Your Complete Guide to Business Insurance (for Tech Companies)

Lovable’s Elena Verna on evolving AI pricing from usage to value

As a finance and growth leader, I’ve seen AI break every pricing assumption we had about SaaS.

On December 10th, join Lovable’s Head of Growth, Elena Verna, for a candid conversation about how they’re navigating that shift. She’ll share how Lovable is experimenting beyond usage-based pricing, why predictability still matters for enterprise buyers, and what signals point toward outcome-based value. If you’ve been wondering what “good” looks like for AI pricing, this is the conversation to join.:

As a tech CFO there are few times I feel dumber than when I’m thumbing through insurance options. It's not that it's inherently difficult like a physics problem might be… it's more that the whole process is (intentionally?) vague and full of "well, it depends."

Like, give it to me straight, doc.

Running any business comes with taking on some sort of risk. If you don't undertake risk, you aren't doing something worthy of people giving you money.

Now I know what you're thinking:

And I would respond, exactly!

But here's the thing - unlike manufacturing companies with obvious physical risks, tech companies face invisible but potentially company-ending liabilities. A single data breach (Solarwinds!), faulty algo (Zillow Offers!), or employment lawsuit (Uber!) can destroy years of value creation faster than any industrial accident ever could (ok, maybe not any industrial accident… Three Mile Island was pretty bad).

That's why insurance for tech companies is so confusing. It's hard to quantify and bucket risk you can't see.

What I'll attempt to do in this post is demystify the types of business insurance tech companies typically need, and give you current pricing estimates so you don't get taken to the cleaners.

When you start out, there isn't much to protect. You’re just three guys in a garage trying to chase the dream.

But as you grow, you build into this hierarchy:

Survival Insurance → Revenue Protection → Operational Insurance

Let's break each down.

When you take on fundraising you are required to get what they call Directors and Officer's Insurance (D&O). This makes sure that if you do some shady stuff (like not paying employees wages) the board members (directors) don't get sued personally. That would be called "piercing the corporate veil."

D&O protects the company’s decision makers. Claims can come from shareholders, investors, lenders, regulators, and competitors. And these lawsuits have tripled since 2020. Stuff that might apply:

Within D&O you can add more specific insurance policies like Employment Liability Insurance (EPLI) which protect against the hairy problems like discrimination, harassment, and wrongful termination. Think of it as an add on module.

Even if you don't do anything wrong (I would never dump chemical waste in the Charles River!), you still have to defend yourself. There will always be crazy, bitter employees or competitors. For some competitors, taking you to court is part of their strategy. Defense costs alone can hit six figures, and that's covered under D&O.

Some Unofficial Estimates:

An important aside - sector matters enormously. AI/ML, fintech, healthtech, and crypto companies pay 2-3x these rates because insurers are terrified of regulatory risk. There are more unknowns.

You typically need $2M-5M of D&O coverage as a venture-backed private company. In recent years, we've seen companies gravitate toward the higher end. So budget $15K-35K annually for solid coverage.

On the bright side, the cost per million of coverage goes down as you buy more.

The next policy is Tech Errors and Omissions Insurance, purchased before you start making real money from your tech.

Think: could your product cause an outage and take down your customer's systems, preventing them from making money?

This covers the stuff that keeps CTOs awake at night:

How It Actually Works When Shit Hits the Fan

As we mentioned with D&O, when you get sued, the insurance company will hire a lawyer to respond to the lawsuit and work with you through the case. These defense costs are covered under your E&O policy.

But here's the catch - defense costs eat into your total coverage limit. If your insurance company pays $250K defending you and you have a $1M policy limit, you now only have $750K left to pay any settlement. Go over that, and you're paying out of pocket.

Legal defense alone can easily hit $200K-500K before you even get to a settlement.

And the limits do not reset each year for the same incident. In other words, if you have $2m in coverage and it costs you $250k in year one to defend, on Jan 1 your balance doesn’t reset back from $1.75M to $2m.

This is a big consideration when you think about coverage limits.

Ok, a few notes on cyber. Since 2020, cyber has largely separated from E&O because claims increased 300%. This covers:

And we’re embarking on a new frontier with AI - If you're building AI products, insurers are starting to ask specific questions about algorithmic bias, decision-making processes, and training data. This space is evolving fast.

Current Pricing for Tech E&O + Cyber:

Something I recently learned: E&O excludes slip and fall type claims when someone injures themselves. That’s squarely in the domain of general liability policies, which we’ll cover next. So remember… E&O covers financial damages, not physical damages.

The third purchase is typically a Business Owner's Policy (BOP), sometimes called business liability, comprehensive liability, commercial general liability, or just GL for short. Tomato, tomahto.

A BOP combines general liability with property insurance to form a package policy, plus some fringe coverages (Russian nested doll vibes).

It protects your company from three key areas:

You typically purchase this when you get an office or start having clients visit. Yes, I know we're in tech, but what if you have a quarterly business review with a major partner and they slip on the steps coming in? People are clumsy, and we’ve all seen the commercial below.

The "advertising and personal injury" part is confusing because it doesn't necessarily involve bodily injury or property damage. These claims come from libel, slander, and copyright infringement - like talking shit about your competitors in a way that damages their business. It’s bundled into this policy (I think) because the internet didn’t exist yet when it became standard.

Pricing: Usually $1K-5K annually for basic coverage. Pretty reasonable compared to everything else

And Remember: Employment issues like harassment do NOT fall under GL. That's why we need EPLI under your D&O, which we hit on earlier. (Coyle Group)

For a typical Series B company ($10M-30M revenue), budget $40K-60K annually for comprehensive coverage.

If you're in a higher-risk sector like fintech, AI/ML, or healthtech, bump that up to $60K-$80K. Yes, that's up about 30% from pre-2020 levels, but it's still a hell of a lot cheaper than one major lawsuit.

The key is getting ahead of it. Like I said earlier - shopping for insurance after you need it is like trying to buy flood insurance during a hurricane. You’re lucky to find an inflatable raft.

Start clean, stay covered, and sleep better at night. After all, that’s what you’re really buying.

The great and powerful Greg Henry returns. Last time we talked to him he was CFO of Couchbase. Now he’s at OnePassword kicking off a new chapter.

On this episode we go deep on how to comp sales reps on PLG models vs field sales. We discuss how forecasting changes when the product does the selling, how to think about comp and pricing in a usage led world, and the early tells that a model is quietly over or under performing. He explains why CFOs should meet far more customers than they do, and how CFOs can use the power of the purse to drive sales. This is full of grounded advice, from one of the best, for first time CFOs.

I was talking with a CFO the other week who had what most GTM leaders would kill for: a perfectly defined TAM.

His company sells software to independent financial advisors. Think… the money managers that don’t work for big banks like Goldman or Merrill.

Every potential customer is registered with FINRA, 76,000 of them, right there in a searchable database. No guessing. No messy enrichment. Just names and numbers. They can literally pay for a list and dial into all of them.

They know where the bodies are buried.

Sounds like a dream.

But here’s the catch: when your market is finite and findable, it’s also burnable.

Wishing you ARR that actually contractually recurs,

CJ