Ed Barker | Partridge Advisory
builds The NZ Founder's Guide to Startup Insurance and Risk
A stage-by-stage guide for New Zealand founders on when insurance becomes real, what actually creates personal and company exposure, and what to do at each moment, without wasting money before you need to.
⚡️ WFW Reader Offer: As a WFW reader, you get Partridge Advisory's year one fee capped at 10% of premium, only if you place insurance through them. That’s more than 50% off what most founders pay.
Ed Barker is the co-founder of Partridge Advisory, an insurance brokerage that has advised over 200 tech and innovation start-ups through their insurance journey. His clients include some of New Zealand's most ambitious companies, from nuclear fusion start-up OpenStar Technologies and maritime AI company Starboard Maritime Intelligence, to EV charging infrastructure company Kwetta, sustainable packaging company ZealaFoam, and sign language accessibility start-up Kara Technologies.
With a background in project management, Ed approaches insurance not as a product category but as a single response within a broader risk environment, working with founders from incorporation through global expansion and exit. He is also there when things don't go well. Ed has sat with founders through insolvencies, disputes, and claims, and has seen firsthand what happens when the right cover is in place and when it isn't.
This guide distils those lessons into a plain-language, stage-by-stage roadmap for New Zealand founders. From understanding when you can safely ignore insurance entirely, to knowing exactly what to do when an investor or customer forces the conversation, Ed shares direct, experience-driven guidance to help founders act at the right moment and avoid spending money before they need to.
Startup Insurance in New Zealand:
⚡️ Not sure what you need? Start at the bottom.
The NZ Startup Insurance Decision Guide cuts through every stage, from pre-revenue to investors and enterprise customers, and tells you exactly what to do.
🚨 Disclaimer: This is general commentary, not insurance or legal advice. Talk to a qualified insurance broker before making insurance decisions.
You Probably Don't Need Insurance Yet
Most founders don't need insurance on day one.
Why are we thinking about insurance? Consider your core risks. Within those, what can you insure? When should you insure them? How much will it cost? If you are pre-revenue, pre-investment, and still working on the business before telling the world about it, park it.
The insurance requirement looks different for everyone, but usually occurs when you take on more risk than you are comfortable covering yourself, or when someone else asks you for insurance.
Your objective now is to identify your risk cadence so that big inflections don't happen without your knowledge. Every dollar you've raised and earned has a job to do, and nothing kills momentum like watching it disappear into a crisis that insurance could have covered.
Have a conversation with an insurance broker to map out future requirements in the context of your business risk so you know when to come back to them. If the chat feels salesy, find someone else.
Jump to what you actually need:
I have no customers, no employees, no investors | You can stop here for now |
I am starting to get enquiries / build something real | Section 1 - Watch (Early Activity, Informal Exposure) |
I am signing my first customer or contract | Section 2- Act (Customers, Contracts & Real Exposure) |
An investor or customer has asked for insurance | Section 3- Required (Investors, Employees, Deals) |
I want to know what can actually go wrong | |
The right insurance move at every startup stage |
Section 1 - Watch (Early Activity, Informal Exposure)
What Changes as Your Startup Becomes Real
Here are the common risks that come up during your start-up phase:
You're raising money and/or forming a board: As a Director or Officer of a company, you can be sued by shareholders, creditors, employees, competitors, and regulators. Claims can reach your personal assets.
Big things are happening: This could be selling products, taking on sensitive data, buying big pieces of equipment or stock. Your insurance needs are situational and you need legal and risk/insurance advice. Develop risk mitigations like strong legal contracts, dual sign-off for large payments, strong data-security standards, etc.
You employ people: when you make somebody redundant, it costs a lot of money in legal and settlement costs. Reduce your risk by seeking advice from a qualified employment lawyer.
You hire a space: Universities, labs, Public Research Organizations (PROs), and landlords require insurance to protect against any damage you do to their property.
You own or license Intellectual Property (IP): Disruptive IP attracts attention from incumbents who have both the means and the motive to litigate. IP litigation kills companies.
Your business is regulated by Government agencies like Worksafe, the FMA, etc: Regulatory investigations can be expensive to defend.
Opportunity cost: Somebody requires insurance and you have to buy it. This requirement can come from funders, commercial and supply chain partners among others. Know what's likely to be required before you're staring down a deal timeline.
What to watch for:
- First commercial agreement or NDA
- Taking on personal data, particularly international data
- Taking on investment or grant funding
- First permanent employee (not casual or contract)
- Presenting your IP at trade-shows or to potential customers/partners/competitors
- First big purchases
- Moving into your first premises
.png){kind=icon}
Note: Still not time to act. But now you know what to look for.
