Get a quote
IT Services Insurance

IT Services & MSP Insurance: Tech E&O, Cyber Liability, and What It Costs

Your breach becomes your client's breach. IT services and managed service providers need technology E&O for service failures and cyber liability for data incidents — both yours and theirs. Here's what MSPs and IT consultants need to know about insurance.

June 2026 · 9 min read
IT Services Insurance — Tenet Insurance guide

IT services and managed service provider businesses operate with two layers of liability that most trades don't face: service failure liability and data breach liability. When you manage a client's network, backup systems, cloud infrastructure, or security monitoring, your negligence doesn't just cost you time and reputation — it costs your client downtime, data loss, ransomware payments, and regulatory fines. And when your client's business is compromised because of your service failure or a breach of your systems, they file a claim against you.

Standard general liability insurance covers bodily injury and property damage. It does not cover professional negligence, service failures, data breaches, or cyber incidents. For IT services businesses, those exclusions eliminate coverage for most of the claims you'll actually face. You need technology errors and omissions insurance (tech E&O) for professional liability and cyber liability insurance for data breach and network security incidents.

This guide covers what IT services and MSP businesses need to know: why tech E&O and cyber liability are the core coverage lines, what client contracts typically require, what these policies cost, and where gaps appear in standard coverage forms.

Technology Errors and Omissions Insurance

Technology E&O is professional liability insurance for IT service providers. It covers financial losses your clients suffer because of your negligent acts, errors, or omissions in providing technology services. This includes service failures, configuration errors, missed security patches, failed backups, botched migrations, and advice that turns out to be wrong.

What tech E&O covers

What tech E&O doesn't cover

Tech E&O policies typically exclude intentional acts, criminal conduct, bodily injury, property damage (covered under GL), and first-party losses (your own business interruption — that's covered under a business owner's policy). Most tech E&O policies also exclude cyber incidents unless cyber liability is added as an endorsement or purchased as a separate policy.

Cyber Liability Insurance

Cyber liability insurance covers financial losses arising from data breaches, network security failures, ransomware attacks, and privacy violations. For MSPs and IT services businesses, cyber liability has two components: coverage for incidents affecting your own business and coverage for incidents affecting your clients because of your service failure or breach.

First-party cyber coverage

First-party cyber covers losses your business suffers directly from a cyber incident:

Third-party cyber coverage

Third-party cyber covers claims by your clients or other third parties arising from a cyber incident you caused or failed to prevent:

The line between tech E&O and cyber liability

Tech E&O covers professional negligence. Cyber liability covers data breaches and network security failures. The line blurs when a professional service failure causes a cyber incident. Example: you misconfigure a firewall (tech E&O), and the misconfiguration allows an attacker to breach the client's network (cyber). Many insurers now offer combined tech E&O and cyber policies to eliminate coverage gaps at the boundary between professional negligence and cyber incidents.

General Liability for On-Site Work

Even though most IT services work is virtual, you still need general liability for the physical exposures your business creates: on-site visits to client offices, equipment installation, cable runs, and property damage from accidental acts.

Standard GL claim scenarios for IT services

Standard GL limits are $1 million per occurrence and $2 million general aggregate. Most client contracts require these limits as a minimum. Some enterprise clients require $2 million per occurrence, which typically means adding an umbrella policy above your base GL.

Who Asks for Your Certificate of Insurance

IT services and MSP contracts are heavily insurance-focused. Clients are entrusting you with access to their network, data, and business-critical systems. The certificate of insurance requirements reflect that trust and risk transfer.

Enterprise clients and contracts

Enterprise clients — businesses with formal procurement processes, IT departments, and legal review — require certificates showing tech E&O, cyber liability, GL, and often umbrella coverage. The certificate needs to name the client as an additional insured on the GL policy and sometimes on the cyber policy. They may also require a waiver of subrogation endorsement on all policies.

Co-managed IT and vendor agreements

If you're working alongside another MSP in a co-managed IT relationship or integrating with a larger vendor's platform, the vendor agreement will require you to carry tech E&O and cyber liability at specific limits — often $1 million or $2 million per claim. The vendor wants assurance that if you cause a service failure or breach affecting their client, you have coverage to respond to the claim.

Compliance-driven clients (healthcare, finance, legal)

Clients in regulated industries — healthcare (HIPAA), finance (GLBA, SOX), legal (attorney-client privilege) — impose heightened insurance requirements because of the regulatory exposure they face if you cause a breach. These clients often require cyber liability limits of $2 million to $5 million, tech E&O at similar limits, and contractual language confirming that your policies cover regulatory fines and penalties (which not all policies do).

