This assessment evaluates the adequacy of an organization's insurance program across five critical coverage dimensions: D&O liability, E&O/professional liability, cyber liability, key-person insurance, and general commercial coverage. The output is a composite coverage adequacy score (1-5) with dimension-specific gap identification calibrated to company stage and revenue. Use this when evaluating whether insurance coverage matches actual risk exposure. [src1]
What this measures: Whether D&O coverage limits, structure (Side A/B/C), and retention levels are adequate for the company's stage, board composition, and risk profile.
| Score | Level | Description | Evidence |
|---|---|---|---|
| 1 | Ad hoc | No D&O policy; directors personally exposed to liability | No policy; no indemnification agreements; board unaware of exposure |
| 2 | Emerging | Basic D&O but limits inadequate for stage; not reviewed since purchase | $1M limit for Series B+ company; policy unchanged since founding |
| 3 | Defined | Limits appropriate for stage (seed: $1-2M, Series A-B: $2-5M, later: $5-10M); annual review | Peer-benchmarked limits; annual broker review; Side A confirmed |
| 4 | Managed | Excess layers; peer benchmarking; subsidiary and international coverage; EPLI coordinated | Multi-layer program; subsidiary coverage; defense-outside-limits |
| 5 | Optimized | Dynamic program for M&A/IPO readiness; tail coverage; Side A DIC | Transaction-ready; tail provisions; Side A DIC; board D&O presentations |
Red flags: No D&O despite outside directors or investors; limits unchanged since seed stage; broad unreviewed exclusions; retention exceeds self-fund capacity. [src1]
Quick diagnostic question: "What are your D&O limits, when were they last reviewed, and have they been adjusted since your last fundraising round?"
What this measures: Whether professional liability coverage is adequate for the service delivery model, client contracts, and regulatory exposure.
| Score | Level | Description | Evidence |
|---|---|---|---|
| 1 | Ad hoc | No E&O coverage; services delivered with no liability protection | No policy; uncapped liability in client contracts |
| 2 | Emerging | Basic $1M/$1M policy regardless of revenue; not aligned with service risks | Generic policy; limits not mapped to contract requirements |
| 3 | Defined | Limits matched to revenue band; client contractual requirements met; claims-made understood | Appropriate limits; client requirements satisfied; retroactive date confirmed |
| 4 | Managed | Excess layers for large engagements; tech E&O for software companies; coordinated with cyber | Tech E&O for SaaS; excess layers; no E&O-cyber gap |
| 5 | Optimized | Quarterly review; AI/emerging tech coverage; contractual sublimits adequate; loss prevention program | Quarterly review; AI coverage; loss prevention active; tail planned |
Red flags: Client contracts require $5M but policy is $1M; tech company using generic professional liability; no understanding of claims-made trigger; E&O-cyber gap. [src4]
Quick diagnostic question: "What E&O limit do your largest clients require, and does your current policy meet it?"
What this measures: Whether cyber insurance is adequate for digital risk exposure, data handling, and regulatory environment.
| Score | Level | Description | Evidence |
|---|---|---|---|
| 1 | Ad hoc | No cyber insurance despite handling customer data or digital operations | No policy; assumes GL covers cyber events |
| 2 | Emerging | Basic policy with inadequate limits; no security assessment; key exclusions | Minimal limits; ransomware or social engineering excluded |
| 3 | Defined | Limits appropriate for size (SMB: $1-2M, mid-market: $2-5M, enterprise: $5-10M); IR resources included | Adequate limits; first-party + third-party; MFA deployed; IR retainer |
| 4 | Managed | Peer-benchmarked; includes BI, social engineering, regulatory defense; security improvements reduce premiums | Comprehensive sub-coverages; security posture drives premiums; pre-arranged IR |
| 5 | Optimized | Limits stress-tested against breach cost models; excess/parametric coverage; multi-jurisdiction regulatory | Limits exceed modeled breach cost; continuous security monitoring shared with carrier |
Red flags: No cyber policy despite processing PII/PHI/payment data; limits below $1M for $10M+ revenue; ransomware excluded; MFA not deployed; no IR plan. [src2]
Quick diagnostic question: "What is your cyber insurance limit, do you have MFA everywhere, and does your policy cover ransomware and social engineering?"
