Manage your risk with Coverwatch
Risk management for growing businesses, powered by insurance experts and world-class technology
CFA analysis found 61 of 64 CPSC unilateral safety warnings in 2024 involved products sold online. Ecommerce business risks fall into six categories, from product liability and cyber breaches through supply chain gaps, regulatory exposure, business interruption, and employee claims. Each maps to a specific insurance coverage type, and this guide maps every risk to the policy that pays for it while flagging the five coverage gaps most online sellers miss.
Each ecommerce business risk maps to a specific insurance policy. Product liability claims go through general liability. Data breaches require a separate cyber policy, and inventory at a 3PL needs inland marine coverage. The table below pairs all six categories with the ecommerce insurance coverage types that pay when the risk materializes.
| Risk Category | Primary Coverage | What It Pays For | Typical Claim Range | Annual Cost Range |
|---|---|---|---|---|
| Product liability | General liability (CGL) | Injury or damage from a product you sell | $100K median, $1.48M mean | $500-$5,000+/yr |
| Cyber / data breach | Cyber liability | Breach response, notification, legal defense, ransomware | $4.44M avg global breach cost (2025) | $500-$5,000/yr |
| Supply chain / inventory | Inland marine | Goods in transit and at third-party warehouses | Varies by inventory value | $200-$2,000/yr |
| Regulatory / recall | Product recall insurance | Notification, shipping, disposal, lost revenue | $500K-$10M+ for mid-size recalls | $10,000-$15,000/yr standalone; endorsements from $2,500 |
| Business interruption | BOP (bundled with GL + property) | Lost income during covered disruption | Depends on revenue | $500-$3,000/yr |
| Employee claims | Workers' comp + EPLI | Injury on the job, wrongful termination, harassment | $20K-$100K+ for EPLI claims | Workers' comp varies by state |
Cost ranges reflect market data for sellers under $5M in revenue. Product liability claim figures come from III data (2014-2020 jury awards). Cyber breach costs come from IBM's 2025 Cost of a Data Breach Report (global average across all company sizes; small ecommerce breaches typically cost far less). For a full breakdown of ecommerce insurance cost by revenue tier, see our cost guide.
Product liability is one of the highest-stakes personal injury categories. Per III data, defense costs alone consumed 33.6% of total incurred losses for product liability in 2024. Across all personal injury categories, the median jury award was $100,000 (2014-2020), with mean awards exceeding $1.48 million. Under strict liability, every entity in the supply chain can be held responsible for a defective product, including sellers who never manufactured it. If a customer's child is burned by a defective toy you sourced from Alibaba and resold on Amazon, the customer can sue you even though you never touched the product design.
That last point is where most ecommerce sellers get caught off guard. The Third Circuit held in Oberdorf v. Amazon (2019) that Amazon could be liable as a "seller" under Pennsylvania product liability law. In 2024, the CPSC ruled Amazon a distributor for products sold by third-party sellers through FBA.
If Amazon itself carries distributor liability for products it never designed, private-label sellers carrying their own brand name face even steeper exposure.
Standard general liability includes product liability for most product categories. High-risk categories (supplements, children's products, anything ingestible) sometimes require standalone policies because carriers exclude those products from standard general liability forms. For a deeper look at what product liability insurance covers and when you need a standalone policy, see our full guide.
Product category is the single biggest factor in your GL premium. Selling ingestibles or children's products can push rates 4-10x higher than clothing or home decor. Annual revenue sets the billing basis, country of manufacture affects subrogation risk, and private-label importers get classified as manufacturers rather than retailers. Amazon requires $1M in GL coverage once you exceed $10,000/month in sales; Walmart requires $1M/$2M limits at $100,000 in trailing 12-month sales.
Most ecommerce sellers assume their platform handles data security. Data breaches, skimming attacks, and ransomware hit the seller's systems and the seller's customers, not the platform's. Only 17% of small businesses carry cyber insurance, according to Security.org, despite 88% of SMB breaches involving ransomware in 2025, per the Verizon DBIR.
The median ransomware payment hit $115,000. IBM's 2025 Cost of a Data Breach Report put the global average at $4.88M in 2024, settling to $4.44M in 2025. Digital skimming attacks hit 11,000 ecommerce sites in 2024, triple the prior year. A compromised third-party app exposed 179,000 customer records pulled from Shopify stores in 2024, and a separate breach involving the Consentik app exposed sensitive data from over 4,000 Shopify stores.
A standalone cyber policy for an online store typically covers the following.
A standard BOP doesn't include cyber coverage. The SBA recommends that any small business with a BOP add a standalone cyber policy. (Most sellers find out the hard way that "business insurance" and "cyber insurance" are two completely separate things.)
