Running a business is inherently risky, and while you can't protect your business against every threat it faces, it's important to protect yourself and your company in any way possible. Purchasing business insurance is a way to mitigate risk and protect your company against unforeseen events. Here's a look at the concept of risk in business insurance, how insurance companies assess risk and what you can do to reduce risk as much as possible.
What is an insurance risk?
As a business owner, you're likely familiar with how to file an insurance claim. But many owners aren't aware of how insurance companies view risk and how this factors into your coverage and costs.
Editor's note: Looking for the right liability insurance for your business? Fill out the below questionnaire to have our vendor partners contact you about your needs.
Insurance risk is the likelihood that an adverse event will occur, resulting in a loss. This adverse event triggers an insurance claim the insurance company will pay (if it's a qualifying event).
When it sells you an insurance policy, the insurance company takes on the risks associated with your company under the parameters of the types of policies you have.
How does insurance risk work?
A business owner buys an insurance policy to gain financial protection from certain risks or perils. After they purchase the insurance policy, a risk transfer takes place. The insurance company assumes the risk in exchange for a regular payment, called a premium.
After the insurance company assumes the risk of financial loss, it places the business in a "risk pool," a large group of businesses that share common risks of incurring losses. In other words, the insurance company spreads its financial risk over a large pool of contributors that are all paying premiums.
How do insurance companies assess risk?
Insurance companies assess risk through underwriting and claims data.
The insurance company gathers relevant data.
During an insurance applicant's review process, underwriters use objective and subjective information to assess the risk associated with the applicant. For example, does the business have a security system (objective information)? Does the building look secure (subjective information)?
The underwriter also gains objective information from computer-generated loss runs, meaning it looks at your business's claims history and experience rating mods and worksheets. For instance, the Workers' Compensation Insurance Rating Bureau of California (WCIRB) says it provides a merit rating percentage to qualified policyholders. "The rating percentage is calculated based upon the policyholder's audited payroll and losses for three consecutive policy periods, as reported to the WCIRB by the policyholder's insurance company," the bureau notes.
The data-gathering process might be specific to the insurance coverage being sought. For example, the property underwriter may obtain an Insurance Services Office (ISO) property report. Your underwriter will also evaluate business-specific data. According to Elliot Whittier Insurance, your insurance underwriter may review:
- Payroll data
- Sales data
- Vehicle counts and/or mileage data
- A description of your operations
- Information about the officers and owners of the company
- Information about job duties, names of subcontractors, certificates of insurance for subcontractors, and tax documents
What data does the business need to track?
Elliot Whittier Insurance recommends that business owners track time and payroll for different work and job categories, which allows for the lowest workers' compensation premiums that still protect both workers and the company. In addition, it offers the following suggestions:
- Get certificates of insurance for your subcontractors, including general liability insurance and workers' compensation.
- Ensure a responsible and informed individual is present and available for onsite audits.
- If you own a restaurant, keep tip records.
- Inform your agent right away of any significant changes to your payroll, whether they're increases or decreases.
The insurance company issues a rating.
After the insurance company gathers all the relevant data, the next factor is rating. The rating system assigns a price based on what the insurer believes it will cost to assume the financial responsibility for the applicant's potential claim.
Underwriting will sort applicants into groups (risk pools) that present similar risk levels and then accept, deny or limit coverage for each applicant group. Underwriting sets a rate for each pool based on claims data for the group's applicants. If a pool has claims data with higher average losses, it will have higher assigned premiums.
What are the types of insurance risks in business?
Now that we've examined how underwriters deny or limit coverage for a group of applicants, here are some examples of common insurance risk types in business.
What are the costliest claims?
Below is a list of the costliest claims reported for small businesses, according to claims data from insurer The Hartford. [Learn more about this provider in our in-depth review of The Hartford.]
We also include suggestions for the business insurance coverage type that could help mitigate this risk. (Be sure to check for policy restrictions or coverage waivers.)
- Reputational harm: Average claim cost is $50,000. Consider reputational harm (risk) insurance or commercial general liability insurance.
- Vehicle accidents: Average claim cost is $45,000. Consider commercial auto insurance.
- Fire: Average claim cost is $35,000. Consider a business owners policy (BOP), commercial property insurance (business hazard insurance), commercial fire insurance or business interruption insurance.
