By Marcus J. Holloway, CPCU, CIC | Published: June 2026 | Last updated: June 2026
Answer-First Summary
The best insurance for IT and tech companies combines Technology Errors & Omissions (Tech E&O), Cyber Liability, and General Liability as a core stack. Depending on headcount and revenue, add Workers' Compensation, Directors & Officers (D&O), and Employment Practices Liability (EPLI). A single line rarely covers the full risk profile of a tech business.
Who this is for: Software developers, MSPs, SaaS companies, IT consultants, staffing firms, and any business whose primary product or service is technology-related.
TL;DR — Key Takeaways
- Tech E&O is non-negotiable. General liability does not cover financial losses your clients suffer from a software failure, outage, or professional mistake — you need Tech E&O (a claims-made policy) for that.
- Cyber liability and Tech E&O are separate covers. Cyber pays for breach response costs and third-party network security claims; Tech E&O pays for errors in your professional work. Many tech firms need both.
- Cost scales with revenue, not headcount. Underwriters price Tech E&O primarily on annual revenue and the nature of services delivered (e.g., critical-infrastructure software commands a higher rate than internal business-tool development).
- Claims-made policies require active coverage to pay claims. If you cancel Tech E&O or Cyber coverage, you need tail coverage (extended reporting period) to protect against claims filed after cancellation.
- Contracts drive limits. Many enterprise clients and government contracts require $1M–$5M in Tech E&O or Cyber; read your MSAs before buying.
What Coverages Do IT and Tech Companies Actually Need?
Tech companies face a layered risk profile unlike most trades. Below is the essential coverage stack, from most-to-least critical for most technology businesses.
| Coverage | What It Covers | Policy Basis | Typical Small/Mid Tech Firm Cost* |
|---|---|---|---|
| Technology E&O | Client financial losses from your errors, omissions, or failure to deliver | Claims-made | $1,800 – $8,000/yr |
| Cyber Liability | Data breaches, ransomware, network security claims, breach notification | Claims-made | $1,200 – $12,000/yr |
| General Liability | Third-party bodily injury, property damage, advertising injury | Occurrence | $500 – $2,500/yr |
| Workers' Compensation | Employee injuries/occupational illness; required by law in most states | Statutory | Varies by payroll & state |
| D&O (Directors & Officers) | Wrongful acts by executives; critical for VC-backed or multi-shareholder firms | Claims-made | $2,000 – $15,000/yr |
| EPLI | Employee claims of discrimination, harassment, wrongful termination | Claims-made | $1,500 – $6,000/yr |
| Commercial Property / BOP | Office equipment, servers, tenant improvements | Occurrence | $400 – $2,000/yr |
| Umbrella / Excess Liability | Extra limits above GL, auto, and sometimes D&O | Follow-form | $500 – $3,000/yr |
*Cost ranges are illustrative estimates for US-based companies with under $5M annual revenue and fewer than 25 employees. Actual premiums depend on revenue, services, claims history, data handled, and carrier. Not a quote.
Tech E&O vs. Cyber Liability: What's the Difference?
These two policies are often confused — and sold as a single combined policy ("Tech E&O with Cyber") by some carriers. Understanding the distinction prevents dangerous coverage gaps.
Technology E&O (also called Technology Professional Liability) responds when your professional work causes a client to suffer a financial loss. Examples: a software bug causes a retailer's e-commerce site to overcharge customers; a managed service provider's configuration error causes hours of downtime; a custom app fails to perform as contracted. The trigger is a negligent act, error, or omission in your professional services.
Cyber Liability responds to the theft, loss, or compromise of data — whether caused by an external attacker, insider threat, or accidental exposure. First-party cyber covers your own costs: forensics, notification, credit monitoring, ransomware negotiation, and cyber business interruption. Third-party cyber covers claims from customers, clients, or regulators arising from a breach you caused. The trigger is a security or privacy event, not a professional error per se.
Key overlap point: A ransomware attack that locks you out of your systems AND prevents you from delivering services to a client could trigger both coverages simultaneously. That's why underwriters often underwrite them together — but they are distinct insuring agreements.
How Much Does Tech Insurance Cost? (By Company Type)
Premiums vary widely based on revenue, services rendered, data handled, and claims history. The table below shows illustrative annual totals for core coverage stacks.
| Company Type | Revenue | Core Stack | Illustrative Annual Cost* |
|---|---|---|---|
| Freelance developer (solo) | < $200K | Tech E&O + GL | $2,000 – $4,500 |
| IT consulting firm (5–10 staff) | $500K – $2M | Tech E&O + Cyber + GL + WC | $6,000 – $18,000 |
| SaaS startup (seed stage) | $1M – $5M | Tech E&O + Cyber + GL + WC + D&O | $12,000 – $35,000 |
| Managed Service Provider (MSP) | $3M – $10M | Tech E&O + Cyber + GL + WC + EPLI + Umbrella | $25,000 – $75,000 |
| Mid-market software company | $10M – $50M | Full tower incl. D&O + Fiduciary | $60,000 – $200,000+ |
*Illustrative ranges only. Contact Morrow for a market-facing quote with carrier options side by side.