Cyber premiums scale with annual revenue and transaction volume. Whether you store payment data yourself or outsource to Stripe/Shopify Payments matters almost as much as revenue. Claims history is the steepest multiplier. One breach incident can push renewal up 20-40% or trigger non-renewal entirely. PCI compliance and MFA adoption can earn discounts of 5-15%.
Most 3PL contracts cap the warehouse operator's liability at $0.50 per pound of product, which means $50,000 of inventory in a fulfillment center is effectively uninsured. Standard commercial property insurance covers goods at your premises, not goods stored at someone else's warehouse. Inland marine insurance closes this gap by covering goods in transit and at third-party locations (3PL warehouses, FBA centers, and trucks between them).
For example, if a truck carrying $40,000 of your inventory to an FBA warehouse catches fire, inland marine pays to replace the goods at their actual value. Your commercial property policy doesn't, because the goods weren't at your premises.
"My 3PL's insurance covers my inventory" is the most common misconception in seller forums. It is wrong. A 3PL's cargo legal liability policy protects the 3PL against negligence claims, not the seller against loss.
Most contracts pile on shrinkage allowances, force majeure exclusions, and per-pound liability caps that leave the brand holding the bill. A warehouse fire can wipe out months of inventory. The 3PL pays pennies on the dollar.
If you hold inventory at a 3PL or ship through carriers, check three things. What does your 3PL contract say about liability caps? What does your commercial property policy cover off-premises? Where would inland marine or cargo insurance fill the gap? The answer to all three usually points to the same problem.
Inland marine rates typically run 0.1-3% of the goods covered, scaled primarily by total insured inventory value. Number of transit legs, shipping frequency, and whether goods cross international borders all affect pricing. High-value or fragile inventory costs more to insure per dollar than durable goods like furniture or apparel.
Standard general liability doesn't cover product recalls. The sistership exclusion strips recall costs from GL coverage, which means sellers in high-risk categories need a separate product recall insurance policy. The Consumer Federation of America reported that the CPSC issued 369 recalls and safety warnings in 2024, with 95% of unilateral warnings targeting products sold online.
By mid-September 2025, that number climbed to 376 recalls and warnings. CPSC's eSAFE team has driven tens of thousands of takedown requests to online marketplaces, with about 57,000 listings removed in FY 2024. Two-thirds involved Chinese-manufactured products. "These numbers tell a troubling story of how e-commerce has outpaced our ability to ensure product safety," said Courtney Griffin, Director of Consumer Product Safety at the Consumer Federation of America.
The sistership exclusion is named for a scenario where one airplane in a fleet crashes and the airline grounds the rest voluntarily. Insurers exclude that voluntary recall cost, and the same logic applies to consumer products. If you sell a baby monitor and the CPSC issues a recall, your GL policy covers the lawsuit from an injured family. It won't pay the $200K in logistics to pull the product, notify customers, and ship returns.
Product recall insurance is a separate specialty policy that covers notification costs, return shipping, product disposal, and lost revenue during the recall period. High-risk categories include children's products, food and supplements, electronics with lithium batteries, and anything with small parts or chemical exposure risk. For food brand insurance or supplement brand insurance specifically, see our vertical guides.
Recall underwriting starts with product category. Children's products, food, supplements, and electronics with lithium batteries sit in the highest-rate tiers. Standalone recall policies start around $10,000/year with minimum premiums, while recall endorsements added to an existing GL policy run $2,500-$5,000 for lower sublimits. Volume of SKUs, manufacturing geography, and whether you have a documented quality control process all factor in.
Meeting a marketplace insurance requirement keeps your seller account active, but it doesn't mean you're adequately covered. Five gaps show up repeatedly in policy reviews. These are the risks in ecommerce business that persist because sellers reasonably assume their existing coverage handles them.
A product recall can cost $500K or more in logistics alone, and your GL policy pays zero of it. The sistership exclusion strips recall costs from standard general liability. If you need to pull a product, notify customers, and ship returns, that's a separate product recall insurance policy.
Most sellers assume their fulfillment partner's insurance covers inventory at retail value, but those policies only protect the 3PL against negligence claims. The $0.50-per-pound liability cap in most 3PL contracts means $100,000 of product in a warehouse pays out based on weight, not value. Inland marine insurance covers the difference.
A Business Owners Policy (BOP) is "business insurance." It isn't cyber insurance. A Business Owners Policy bundles GL, property, and business interruption for $83-$95 per month, but it doesn't cover data breaches, ransomware, or customer notification costs. Calling your BOP "covered" when you collect payment data on every order is a gap that costs six figures to discover.