Certificate turnaround time matters

You close a contract with a new client. They need a certificate naming them as additional insured on your GL and showing tech E&O and cyber coverage by tomorrow morning or the contract is void. Can your broker deliver? We issue certificates of insurance on a published 15-minute SLA, around the clock. When a delayed certificate costs you the contract, speed matters.

Workers' Compensation

If you have employees — technicians, helpdesk staff, engineers — you need workers' compensation insurance. IT services work is generally low-risk from a workers' comp perspective, but repetitive motion injuries (carpal tunnel from keyboard work), slip and fall incidents during on-site visits, and vehicle accidents during client visits generate claims.

Texas workers' comp: optional but required in practice

Texas is the only state where workers' compensation is optional for most private employers. You can operate as a non-subscriber, meaning you don't carry workers' comp and employees sue you directly if they're injured. For IT services businesses, this is usually not viable if you work with enterprise clients or government contracts. Those clients require proof of workers' comp as a condition of the contract. Without it, you're limited to small business clients who don't scrutinize insurance.

Commercial Auto

If your technicians drive to client sites in company vehicles, you need commercial auto insurance. Standard limits are $1 million combined single limit. Make sure your policy includes hired and non-owned auto coverage if employees use personal vehicles for client visits or if you rent vehicles.

One IT services-specific consideration: your vehicles may carry laptops, diagnostic tools, networking equipment, and client devices worth $5,000 to $20,000 per vehicle. Your commercial auto policy covers the vehicle, not the contents. You need inland marine coverage for tools and equipment in transit.

What IT Services and MSP Insurance Costs

Premiums depend on your revenue, the services you provide (helpdesk vs. full MSP vs. consulting), the industries you serve (healthcare and finance increase premiums), your claims history, and your cybersecurity practices. Here are realistic ranges for an IT services or MSP business with 2 to 15 employees and $500,000 to $3 million in annual revenue.

Total annual cost for a typical IT services or MSP business: $15,000 - $50,000. Smaller helpdesk or break-fix operations with clean loss histories and good cybersecurity practices will be toward the low end. Full-service MSPs serving healthcare or financial clients with higher revenue and prior claims will be at the higher end.

What drives premiums up

What to Ask Your Broker

Does my tech E&O policy cover cyber incidents, or do I need separate cyber liability?

Some tech E&O policies include limited cyber liability as an endorsement. Others exclude cyber entirely. If your policy excludes cyber, you need a standalone cyber liability policy. Ask your broker to confirm in writing what is and isn't covered at the boundary between tech E&O and cyber.

Are regulatory fines and penalties covered?

Some cyber liability policies cover regulatory fines and penalties arising from a data breach (e.g., HIPAA fines, state attorney general penalties). Others exclude fines or only cover them in specific jurisdictions. If you serve healthcare or finance clients, verify whether your policy covers regulatory fines. If it doesn't, you may need a separate policy or endorsement.

Does my policy cover my liability for breaches of my clients' systems?

This is third-party cyber liability. Not all cyber policies include it. Some only cover first-party losses (your own breach response costs). If you manage client networks or have access to client systems, you need third-party cyber coverage. Confirm with your broker that your policy covers claims by clients for breaches you caused or failed to prevent.

What's the deductible on tech E&O and cyber?

Deductibles on tech E&O and cyber policies are typically $5,000 to $25,000. Higher deductibles lower your premium but increase your out-of-pocket cost per claim. For MSPs with stable revenue and cash reserves, a $10,000 or $15,000 deductible can meaningfully reduce premiums.

Does the policy include breach response services?

Many cyber liability policies include breach response services as part of the coverage: forensic investigation, legal counsel, notification services, credit monitoring, and public relations support. These services are often pre-negotiated by the carrier at discounted rates. Verify whether your policy includes these services or whether you're responsible for arranging and paying for them yourself (subject to later reimbursement).

Can I get coverage for social engineering and funds transfer fraud?

Social engineering fraud (an attacker impersonates a vendor or executive and tricks you into wiring funds) is not always covered under standard cyber policies. Some policies exclude it. Others offer it as an add-on sublimit. If your business processes wire transfers or handles client funds, ask whether your policy covers social engineering fraud and what the sublimit is.

Insurance for IT services and managed service providers.

We work with MSPs and IT consultants to structure tech E&O and cyber liability coverage that meets client contract requirements. Certificates delivered in 15 minutes.

Get a quote