Section 2- Act (Customers, Contracts & Real Exposure)
The First Moment Insurance Actually Matters
The three early requirements are:
- Investors require Directors & Officers Liability before executing the investment.
- Landlords require Public Liability before commencing a tenancy.
- Commercial partners / customers require insurance before doing business with you.
Points 1 and 2 can be achieved quickly. Point 3 is context dependent and can take time, particularly with higher risk and complexity.
One thing you absolutely have to do is research your risk landscape. How litigious is your industry/segment? Who is actively litigating? Who is likely to sue you? Understanding these prepares you for success. Going in blind can sink your business.
Buying insurance should occur at risk inflection points. These are different for every company, but do have some things in common:
- You are running a pilot / project that could foreseeably cause financial loss, property damage, etc.
- You are taking on more commercial risk in the form of data collection, building/installing stuff, manufacturing/contract manufacturing and selling stuff, providing a product/service that people rely on.
- You are sharing more intellectual property with potential partners / competitors than you are comfortable with.
- You are spending money on physical equipment that you cannot afford to replace. This includes gearing up product manufacturing in-house or with contract partners.
Think of contractual risk management as your first line of defence; while your contracts / agreements should seek to reduce your liability as much as possible, people can still sue you, and it will cost you a lot of money if they do.
The Minimum Viable Setup:
No customers, no contracts, no employees: | Very low risk, no insurance. This is a good time to map out future requirements with an experienced insurance broker. A conversation should cost you nothing. |
First customer or contract: | This is when your earlier preparation serves you well. Good legal advice will steer you towards reducing contractual liability, and it's hard to litigate against someone providing a service for cheap or free. If you do require insurance, then it's likely some combination of Professional Indemnity, General Liability, or Cyber Liability: |
Professional Indemnity (PI)
if you're providing a product or service that could cause a financial loss if it fails: | Presuming low risk activity - budget $2.5k for $1M cover. Cost increases dramatically for projects outside of NZ, or products that assume higher risk traditional services (e.g. financial, engineering, energy, etc). In those instances, $10k can be a starting point. When larger limits are required for higher risk industries, PI gets pricey, fast. |
General Liability
(can also be called Public Liability or Products Liability): | If your product or service could cause bodily injury or property damage; this includes your presence on client sites. For low risk SaaS, budget $500-$1.5k, depending on limit requirement and activity. For companies with more physical risk exposure, this varies greatly on jurisdictional exposure and risk class, so indications run from $1k-$25k (and sometimes beyond).
Fun fact, because of ACC, bodily injury claims in NZ are uncommon, making General Liability here quite cheap, this changes when you require your policy to cover other parts of the world. |
Cyber Insurance: | If your contract involves tech integration or data handling. Pricing is reflective of your industry (e.g. more expensive for health, finance, or handling significant PII), and your controls. With that said, a budget of $2.5k should suffice for most early requirements. Be aware that cyber insurance is very exposed to market fluctuation and tech developments.
Where relevant, it can be cheaper to request insurance only for the scope of a trial or pilot to contain the presumed risk transfer. For example, it is cheaper to insure a trial of 6 customers with liability waivers in place using your product under your close supervision than it is to insure your product being sold unsupervised to the masses. |
Handling sensitive data: | Data handling at any meaningful scale changes your risk profile and your obligations under the Privacy Act. See Trigger 4 for a full breakdown of what this means and when cyber insurance becomes necessary. |
First employee: | You need $250k Employment Practices Liability, which can usually be bought alongside Directors and Officers Liability in a Management Liability package. This policy has the highest claims frequency for start-up insurance policies, with settlements ranging from $30k-$220k (for senior managers, which sometimes includes founders). |
You're regulated, or exposed to regulators (like Worksafe): | You need a $1M Statutory Liability policy. In most instances it costs $500-$1,500. This increases in more regulatorily exposed industries. This policy is generally only available for NZ regulatory investigations, but sometimes Australia as well. |
What is Still Overkill at this Stage
If you are not selling a product or service, do not buy insurance that covers your commercial activity. Insurance brokers and underwriters sometimes miss the nuance of pre-rev and post-rev risk in start-ups. For example, if you're a pre-rev company and your landlord requires General Liability insurance to cover damage you do to the property during your tenancy, make sure your insurance policy reflects this requirement. There is a big property damage and bodily injury risk gap between space laser development in the lab and space lasers launching up to space war.
