What types of insurance does a small clinical-trials company or CRO need?

A CRO or clinical-trials company sells a service - running, monitoring, or managing studies - so its primary exposure is professional liability (errors and omissions), not products liability. The program is built around E&O, with clinical trial liability covering subject injury, and the rest of the stack added by trigger. The limits are dictated less by the company's revenue than by what its sponsor contracts require.

The recurring small-CRO mistake is buying a generic small-business package that carries general liability but excludes or under-sizes the two lines that actually matter here: professional liability and clinical trial liability. A sponsor reviewing the certificate at contract time will catch it.

For a CRO, professional liability is the core coverage. It responds to claims that the CRO's services caused harm - a protocol-execution error, a monitoring failure, a data-management or pharmacovigilance lapse, a regulatory-submission mistake. The vast majority of CRO claims arise from the service, which is why E&O, not general liability, is the load-bearing line.

Sponsor MSAs and master service agreements typically specify a professional liability limit (commonly $1M-$5M for smaller CROs, higher for larger scopes or oncology/first-in-human work), often with the sponsor named as additional insured and primary/non-contributory wording. Claims-made vs occurrence form matters here: most E&O is claims-made, so the CRO must maintain continuous coverage (and tail/ERP coverage when a relationship ends) to stay protected for work already performed.

Clinical trial liability is a distinct line covering bodily injury to trial subjects. It is frequently required by the protocol, the IRB/ethics committee, and the sponsor CTA, and it does not overlap with general liability - a CGL policy generally will not respond to trial-subject injury. The trigger is human studies: any company running first-in-human or interventional trials needs it before enrollment.

Whether the sponsor or the CRO carries the trial liability (and at what limit) is usually negotiated in the CTA. Smaller CROs running sites or managing studies often need their own clinical trial liability tower; the limit is driven by trial phase, indication, subject count, and geography.

General liability and property: the operating floor - third-party bodily injury/property damage and coverage for office and equipment. Required by most leases and contracts at $1M/$2M.

Directors & officers (D&O): triggered by outside capital. Investors typically require it at the first institutional round, and it re-sizes at later rounds and any M&A.

Cyber liability: a CRO runs on sensitive data - trial datasets, subject PHI, sponsor proprietary information. Cyber covers breach response, notification, and liability. For a clinical-trials business this is a core line, not optional, and sponsor CTAs increasingly specify a cyber limit and data-handling terms.

Workers compensation: required by statute once there are employees (Texas non-subscriber is its own decision). Clinical research staff class codes differ from administrative codes; miscoding is a common premium error.

An umbrella or excess policy raises the effective limit over the underlying general, E&O (where the form allows), and auto lines. Small CROs rarely buy it for its own sake - they buy it because a sponsor MSA or CTA specifies a combined limit (commonly $5M-$10M) the primary policies alone do not reach. The right umbrella limit is whatever the largest active sponsor contract requires, and it is one of the most common places a growing CRO is found non-compliant at contract signing.

A practical order for a small CRO: (1) professional liability (E&O) + general liability + workers comp as the floor; (2) clinical trial liability before enrolling subjects; (3) cyber as soon as trial data or PHI is held (effectively day one for most CROs); (4) D&O when outside capital arrives; (5) umbrella when a sponsor contract requires a limit the primary lines can't reach. Running each sponsor MSA or CTA against the current program before signing catches limit and endorsement gaps before they become a compliance problem.