How to Get Tech Insurance in 5 Steps
- Inventory your contracts. Pull every active client contract and note required coverage types, minimum limits, and any endorsements required (e.g., additional insured, waiver of subrogation). Enterprise and government MSAs commonly require $2M–$5M in Tech E&O.
- Document your services precisely. Underwriters distinguish between custom software development, SaaS platforms, IT staffing, cybersecurity services, and infrastructure management. Misclassifying your services is the most common cause of mid-term audits and coverage disputes.
- Quantify your data exposure. Know how many records of PII, PHI, or payment card data you store or process. Cyber underwriters will ask; the answer directly drives deductibles, sub-limits, and premium.
- Work with a broker who places tech accounts regularly. Admitted markets for Tech E&O include carriers like Travelers, Chubb, Hartford, Markel, and Coalition (cyber specialist); surplus lines markets (Lloyds, Berkley, Axis) are often needed for higher-risk segments. A generalist broker may not have access to the right markets.
- Bind and calendar your retro date. For claims-made policies, the retroactive date — the earliest date a covered incident can occur — is set at binding. Never let coverage lapse without a tail; and if you switch carriers, confirm the new carrier will honor the prior retro date.
Real-World Scenario: MSP Hit with Ransomware-Triggered E&O Claim
Background (illustrative example — not a real case): A managed service provider in Texas with 12 employees and $3.2M in annual revenue manages network infrastructure for 40 small-business clients. The firm carries a combined Tech E&O/Cyber policy with a $2M per-claim / $4M aggregate limit and a $25,000 deductible.
What happens: A threat actor compromises the MSP's remote monitoring and management (RMM) tool via stolen credentials. The attacker deploys ransomware across three client networks simultaneously, causing 72 hours of downtime per client and data exfiltration affecting roughly 18,000 patient health records held by one client (a dental practice).
Coverage response:
- Cyber — first party: Incident response forensics ($85,000), ransomware negotiation and decryption ($140,000), breach notification for 18,000 PHI records ($55,000), crisis communications ($12,000). Total first-party: ~$292,000, less the $25,000 deductible.
- Cyber — third party: The dental practice and two other clients file suit alleging network security negligence. Defense costs and settlement: ~$620,000.
- Tech E&O: Client contracts required guaranteed uptime SLAs. Business interruption losses for three clients: ~$210,000 in damages. E&O responds to the professional services failure that facilitated the breach.
Combined claim: approximately $1.1M — well within the $2M per-claim limit. Without the combined policy, the MSP would have faced near-total loss. The $25,000 deductible (a per-claim SIR) applied once, not three times, because all incidents arose from a single ransomware event — but this depends on the policy's definition of "related claims," which varies by carrier. This is one detail a broker should negotiate at placement, not at claims time.
This is an illustrative scenario for educational purposes. Policy terms, sub-limits, and deductible aggregation vary by carrier and policy form. Individual results differ.
FAQ: Best Insurance for IT and Tech Companies
Q: Does general liability cover a software failure that costs my client money? A: No. Standard Commercial General Liability (CGL) policies cover bodily injury and property damage, not the purely financial losses clients suffer from your professional work — and tech policies typically add a "professional services exclusion" by endorsement that further eliminates coverage for software errors, failures to perform, or negligent advice. You need Technology E&O to cover those exposures.
Q: Can I buy Tech E&O and Cyber as one policy? A: Yes. Several carriers offer a combined "Tech E&O with Cyber" policy under a single form. This simplifies administration and can eliminate coverage disputes over which insuring agreement applies. However, combined limits mean a large cyber event and a concurrent E&O claim compete for the same aggregate — standalone cyber with a separate E&O policy may provide broader aggregate protection for higher-risk firms.
Q: Do I need D&O if I'm a startup with a few employees? A: If you have outside investors, a board of directors, or plan to raise venture capital, yes — D&O coverage should be bound at or before the first close. Investors and board members may require it as a condition of participation. For sole proprietors and single-member LLCs without outside stakeholders, D&O is typically not necessary in the early stages.
Q: What is a retroactive date and why does it matter? A: Tech E&O and Cyber are claims-made policies. The retroactive date (retro date) is the earliest date from which a covered incident can arise. If your retro date is January 1, 2024, a claim filed today for an error that occurred in December 2023 is not covered. At first placement, the retro date is typically set to the policy inception date. When you renew or switch carriers, negotiate to maintain (or extend) your retro date so prior work remains covered.