As mentioned before, when you require cover for a narrow scope, make sure your insurance is tailored to fit that need.
Insuring your loss of gross profits when you don't have any is more common than you might think. Business Interruption policies shouldn't be bought at all for companies that can quickly revert to working from home. If your start up requires a physical premises to operate then you should buy limited business interruption cover for wages/salaries and additional increased cost of working (covers increased expenses like rent that occur following a widespread natural disaster).
When working with the insurance industry, use conservative revenue estimates. Premium calculations are in part based on your revenue expectations. Put the pitch deck on the shelf, and shoot for the lower end of your estimates.
Section 3- Required (Investors, Employees, Deals)
Trigger 1: An investor asked for D&O
Directors & Officers Liability (D&O) insurance pays for the defence costs and settlements for directors and officers when they are sued personally for decisions or actions they took in their leadership role.
Investors commonly ask for D&O to cover their personal exposure for taking a board position. This is pertinent for VCs, where a single investment advisor may be on 6-12 boards.
When you're pitching, everything you say is on the record. An investor with buyer's remorse can allege you misrepresented the business. Most policies don't cover this, and most brokers won't flag it. Cover is available for investor claims arising from alleged misrepresentation during the raise under good D&O policies.
For most start-ups, a $1M policy will suffice. A good policy will cost ~$2-5k per annum, and require you to complete a proposal form and provide either your financial statements or snapshots of your Profit & Loss sheet & Management Accounts. Be aware that many insurers apply additional cost and restrict cover for the start-up uncertainty factor.
Not all D&O policies are equal, and not all brokers understand startup risk. The three most common issues for startup D&O policies are exclusions for shareholder claims, insolvency events, and capital raise misrepresentations. A broker who primarily works with established businesses may not know that these can be included and how to achieve that. Ask any broker you speak to how many startup D&O policies they have placed in the last 12 months.
Trigger 2: A customer contract requires insurance
As you sign commercial contracts, leases, take on grant funding, or buy stalls at trade shows, you will inevitably be asked for a Certificate of Insurance (COI), or Certificate of Currency (they mean the same thing). A COI provides a summary of your insurance, used to prove that you comply with contractual requirements. It is common for vendors to check in each year near your renewal date to ensure that you keep cover in place.
The most common insurance requirements for contracts are:
General / Public Liability / Products Liability: Covers external claims against you relating to bodily injury / property damage. Typical limit is NZD $5M, but varies greatly depending on the contract, e.g. industrial scale tech will start at $20M requirements.
Professional Indemnity / Errors & Omissions Liability: Covers external claims alleging financial loss caused by your stuff ups. Typical limit requirement is $1M, can extend to $10M.
Cyber Liability: Covers your response costs and external claims relating to a privacy breach / cyber attack. Typical limit requirement is $1M.
Points 1 & 2 above see big cost and risk inflections as you scale internationally.
Allow yourself up to a month to get these policies in place, faster for simple, longer for more complex companies. Quite often, the insurance requirements are imposed by customers, so make sure to factor this into your pricing. Ask your broker for a cost estimate.
Trigger 3: Hiring your first employee
Unlike other countries, there are no statutory employment insurance requirements in New Zealand to carry employment insurance, however it is strongly recommended that you buy Employment Practices Liability (EPL) insurance once you've hired a permanent employee. Contractors and casual staff are more or less fine to employ without this insurance.
Some EPL policies require you to seek advice from a qualified employment lawyer before taking action. Failure to do so results in a much higher excess. The reason is that failure to take good advice usually results in bigger claims and settlements.
An EPL claim is often an ugly process with or without insurance. It involves personal allegations, often goes to mediation which takes a long time, and leaves everyone with a bitter taste in everyone's mouth. It takes months to resolve and costs anywhere between $30-$200k.
Trigger 4: Handling sensitive data at scale
The Privacy Act covers personal information that identifies a specific individual, even indirectly. An email address, a home address, a photo. It doesn't matter whether it's digital or on paper. What matters is whether someone could be identified from it.
If you're handling any of the following, stricter standards apply to you: biometric data, credit and financial information, health records, justice-related information, or civil defence data. Know which category you're in before you collect it. The best way to understand your obligations under the Privacy Act is to complete the free online training from the Office of the Privacy Commissioner.
The most common regulatory action isn't about the breach itself. It's about failing to notify. If a breach is likely to cause serious harm, you're required to notify both the Privacy Commissioner and the people affected. The fine starts at $10,000 and can reach $350,000 if proceedings go before the Human Rights Review Tribunal, though they haven't reached those heights yet.