Dropshippers and private-label sellers often believe their supplier's insurance protects them, but as the seller of record on the transaction, legal liability sits with the brand the customer bought from.
Under US product liability law, the entity that sells the product to the end consumer is liable regardless of who manufactured it. "My supplier has insurance" is a common refrain in seller forums, but your supplier's policy covers your supplier, not you. That distinction matters.
A warehouse manager files a wrongful termination suit for $85K. Workers' comp doesn't cover it. Workers' comp handles physical injuries on the job, not employment disputes like termination claims, harassment allegations, or discrimination lawsuits.
Employment Practices Liability Insurance (EPLI) covers those, and sellers who scale into a warehouse team rarely think to add it. EPLI claims typically run $20K-$100K or more.
A seller with a marketplace-compliant commercial general liability (CGL) policy and a Business Owners Policy (BOP) can still be exposed on recall costs, inventory losses, cyber breaches, and employment claims. Compliance with Amazon's insurance requirement is a floor, not a ceiling.
Ecommerce risk management starts with knowing which policy covers which risk. Match each of the six categories in the table to your current program and look for exclusions, sublimits, and missing coverage lines. The policy reads fine until you get to the exclusions page. That is where claims get denied.
A flat-fee broker like Coverwatch shops across 60+ carriers and has no commission incentive to steer you toward one policy over another. A coverage review maps your risk profile to the right policies and flags gaps, typically within 24-48 hours. If you have taken outside investment or added board members, D&O insurance for funded ecommerce brands is another gap worth closing early. For a step-by-step walkthrough of what to buy and when, see the new seller insurance checklist.
No. GL policies exclude recall costs through the sistership exclusion. GL covers the lawsuit if someone is injured, but pulling the product, notifying customers, and shipping returns aren't covered. Some carriers offer a recall endorsement that can be added to a GL policy for lower-risk product categories. For high-risk categories like supplements or children's products, a standalone product recall policy is the standard approach.
Amazon requires $1M per occurrence (per individual claim) in commercial general liability once you hit $10,000 in monthly gross proceeds. Amazon must be named as an additional insured on the policy (meaning Amazon is covered under your GL if a claim involves a product you sold on their platform). Sellers get 30 days to upload proof of insurance before disbursements are held. Meeting this requirement satisfies Amazon's rules but doesn't cover cyber risk, inventory gaps, or recall costs.
Yes. Shopify's Terms of Service place data breach liability on the store owner, not on Shopify. A standalone cyber policy typically costs $500-$2,000 per year for an ecommerce store and covers breach notification, forensic investigation, legal defense, and ransomware payments. Even stores using Shopify Payments still collect customer names, addresses, and order history that triggers state notification requirements in all 50 states if compromised.
Probably not at full value. Check your 3PL contract for three clauses: the per-pound liability cap (usually $0.50/lb), the force majeure exclusion, and the shrinkage allowance. These three clauses together mean the 3PL's insurance pays a fraction of your actual inventory value if something goes wrong. Inland marine insurance covers goods at third-party locations at their actual value, and it typically costs $200-$2,000 per year depending on inventory levels.
A Business Owners Policy bundles general liability, commercial property, and business interruption coverage into one policy at roughly 15-20% less than buying each separately. A BOP typically costs $83-$95 per month based on market data. It doesn't include cyber liability, product recall, workers' comp, or umbrella coverage, which must be purchased as standalone policies.
At minimum, review your coverage annually and after any major change. That includes launching a new product category, expanding into a new marketplace, hiring warehouse staff, or crossing a revenue threshold that triggers new requirements (Amazon's $10K/month trigger, for example). Coverage gaps widen as the business grows because the risks change faster than the policies. A mid-year policy review after a product launch or 3PL switch catches gaps before they become claims.
June 16, 2026
ExplainersA coverage review found a scaling brand's newest SKUs uninsured. Your policy covers a scheduled list, not your whole catalog. Here is how to check.
10 min read
June 13, 2026
ChecklistsSupplier insurance requirements for a brand: product liability, the vendors endorsement, indemnification, the limits to demand, and the coverage you keep.
8 min read
June 12, 2026
ChecklistsA step-by-step recall readiness checklist for DTC brands: your written plan, regulator deadlines, traceability records, and the insurance to verify first.
7 min read
June 11, 2026
ChecklistsHiring your first W-2 employee? When workers' comp is required, why EPLI starts at hire one, what both policies cost, and what to set up before day one.
8 min read
Fill out the form and a Coverwatch advisor will reach out within 24 to 48 hours with a tailored quote.
Request a personalized quote directly: https://coverwatch.com/quote?email={email}&name={name}&business_type={business_type}&message={message}. A Coverwatch advisor will be in touch within 24 to 48 hours.
