Insurance 101 for small businesses

When it comes to insurance, you need an expert steer right from the start. So we asked our friends at Superscript to collaborate with us on producing this guide for you. In fact, they did all the hard work! They're experts when it comes to advising small businesses about getting the right protection in place for both everyday and unexpected risks.

Here's what they consider to be the ultimate insurance 101 for small businesses and startups. You'll see that they identify 8 categories that you should all have on your risk-management radar.

What is it?

If your business causes an injury to a member of the public, or damage to their property, public liability insurance will cover you for any resulting legal and compensation costs.

'Members of the public' include clients, suppliers, contractors or anybody else not employed by you. (Employees are covered by employer's liability insurance - further down our list.)

Who needs it?

All businesses, including freelancers. Accidents can happen to any business: big, small, bricks and mortar or online. Many customers now insist that their suppliers have it, so that you don't cause disruption or damage to their businesses when something goes wrong at your end. So, you're likely to be at a competitive disadvantage if you don't have it.

Even if you don't have visitors to your premises, you could still cause damage when visiting a client, at an industry event, or while out and about filming or conducting other activity on behalf of your business.

There's also a common misconception that you'll automatically be covered by your co-working space, if you work out of one, so don't get caught out.

Things to watch out for…

• Check you're covered for the right things, based on your business activities. For example, if your employees are working at heights, operating equipment in public, driving vehicles and/or carrying out activity in public spaces (especially regularly crowded ones like stations and shopping centres), you'll need to ensure your policy provides you with the right protection.
• And when you're signing trade contracts or conducting new activities, check that any requirements are covered by your existing policy - and if they're not, remedy this before you sign. Failure to do this could mean you're in breach of your contract (often in respect of something that's considered a key warranty), potentially making other aspects of the contract null and void, or giving the counterparty a reason to bring a legal claim against you.

What is it?

Professional Indemnity insurance (or PI) covers you if something goes wrong when you're providing a professional service to an individual or business. That means your insurer will pick up the bill for any financial, sales or reputational damage that could affect you or your client as a result of the advice or service you carry out.

It will cover, for example, a mistake in the plans or designs that you produce for a customer, if there's a fault in any software that you've delivered, or if an employee accidentally sends confidential information to the wrong customer. In each case, the customer can bring an action against you for the damage that they suffer in consequence.

Who needs it?

• If your business gives advice, consultancy, offers a professional service or handles data or intellectual property belonging to your customers, you may need professional indemnity cover. It's relevant for PR and marketing consultants, designers, web-developers, IT consultants, spa treatment providers, personal trainers and tutors, amongst many others.

• Professional indemnity insurance may also be compulsory for members of some professional bodies, due to regulatory requirements. Solicitors, financial advisers, accountants, architects and some healthcare professionals fall into this bracket, to name a few. (You should always check the rules and guidelines published by your industry regulator.)

• Check your client contracts too - even if you're not regulated, you may be legally obliged to have this cover in your contractual commitments.

• Though it's clearly never going to be one of your marketing messages, the fact that you have this cover in place provides reassurance for clients, who'll want to know they'll be covered if you get your advice wrong.

Things to watch out for…

• Make sure you correctly disclose the full nature of your business activities to your insurer; as if they don't understand your business properly, they can't ensure you're adequately protected. It's also important to note that it's the customers duty to disclose anything that would influence the underwriter's decision to insure the risk, and on what terms. If they don't, they could deny a claim or a proportion of it.

• And just as your business won't stand still, neither will your risk position - so keep your cover under review. It's especially important if you have customers in the US or provide legal, financial, cyber or medical services, where you may require specialist insurance protection.

• Make sure your cover is sufficient, and don't be afraid to ask questions about what an insurance provider proposes, making sure that they've fully understood your risk profile. Think about the financial impact if the worst happens. Sometimes (although not for everything), you can cap the level of your liability to a customer if something goes wrong, but the cost that you need to insure may be significantly greater than this figure. Don't forget to factor in a reasonable estimation on the cost of legal fees, and the possibility that you may face more than one claim in the same period.

• Also, have you checked the details of your own supplier contracts? Ensure that those whose work may have a knock-on effect on the quality of your own service also have PI cover.

What is it?

Cover that protects you in the event of a data breach or a cyber attack (e.g. hacking or a virus), for a breach of data protection laws (where insurable by law) and your liability for handling data. It can also provide cover for extortion, system rectification costs, PR expenses and financial loss due to system downtime.

Who needs it?

Of course, the extent of your risk and how far you need your cover to extend, will depend on the type of business that you're in. While fully digital businesses are prime targets for cyber threats, few businesses operate entirely offline these days. Even if you're not 'in the cloud' or handling 'big data', this cover is relevant to you if you have a website, run your business from Facebook, use data-servers or use even the most basic online software. It could be as simple as leaving your laptop on the train, or emailing data to the wrong person, which could affect pretty much anyone.

Things to watch out for…

• Keep track of the data you hold and make sure you're fully compliant with your legal obligations on data handling and systems integrity. With the new data protection regime (the GDPR) which came into force on 25 May 2018, your obligations for lawful data handling will increase significantly. (See our guide: What does GDPR mean for your small business?, and its supporting suite of checklists and other materials, for relevant guidance on data handling.)

• Within the boundaries of your legal obligations, don't hold on to data that you don't need and can lawfully delete. Anonymise personal data belonging to any of your customers where you can.

• Hold your data securely and ensure it's well backed up in case of an equipment or system crash or other data-retrieval fail. Cyber liability often goes hand in hand with professional indemnity liability, so make sure your choice of insurance provider has a good technical handle on how these two covers fit together.

• When you take out a cyber policy, you'll need to disclose the type of data you're holding. If you're holding financial or other particularly sensitive information, make sure you disclose and describe it very clearly.

• If anything changes, notify your insurer promptly to avoid being left without sufficient cover. And if you're not sure, either about what you need or about a potential claim, get expert help as soon as possible.