The cyber threat landscape has shifted in ways that should concern any founder handling data:
Supply chain attacks doubled in 2025, meaning a threat actor doesn't need to breach your network if they can reach your data through a trusted third party. And vice versa if you are that trusted third party for your clients.
Phishing and credential abuse remain the dominant entry points, but the emerging frontier is agentic AI: autonomous systems that can handle 80-90% of an attack with minimal human involvement, scaling attacks fast and cheap.
For early-stage companies, insider threats are growing -- cybercriminal groups are actively recruiting disgruntled employees, turning a passive risk into a deliberate access strategy.
The cost of any one of these incidents isn't just remediation, it's the distraction and stress of a crisis event on limited capital. Most breaches are managed outside of the public eye, however it is reasonable to estimate that breaches for small business in NZ costs about $200k. As you take on international data, this can increase to USD $100-$400 per-record (depending on sector and data; higher for health and financial).
Cyber insurance funds your response when something goes wrong, but coverage varies greatly between insurers. A good policy covers the immediate costs: forensic investigation, legal advice, and customer notification. It can also cover business interruption losses if systems go down (including critical supplier systems), external liability if affected parties come after you, and in some cases social engineering fraud losses and ransom negotiations and payments.
What it doesn't do is prevent an attack. Insurers scrutinise controls like multi-factor authentication, access management, end point detection, incident response, staff training, etc. Buying cyber insurance gives you a fairly immediate to-do list in order to reduce premiums and increase cover. Insurers want to know you're in good shape before buying your risk.
Section 4- What Can Actually Go Wrong Before All of That
Personal exposure founders don't see coming
When you form a board or take on investors, you and your directors step into a higher tier of legal accountability. Directors carry personal liability, meaning claims don't stop at the company door. They can reach your home, your savings, your personal assets. The sources of those claims are broader than most founders expect: creditors, employees, regulators, and shareholders can all bring action, often on decisions that seemed reasonable at the time. With corporate insolvencies in New Zealand up nearly 50% year-on-year to mid-2025, this isn't abstract risk.
Founding a company is one of the most personally demanding things you can do. The financial pressure is real, the stress is real, and if things go wrong, the legal exposure arrives at exactly the wrong moment. Winding a company down is already brutal. Doing it while personally defending claims, funding your own legal costs, and watching a dispute consume the capital you worked to build is a different category of hard entirely.
In practice, we have seen painfully elongated legal processes against and sometimes between founders who are mentally, emotionally and financially tapped. So think about this when you form your board and set up your governance processes. Above all, make sure the company indemnifies (has your back) you for your actions as a director and officer of the company.
Also be aware of the "we're too small to sue" mentality. That may be true in stealth mode, even when you're pre-revenue to a certain extent. But consider this: If your technology disrupts large established companies, why wouldn't they try to sue you out of existence?
Startup Insurance FAQ - The risks that don't have a search term yet
Here are some questions we get asked often:
Does my insurance cover work done by contractors?
Hiring contractors is a smart way to keep headcount low and avoid employment disputes. But watch your insurance carefully. Most policies only cover work completed by permanent employees. If a contractor does damage under your company's name, you may find yourself holding the bill. Cover for contractors is available -- ask for it explicitly, and be aware your insurer may require the contractor to hold their own policy as well. This allows them to recover costs from the contractor's insurer if a claim arises. That mechanism is called subrogation, and it matters.
What happens when a client says I caused them a financial loss?
This usually arrives as a written demand, sometimes verbal, asking you to make things right. It can include allegations of IP theft from larger incumbents. If you have insurance, call your broker before you respond to anything. They will advise you how to make a claim and what your policy requires you to do. Your insurer will direct you to a law firm -- you can request your own counsel, but get permission first. In NZ, the main cost is usually legal fees followed by a settlement, with the total generally sitting below $100k. In the US, legal representation alone can reach USD $650k before you've resolved anything. Know this before you expand internationally.
My co-founder or a staff member stole our IP. Am I covered?
Get legal advice immediately. IP theft can constitute a criminal offence in New Zealand. It is also largely uninsurable: insurers don't cover criminal acts, and insurance is designed to be defensive, not offensive. A co-founder accused of theft may have access to defence costs under a policy, but if they're found guilty, that cover falls away. The real protection here isn't insurance. It's having watertight agreements in place before you need them.
I have informal work arrangements. What are my obligations?
The Employment Relations Act requires every employee to have a written agreement signed by both parties. No exceptions. Beyond the legal requirement, informal arrangements mean there are no defined parameters, which means everything is on the table if the relationship sours. Sort it early. The cost of getting this wrong dwarfs the cost of getting it right.
