this guide, general liability is likely the most affordable. Most standard policies for IT consultants start around $250 to $350 annually.
Workers’ compensation
Workers’ compensation insurance is required in every state except for Texas and South Dakota. However, even in those states, there are some requirements that still make it required. Workers’ comp is important because it helps an employee who suffers an injury or becomes ill because of their job by helping defray the cost of the medical bills, providing some form of income while not working. If the employee dies from the injury or tragically, something happens at work that results in a death, workers’ comp will pay a death benefit to the family.
Helpfully, workers’ comp in most states shields employers from liability exposure when an employee becomes injured or ill.
The threshold for when workers’ comp is required varies depending on how many employees your company has, including how many are part-time or full-time, and the state where your business operates. If your business is in multiple states, you’ll likely have to follow multiple state requirements for workers’ comp. The requirement threshold changes from state to state. For example, in Florida it is four employees, while in New York it is required for any business with one employee.
Every state has a workers’ comp government agency that publishes the state specific guidelines. The best course of action is to review those and the business relationships your company has with your customers and then double check everything with your insurance agent.
Workers’ compensation premium is calculated using a standardized formula that takes into account the number of employees, payroll, claims history, and classification codes for the employees. The most important thing to understand about workers’ comp premium is that every year the insurance company will perform what is called a workers’ comp audit. The audit will determine if the company overpaid or underpaid on its premium based on how many employees are on file. This means there is a chance your MSP could end up owing the insurance company extra at the end of the year or receiving a reimbursement on the overpaid premium.
Inland marine insurance
Commercial property insurance is a type of insurance and also a category for insurance policies. Standard commercial property is what you would purchase to insure an actual building. If your MSP is large enough that it owns a building, then you will need commercial property insurance, and likely, the bank holding the loan will require it.
But for most MSPs, the type of IT insurance you’ll need will depend on the type of infrastructure your business offers. If your business provides the traditional infrastructure on site for the customer, then the computers, hardware, routers, and anything else will need to be insured. That’s what inland marine insurance is for: It covers property you own that isn’t at your business location. The coverage travels with the equipment.
However, if your MSP operates with a cloud-based infrastructure provided through virtualization, then you will only need to protect your property on-site. For that, a business personal property policy will be sufficient. When trying to determine what business personal property covers, picture if you could pick up your office, flip it over, and shake it. Whatever falls out is what you’d want covered. So computer monitors, towers, office furniture, or kitchen equipment are all things you’d likely want to insure.
Since inland marine insurance is first-party coverage, this means you will be responsible for a deductible every time you file a claim.
If your MSP is a home-based business, don’t assume your homeowners insurance will cover your equipment if you have a loss. If your equipment is used exclusively for work, there is likely an exclusion on your homeowner’s policy for business property.
How much does MSP insurance cost?
When surveying how much other MSP businesses pay for insurance through online forums, the average price runs from $1,000 to $3,000 for all of the core policies an MSP should consider. This seems in line with the range I was able to find for different premiums from various insurance companies.
When insurance companies calculate the cost of IT insurance, they consider multiple data points about your business. Some of the important factors to take into consideration are:
- What is the projected annual revenue? A higher revenue MSP (revenue over $1 million) will see a higher premium than one that is just starting out or has a lower annual revenue. One reason is the revenue your business earns is indicative of the number of clients you work with, thus helping the carrier calculate its risk exposure.
- Who hosts the data? Is it a datacenter you use, or do you host and store customer data on your own equipment? This is another major factor in the premium. If your MSP is the one that hosts customer data or stores any sort of important personal information, this will increase the cost of your insurance.
- Is your MSP a new business? The years of experience your company has is important for carriers. In fact, some providers will not insure a brand new start-up company.
- Have you filed any claims? Your claims history is unfortunately a big player in the premium you pay. If your MSP has filed a claim within the last five years, don’t be surprised if your premium is high.
- Where is your business located? Even though much of what the MSP does is virtual or in the cloud, where your business is located and operates matters. Different governments, both local and state, can enforce fines related to compliance and data storage and customer notification. An insurance company wants to know if there is a chance it may have to help pay a million dollar fine or one that is substantially smaller.
Who hosts and stores the data is an important question to answer honestly during the quoting process. If you state you do not store any data but subsequently, during a claim it is discovered that your MSP does store customer data, the entire policy could be invalidated for material misrepresentation.
How to choose IT insurance policies
IT Insurance is an important part of any data breach response plan. So it is important to make sure you are choosing the right policies for your business. The best way to do so is to meet with a licensed agent or broker in your area who can review your specific business structure, operations, and needs and then recommend which policies are best. If possible, find one that works with multiple carriers so that you can get several quotes for the same type of insurance and then get one that gives the best value for your money.
Some general guidance on choosing the right policy:
- Do you have any employees?
- What type of equipment do you use, and where is it located?
- Do you enter into contracts with your customers?
- What type of services does your MSP offer?
- Do you store customer information?
The answer to the first question will help you figure out whether you are required to purchase workers’ comp.
Question two will help you narrow down what type of property insurance you’ll need.
If you answer yes to question three, then you’ll really want to consider a tech E&O policy.
Finally, questions four and five touch on the importance of cyber insurance for your business.
Bottom line: IT insurance protects MSPs and supports their clients
When it comes to a business operating smoothly, MSPs provide an invaluable service. While you can take every precaution, sometimes things just happen. Whether it is an office fire leading to smoke damage to your equipment to a bad update causing a client to be locked out of their system for some costly days, MSP insurance is the backup that any IT business needs to help with the unexpected.
MSPs need to consider many paths when launching and running their business. Read our guide to marketing custom channel products to learn about creating new selling opportunities.
Frequently asked questions (FAQs)
Is insurance required for MSPs to be CMMC compliant?
No, insurance is not a requirement for compliance with DoD contracts. That said, MSP cyber insurance is still a good idea because it will make your company more financially secure.
Is MSP insurance worth it?
According to a recent study by IBM, the cost of a data breach in 2024 has risen 10% to almost $5 million. MSP insurance helps with defraying those costs so that your business doesn’t have to scramble to find millions of dollars to deal with a breach.
What type of insurance should an MSP purchase?
The type of insurance an MSP should get will depend on several factors like the size of the company, how it operates, and what type of service it provides. However, tech E&O and cyber liability insurance are both key coverages. Some other coverages like workers’ comp or general liability may be required.