- Product liability: Average claim cost is $35,000. Consider product liability insurance.
- Customer injury or damage: Average claim cost is $30,000. Consider a BOP or commercial general liability insurance.
- Wind and hail damage: Average claim cost is $26,000. Consider commercial property insurance (business hazard insurance).
- Customers slipping and falling: Average claim cost is $20,000. Consider a BOP or commercial general liability insurance.
- Water and freezing damage: Average claim cost is $17,000. Consider business property (business hazard) insurance.
- Struck by object: Average claim cost is $10,000. Coverage depends on where the incident occurred and if the injured party is an employee or a third party. Consider workers' compensation insurance, general liability insurance or a BOP.
- Theft and burglary: Average claim cost is $8,000. Consider a BOP or commercial general liability insurance.
These recommended policies are examples, but it's critical to check with your insurer for policy details and speak with an insurance agent to address your specific business needs.
What are other common claims?
As a business owner, you should be aware of these other common claims.
- Mistakes in professional services: Consider errors and omissions insurance if you provide a service, or request a surety from your clients if you use their professional services. Professional liability insurance is also recommended.
- Third-person injury on a construction job site: Consider commercial general liability insurance.
- Construction damage: Consider builder's risk insurance.
- Data breach: Consider cyber liability insurance.
- Property damage: Consider commercial general liability insurance and a BOP.
A note about COVID-19 and insurance coverage
Pandemic-related risk has been a hot topic as it relates to business interruption insurance, risks associated with workers who interact with the general public (third parties), and workers who could file a workers' compensation claim.
On May 28, 2021, the U.S. Equal Employment Opportunity Commission (EEOC) updated its guidance related to COVID-19, vaccines, and the workplace, saying that workers can file a workers' compensation claim if they have an adverse reaction to a vaccine after an employer-issued vaccination mandate (however, this doesn't guarantee the claim will be filed).
As far as business coverage for COVID-19 is concerned, total claims can, at most, be kept within limits of available capital. Only a few businesses have bought pandemic-related coverage, probably because the price may be too high for the protection offered, according to an economic briefing held by Triple-I chief economists Steven Weisbartt and Michel Leonard.
How can I reduce risk?
The primary way to reduce risk is to institute a formal loss control program, which helps policyholders reduce claims using risk management and safety resources and training.
There are a few other ways to reduce risk:
1. Follow your insurer's risk control guidance.
Some insurers offer risk management programs for their insurance policyholders. Many other insurers also offer risk control representatives, who can give suggestions and guidance.
For instance, CNA's risk control consultants can guide you through the contractual risk transfer as you enter into a contract with an outside entity (a subcontractor, tenant or service provider), which creates a new set of risks and liability issues.
CNA also features PrepWise, which helps with risk assessment. This includes CyberPrep, which focuses on a business's cyber risk and is available to all CNA cyber policyholders. Learn more in our CNA review.
2. Reduce your auto-related risks.
Insurance companies help policyholders mitigate risks associated with auto accidents. For instance, a common risk is distracted driving.
According to a Travelers Insurance survey, 1 in 4 businesses have had an employee get in a distraction-related crash while driving for work. Companies can buy distracted-driving policies to insure against this risk.
Travelers also offers its customers low-cost ways to reduce risk, such as asking employees to set their phones to "do not disturb" and forbidding texting while driving.
Your business can also use risk management software to analyze data from previous accidents and claims to learn how the risk could have been mitigated.
3. Mitigate your cyber risks.
Cyber risk is among the top concerns of businesses surveyed in the 2020 Travelers Risk Index. The insurer recommends that companies use a business virtual private network (VPN) instead of a Remote Desktop Protocol, since a VPN allows for data encryption and protects sensitive or private information. Travelers also recommends using multifactor authentication.
Travelers points out that some roles within a company aren't suitable for remote work because they're at high risk of creating legal issues if the data is compromised. For example, consider a business that retains testing or other COVID-related information on an administrator's laptop. Under the Health Insurance Portability and Accountability Act (HIPAA), any covered entity or business associate that collects, processes, or stores protected health information is required to implement security and privacy controls to protect its confidentiality, integrity and availability (also known as the "CIA triad").
Travelers warns businesses that employees working from home should never allow anyone to access company resources. Employees should use only company-authorized devices for remote work, and they should dispose of company documents properly.