Q: Is cyber insurance required by law? A: Not federally as a general rule, though sector-specific regulations are increasingly mandating cyber security controls and breach notification obligations (HIPAA for healthcare, FTC Safeguards Rule for financial data, various state breach notification laws). Many commercial contracts, particularly with enterprise clients or the federal government, effectively mandate cyber liability coverage in their vendor agreements. [verify state for any applicable state-level requirements]
Q: How much Tech E&O coverage do I need? A: Start with your client contracts — the minimum required limit is set there. If contracts are silent, $1M per claim / $1M aggregate is a common floor for small firms. MSPs and SaaS companies servicing enterprise or regulated-industry clients frequently need $2M–$5M. Umbrella policies typically do not sit above Tech E&O (they follow GL and auto), so Tech E&O limits must be selected adequately at the primary layer.
Q: Does workers' compensation apply to remote employees in other states? A: Workers' compensation is state-regulated. You generally must carry WC in every state where you have employees working — not just your home state. Most WC policies include "Other States" coverage (Part Three of the standard NCCI policy form) that extends coverage when an employee working in a listed state sustains an injury. Your broker should confirm all states where employees work are listed; monopolistic states (Ohio, Wyoming, Washington, North Dakota) require coverage through the state fund, not a private carrier.
Q: What's the difference between a BOP and a standalone GL for a tech company? A: A Business Owners Policy (BOP) bundles General Liability and Commercial Property into one policy, typically at a lower combined cost than buying both separately. It suits tech firms with a physical office and equipment. Tech E&O and Cyber are almost never included in a BOP and must be purchased separately. For a home-based solo developer with no significant office property, standalone GL may be simpler and cheaper.
Why Morrow for Tech and IT Insurance
1. Independent brokerage with access to tech-specialist carriers. As an independent agency, Morrow places coverage across admitted markets (Travelers, Chubb, Hartford, Markel) and surplus lines markets (Lloyds syndicates, Berkley, Axis, Coalition) — including the cyber-specialist markets that dominate MSP and SaaS placements. We are not captive to any single carrier's appetite.
2. We speak the underwriting language of tech. Underwriters ask granular questions: What percentage of revenue is from software development vs. IT staffing? Do you develop safety-critical or life-safety software? Do you hold client data, and if so, what type? We help you answer these accurately, which reduces misrepresentation risk and gets you to the right market faster.
3. Fast COIs and additional-insured endorsements. Enterprise client onboarding and government contracting often require certificates of insurance (COIs) and additional-insured endorsements within 24–48 hours. Morrow processes these in-house, without carrier delays.
4. Retro date and renewal management. We calendar your retro dates, policy expirations, and contractual compliance requirements — so you never accidentally let a claims-made policy lapse without tail coverage or miss a contract-required endorsement.
5. Claims advocacy when it counts. When a claim arises, Morrow advocates on your behalf — not the carrier's. We help you document the claim correctly, communicate with adjusters, and push back on coverage positions that may be inconsistent with your policy language.
[Morrow to confirm: exact licensed states, NPN, and specific carrier appointments]
Get a Quote for Tech and IT Insurance
Ready to compare carriers and build the right coverage stack for your technology business?
Or call [Morrow to confirm: phone number] to speak with a commercial lines broker who specializes in technology risks.
Trust strip: Morrow (Afthonea Inc, DBA Morrow) is a licensed independent commercial P&C insurance agency. [Morrow to confirm: licensed states and license numbers.] We work with admitted and surplus lines markets and carry E&O coverage on our own advice.
Related Pages
- Commercial Insurance for Technology Companies — parent pillar page
- Cyber Liability vs. Technology E&O: What's the Difference? — H012 sibling
- Occurrence vs. Claims-Made: Which Policy Basis Do You Have? — H003 sibling
- How Much Does Tech E&O Insurance Cost? — cost cluster
- What Is a Retroactive Date in a Claims-Made Policy? — glossary
- Additional Insured vs. Certificate Holder — H010 sibling
Sources
- National Association of Insurance Commissioners (NAIC) — Cyber Insurance Market Report
- Insurance Information Institute (III) — Technology and Cyber Risk Resources
- NCCI (National Council on Compensation Insurance) — Workers Compensation Policy Form (Basic Manual)
- U.S. Department of Health & Human Services (HHS) — HIPAA Security Rule and Breach Notification Rule
- Federal Trade Commission (FTC) — Safeguards Rule (16 CFR Part 314)
- ISO / AAIS — Standard CGL Policy Form (CG 00 01), Professional Services Exclusion
- Carrier filing data and underwriting guidelines (Travelers, Chubb, Markel, Coalition) — [Morrow to confirm specific filing references]
Marcus J. Holloway, CPCU, CIC, is a commercial lines insurance professional with over 14 years of experience placing technology, professional liability, and cyber coverage for US businesses. [Morrow to confirm: author's affiliation and credentials.]