When CPAs have individual clients who are business owners, it is important to remember that they have worked very hard to build both their business and their personal estate. Many business owners focus the majority of their time on building the business and do not think about the various risks that could significantly diminish the value of their business and personal estate or net worth. While estate taxes often come to mind when thinking about such risks, other, unknown risks in the business itself could destroy an even larger portion of the estate. A critical element when creating an overall estate plan is a business insurance review to ensure that both known and unknown risks are identified and properly insured against.

Most individuals have similar concerns, such as loss of a job, unexpected medical expenses, and protecting property and vehicles. Business owners, however, also face risks related to business interruption, lawsuits, workers’ compensation, cyberliability, professional liability, and group benefits for employees. Ensuring that they have the right insurance coverage for all these and other potential risks is critical to the continued success of the business.

A Comprehensive Approach

Many business owners buy insurance protection as needs arise, such as purchasing commercial building and vehicle insurance when buying such assets or obtaining workers’ compensation when employees are hired. While these purchases help protect the owner and the business, this approach may not provide the appropriate total coverage and may in fact cost more than a comprehensive review of what is needed and what the current insurance provides. Buying only what is needed, when it’s needed, may put the individual and his personal and business assets at risk, especially if the business has directors, officers, and employees, or if there is an employee benefit plan. This approach can leave gaps in certain coverage and create excess coverage in others. With a coordinated insurance plan, gaps and excesses are reduced (if not eliminated), often at a reduced overall cost.

Personal versus Commercial Insurance

It can be very challenging for individuals facing such a diversity of risks to manage them while running a business. Finding the right expert information on all of the many areas of risk management, each with its own ever-shifting nuances, can also be a challenge.

The term “property and casualty” is used to describe various types of insurance protecting physical assets and liability coverage for injury to others. All commercial businesses should have a general liability policy to cover losses from causes such as fire, accidents, and other hazards. Similarly, the policy should include provisions to protect the business from paying for nonproperty expenses such as medical expenses, along with related legal costs, including any resulting lawsuits.

Certain risks affect both a business and an owner personally. In addition to a general liability policy, both should consider an excess liability policy. These policies are similar to an umbrella policy (which is usually capped at $5 million), but have larger limits (up to $50 million), along with the flexibility to tailor certain provisions to suit a specific business or individual.

Commercial enterprises face numerous business risks outside of the scope of general or excess liability on a daily basis, including some unique risks.

Commercial enterprises face numerous business risks outside of the scope of general or excess liability on a daily basis, including some unique risks. The good news is the insurance industry probably has a product covering such a risk. For example, an incident might occur that would render the enterprise unable to operate for a period of time; business interruption insurance can cover various operating expenses for such a period and may even cover the revenue the business would have earned during the shutdown. Moreover, retailers, wholesalers, distributors, and manufacturers are all at risk of liability from defective products and inadequate instructions or labeling for such products. Product liability insurance protects a business against such damages, settlement costs, and related legal fees, even if a business were found negligent.


Commercial Insurance:

  • Property and Casualty
  • Flood and Earthquake
  • Liability (General, employment, professional, public)
  • Excess Liability
  • Errors and Omissions
  • Business Interruption
  • Reputational Risk
  • Directors and Officers
  • Cyberliability
  • Product Liability
  • Medical Malpractice
  • Surety (Construction, commercial, environmental, license, permit bonds)
  • Group Benefits (Medical, pharmacy, dental, life)

Personal Insurance:

  • Property and Casualty
  • Flood and Earthquake
  • Liability (Umbrella)
  • Excess Liability
  • Personal Directors and Officers

Business owners also put a lot of effort and expense into building a brand with a strong reputation. Social media campaigns, however, can destroy decades of brand building in a single afternoon. Several insurance companies insure against such a risk by providing access to experts upon the first instance of negative publicity, providing advice and communication strategies for both type and method, as well as covering the cost of certain strategies and brand monitoring.

When dealing with natural disasters, specific risk coverage such as flood insurance may be appropriate, depending upon one’s location. Likewise, an earthquake endorsement may be appropriate, due to limits in most homeowners and commercial liability policies. While rather expensive in areas at a high risk of earthquakes, the costs drop significantly elsewhere. Though rare, such quakes do occur, such as the 5.8 magnitude earthquake in Virginia in 2011, where only half of the affected were insured.

As a CPA, knowing that there is a clear distinction between personal and commercial insurance is fundamental. They are very different specialties, each with unique considerations, carrier competencies, and markets, and an expert in one area may not be as well versed in the other. The sidebar, Commercial vs. Personal Insurance, shows a broad breakdown of different types of insurance into these two categories.

Helping individuals find an agency with expertise in both personal and commercial insurance is an important first step in building a comprehensive insurance program.

The Need for Cyberliability Insurance

As the Internet grows and becomes more complex, so does exposure to risk. General liability, property, and professional liability policies are not designed to address many critical information security exposures, such as regulatory fines and penalties, statutory notification and credit monitoring costs, and class action lawsuits associated with privacy breaches. Many policies now affirmatively exclude cyber risk. It is therefore important to factor this additional coverage into a business’s overall risk management plan.

Due Diligence Review

Once the right insurance partner is found, the insurer will conduct a due diligence review to assess the individual’s current insurance situation and recommend an ongoing risk management program. Typically a six-step process, this review will ensure that both personal and business risks are identified. CPAs can help guide individuals through these steps.

Step one.

Thoroughly identify and understand the individual’s overall risk exposure, commercial and personal. Conduct a complete review of all owned and leased properties, employment practices, third-party liabilities, and anything else that would leave the individual exposed to risks, especially those that may have been previously unknown.

Step two.

Provide a detailed analysis of the existing insurance program, which includes reviewing each policy and applicable vendor contract to determine if all risk transfer objectives are properly met, where there are gaps, and where there are overlaps.

Step three.

Assess if the individual has the necessary support services, including a review of the carrier and broker effectiveness and an assessment of the level of support in claims, loss prevention, and other services provided by the current carrier and broker.

Step four.

Reconstruct the insurance program to address any gaps, overlays, inappropriate deductibles, or other issues identified. This includes configuring insurance limits and coordinating coverage and policies to achieve optimal protection at a competitive cost.

Many policies now affirmatively exclude cyber risk. It is therefore important to factor this additional coverage into a business’s overall risk management plan.

Step five.

Outline the expected overall costs to achieve the goal of satisfying the various objectives and recommendations identified in the first four steps.

Step six.

Implement the new risk management program.

Risk management does not end once a program is implemented; rather, this is only the beginning of a dynamic process. Workplace safety training, ergonomic reviews, and mock OSHA inspections may be part of the program. Throughout the process, CPAs can help individuals obtain ongoing support from an insurance organization with experts in the many distinct disciplines of both commercial and personal insurance, which will allow business owners to focus on what they do best with confidence and security.

Paul B. Kieffer, CPA/PFS, CFP, CLU, CAP, ChFC is an administrative vice president with M&T Bank, Buffalo, N.Y.