What this measures: Whether financial protection exists against the loss of individuals whose absence would cause significant harm.
| Score | Level | Description | Evidence |
|---|---|---|---|
| 1 | Ad hoc | No key-person insurance; critical dependencies uninsured | No policies; no valuation of key-person economic impact |
| 2 | Emerging | CEO only; rough estimate; no disability coverage | Single policy on CEO; amount not tied to replacement cost; life only |
| 3 | Defined | All critical roles covered (CEO, CTO, top revenue); 5-10x salary; life + disability | 3-5 key personnel; amounts based on salary/revenue; company as beneficiary |
| 4 | Managed | Annual review; buy-sell funding; investor/lender requirements met | Annual review; buy-sell funded; coverage adjusted for new key hires |
| 5 | Optimized | Scenario-modeled; cross-purchase funded; board-level reporting | Scenario-modeled coverage; retention coordination; annual dependency audit |
Red flags: Investors require key-person insurance but none exists; CEO is sole relationship holder; coverage amount unchanged despite 5x revenue growth; no disability component. [src6]
Quick diagnostic question: "Do you have key-person insurance, who is covered, and how was the coverage amount determined?"
What this measures: Whether the broader portfolio (GL, property, BI, workers' comp, umbrella) is adequate and coordinated.
| Score | Level | Description | Evidence |
|---|---|---|---|
| 1 | Ad hoc | Only legally required coverage; no BI; no umbrella; property inadequate | Workers' comp only; no BI; no umbrella; property underinsured |
| 2 | Emerging | Basic BOP or GL + property; BI limits untested; no umbrella | BOP or GL + property; BI not validated; certificates reactive |
| 3 | Defined | GL, property, BI, workers' comp, umbrella in place; BI covers 3-6 months; annual review | Complete portfolio; BI covers 6 months; $2-5M umbrella; certificate tracking |
| 4 | Managed | Optimized portfolio; extended BI for supply chain; EPLI; international coverage | Extended BI; EPLI; international; annual TCOR analysis |
| 5 | Optimized | ERM-integrated; captive/self-insurance; parametric BI; benchmarked TCOR | Captive program; parametric BI; risk engineering partnership |
Red flags: No BI despite physical operations; no umbrella for $10M+ revenue company; property at purchase vs. replacement cost; no EPLI with 50+ employees. [src5]
Quick diagnostic question: "Do you have business interruption insurance, and for how many months of revenue loss does it cover?"
Overall Score = (D&O x 1.2 + E&O x 1.0 + Cyber x 1.2 + Key-Person x 0.8 + General Commercial x 0.8) / 5.0| Overall Score | Maturity Level | Interpretation | Recommended Next Step |
|---|---|---|---|
| 1.0 - 1.9 | Critical | Dangerous coverage gaps; a single claim could threaten survival | Emergency broker gap analysis; prioritize D&O, cyber, and BI coverage |
| 2.0 - 2.9 | Developing | Basic coverage but limits likely inadequate for current risk profile | Full coverage review; benchmark limits to stage; add missing lines |
| 3.0 - 3.9 | Competent | Solid foundation; may have gaps in emerging risks or coordination | Optimize coordination; stress-test limits; address emerging risks |
| 4.0 - 4.5 | Advanced | Comprehensive, well-coordinated program regularly benchmarked | Advanced risk transfer; optimize TCOR; prepare for IPO/M&A readiness |
| 4.6 - 5.0 | Best-in-class | Insurance fully integrated into ERM; dynamic and anticipatory | Maintain; explore innovative structures; mentor industry peers |
| Weak Dimension (Score < 3) | Fetch This Card |
|---|---|
| D&O Liability | Legal & Corporate Governance Assessment |
| E&O / Professional Liability | Financial Controls & Compliance Assessment |
| Cyber Liability | Business Continuity Risk Assessment |
| Key-Person Insurance | Business Continuity Risk Assessment |
| General Commercial | Operational Efficiency Diagnostic |
| Segment | Expected Average Score | "Good" Threshold | "Alarm" Threshold |
|---|---|---|---|
| Startup/Seed (<$5M revenue) | 1.8 | 2.5 | 1.2 |
| Growth ($5M-$50M revenue) | 2.5 | 3.2 | 1.8 |
| Mid-market ($50M-$500M revenue) | 3.3 | 3.8 | 2.5 |
| Enterprise ($500M+ revenue) | 3.9 | 4.3 | 3.2 |
Fetch when a user asks to evaluate insurance coverage adequacy, prepare for annual renewal, conduct fundraising or M&A due diligence, respond to a board risk coverage review, or assess whether coverage has kept pace with business growth.