What Happens When Goes Wrong: Two Real Claims
The events below reflect real claims, anonymised to protect the identity of the companies.
Claim 1: Product recall, Wairarapa
A Wairarapa-based premium olive oil company spent eight years bootstrapping before taking on growth capital to push into luxury food retail in South-East Asia. The capital went into new bottle design, upgraded manufacturing, and a full product relaunch. Their first batch RRP $1.25M of product was ready to go.
The bottles arrived at retailers broken. Not a few, enough to stop the launch cold. The glass supplier blamed the cap manufacturer. The cap manufacturer returned the favour. Nobody was moving.
In the background, a bespoke product recall policy was in place. The claim was ugly, contested, and slow. But it paid out over $300k to pay the costs to get the product back on the shelves in time for their peak season. That working capital kept the company alive through six months of product testing, supplier disputes, and remanufacturing.
Without it, the runway would have run out.
Claim 2: Cyber breach, Wellington healthtech
A Wellington-based healthtech company held patient records for 340,000 people across New Zealand and Australia. A compromised contractor credential gave a threat actor 23 days inside their environment before anyone noticed.
What followed hit simultaneously: mandatory breach notifications in two jurisdictions with different rules and timelines, a contractual indemnity claim from their Australian hospital partner, forensic investigation to establish the full scope of exfiltration, and media coverage within 48 hours of notification going out.
A cyber policy was in place. The claim was ugly and took eight months to close with the founders buried in regulatory correspondence during what should have been a growth phase. But it paid across forensics, legal, dual-jurisdiction notifications, external liability, and crisis communications. Total payout was just over $1.1M.
The company kept the hospital contract. They're still operating.
Summary: The NZ Startup Insurance Decision Guide
Use this as your insurance reference point at every stage of startup growth.
Stage | When does this apply? | What changes for you? | What you should do |
Stage 0 - Ignore | No customers, no contracts, no employees, no investors | Customer interest, looking to hire, starting your capital raise. | Gather information: Talk to an insurance broker about a minimum viable insurance plan. Understand the cover, timing, and cost. Don't buy insurance. |
Stage 1 - Watch | You have started building. You have early users, informal agreements, or are handling some data. | Stakeholders might require that you carry insurance, or you have some genuine risk that worries you. | Buy smart. Buy insurance that covers your narrow risk, and lean on your legal agreements. Some examples: Your landlord requires insurance, cover that risk only. You land a pilot with a project with an insurance requirement: restrict the scope of the insurance policies to respond to that contract only. If handling data, buy a high quality policy with a modest limit (e.g. $250k). If buying expensive equipment, buy marine cargo and material damage insurance. |
Stage 2 - Act | You have paying customers, signed contracts, or are handling meaningful data. | Insurance becomes a thorn in your side, people keep asking for it and not having it can actively hamper operations. You're also taking on an uncertain amount of risk. | Put your minimum viable insurance in place, a combination of Professional Indemnity, General Liability, and Cyber Insurance. Price range $5k+ (risk / industry dependent). Ask your insurance broker if these policies cover you for your planned growth for the year ahead. |
Stage 3 - Required | Investors, employees, or enterprise customers are in the picture. | No avoiding it now! Your investors are asking for D&O Liability, enterprise customers have eye-watering insurance requirements and you're learning that employing people can cause headaches. | Investors require D&O. Good policies are hard to find at this stage, so use a broker with startup experience. Budget $1k-$5k. Enterprise customers rarely move on insurance requirements. Get a cost estimate from your broker early and factor it into your pricing. Before you let someone go, talk to a qualified employment lawyer. Employment disputes cost $30k-$250k depending on seniority and circumstances. Insurance helps, but good advice upfront costs far less than a messy claim. |
The Future of Risk & Insurance Advice
Partridge Advisory is a fee-for-service insurance brokerage specialising in tech and innovation companies. They have advised over 200 start-ups through their insurance journey, from first incorporation to global expansion, and work with founders at every stage of the risk curve.
Unlike traditional brokers, Partridge Advisory charges below market rates to early stage companies, with year one fees capped at 10% of premium, payable only if you place insurance through them.
⚡️ WFW Reader Offer: For all WFW readers, that cap applies from day one.
Quick Navigation:
Back to /w=1920,quality=90,fit=scale-down){kind=logo}
Subscribe for Updates
Stay on top of everything we ship - one email, once a month.
Join hundreds of NZ founders already on the list.
