WA
WebAppInsurance
Back to Blog
Contracts & Compliance5 min readJune 8, 2026

Why Your Client Contracts Require E&O and Cyber Insurance (and at What Limits)

Enterprise and mid-market clients now demand tech E&O and cyber coverage before signing an MSA. Here's why, the limits they expect, and how to close deals faster.

Why Your Client Contracts Require E&O and Cyber Insurance (and at What Limits)

The Insurance Clause That Can Make or Break Your Next Deal

If you build software, run a SaaS platform, or operate a web development agency, you've probably reached the part of a master services agreement (MSA) that lists "Insurance Requirements" and felt your stomach drop. Buried in that section are demands for technology errors and omissions (E&O), cyber liability, and a request to be named as additional insured. Increasingly, these clauses are non-negotiable. A signed contract often hinges on whether you can produce a certificate of insurance (COI) that satisfies the client's procurement and legal teams.

This isn't bureaucratic box-checking. Understanding *why* clients demand this coverage — and what limits they actually expect — turns the insurance conversation from a deal blocker into a closing advantage.

Why Clients Demand Coverage from Their Vendors

When an enterprise hires your company to build or host software, they are handing you a piece of their operation. If your code fails, your service goes down, or a breach exposes their customers' data, the financial fallout can be enormous — and they want to make sure *you* can pay for the damage you cause, not them.

This is risk transfer. The client is contractually shifting a portion of vendor-related risk back onto your balance sheet (and your insurer's). A few concrete drivers:

  • Their own insurance and board require it. Many enterprises have cyber and E&O policies that obligate them to ensure key vendors are insured. Procurement teams enforce minimum vendor standards as a condition of onboarding.
  • They've been burned before. Supply-chain breaches and vendor outages routinely make headlines. A single under-insured contractor can become a six- or seven-figure liability for the client.
  • It signals maturity. A vendor carrying proper limits reads as a real business that takes its obligations seriously — not a two-person shop that will vanish when something goes wrong.

Common Limit Requirements

Limits vary by client size and the sensitivity of the engagement, but patterns are predictable:

  • Technology E&O / Professional Liability: Commonly $1M per claim / $2M aggregate, scaling to $3M–$5M for larger enterprise or regulated-industry work (healthcare, fintech, government).
  • Cyber Liability: Frequently $1M–$2M, rising to $5M when you store, process, or transmit large volumes of personal data, payment data, or protected health information.
  • General Liability: A standard $1M / $2M is almost always required as a baseline, even for pure-software vendors.
  • Umbrella / Excess: Larger contracts may stack a $1M–$5M umbrella on top of the underlying policies to reach a combined limit the client specifies.

Tech E&O and cyber are often bundled together in a single policy for software companies, since a coding error and a data breach can stem from the same incident.

Decoding "Additional Insured" and "Waiver of Subrogation"

Two phrases trip up nearly every founder reading their first MSA:

  • Additional insured: The client asks to be added to *your* policy as an extra protected party. If a claim arises from your work that also names the client, your policy can respond on their behalf. It's a formal extension of your coverage to the people relying on you.
  • Waiver of subrogation: Normally, after your insurer pays a claim, it can turn around and try to recover that money from whoever was at fault — including the client. A waiver of subrogation means your insurer gives up that right against the client. Clients require it so they aren't sued by your insurance company after a covered loss.

Both are typically available as endorsements on a business policy. The key is making sure your coverage actually permits them *before* you sign.

How Deals Die Over Missing Coverage

Here's the painful pattern: you win the work, agree on price, and then legal sends the MSA. The insurance section demands $2M tech E&O, $2M cyber, additional insured status, and a waiver of subrogation — due before the kickoff date. You don't have a policy, or yours is too thin. Now you're scrambling to bind coverage in days, the start date slips, and the client quietly wonders whether you're ready for prime time. Sometimes they move to the runner-up vendor who already had a COI ready.

The fix is simple: have the right coverage in place *before* you're in active negotiations, so the certificate is a formality, not a fire drill.

Same-Day Certificates Close Deals

When your coverage is structured correctly, producing a compliant COI — with the client listed as additional insured and the waiver included — can happen the same day they ask. That responsiveness becomes part of your pitch. You're the vendor who removes friction instead of adding it.

Get Contract-Ready Coverage

Contractors Choice Agency helps web app startups, SaaS companies, and development agencies build insurance programs that satisfy real client contracts — technology E&O, cyber liability, professional and general liability, BOP, and umbrella — with fast certificate turnaround and the endorsements your MSAs require.

Call 844-967-5247 to review your contract requirements and get a quote built around the deals you're trying to close.