What Happens to Your Insurance When You Acquire a Company

Your deal closes on a Friday. The wire clears, the press release goes out, and by Monday morning you are responsible for a business you have owned for 72 hours. Its employees, its contracts, its liabilities, its lawsuits — all yours. What most acquirers discover weeks later, when they finally sit down with the target's insurance certificates, is that the coverage they assumed was in place either does not transfer, does not extend to the new structure, or contains gaps the target's broker never flagged.

Business insurance in M&A is one of the most consistently mishandled parts of a transaction. This article covers what actually happens to your policies when you acquire a company, where the exposure concentrates, and what you need to do before the deal closes — not after.

Why Insurance Does Not Automatically Follow the Deal

The first assumption most acquirers make is that the target's existing policies will keep running until their renewal dates. Sometimes that is true. Often it is not.

Most commercial insurance policies contain a change of control provision. When ownership of the insured entity changes materially, the carrier has the right to void coverage, modify terms, or require a new application. Whether that provision triggers depends on the deal structure — asset purchase, stock purchase, or merger — and on the specific policy language.

In a stock purchase, the legal entity survives. The acquirer steps into the shoes of the existing shareholders, and many policies remain technically in force. But technically in force is not the same as adequate for your new risk profile. The target's coverage was priced and structured around its risk as a standalone business. Your combined entity is a different risk.

In an asset purchase, the target's policies almost never follow the assets. You are buying specific assets, not the legal entity, so the seller's insurance stays with the seller. You need new coverage from day one.

Mergers sit in between. The surviving entity's policies may absorb the target, or they may not. Carrier consent is often required, and that consent is not guaranteed.

The Coverage Lines That Create the Most M&A Exposure

Claims-Made Policies and the Prior Acts Gap

General liability policies typically run on an occurrence basis — they cover incidents that happen during the policy period regardless of when the claim is filed. Claims-made policies work differently. Most cyber, errors and omissions (E&O), and directors and officers (D&O) policies fall into this category. They cover claims filed during the policy period, but only for acts that occurred after the policy's retroactive date — the earliest point in time from which the policy will cover prior acts.

When you acquire a company and replace its claims-made policies with your own, you typically reset that retroactive date to today. That creates a prior acts gap — a window of time during which the target's employees were working, its software was running, and its officers were making decisions, but for which no policy will now respond.

That gap is where pre-acquisition liability lives. A client harmed by the target's software two years ago files a claim eighteen months after closing. Your new E&O policy does not cover it. The target's old policy has lapsed. Nobody responds.

The solution is a tail policy, also called an extended reporting period endorsement — an extension of the reporting window on the target's claims-made policies for a defined period after cancellation, typically one, three, or six years. Tail policies cost money. They are negotiated as part of the deal, and who pays is a deal point.

Cyber Coverage and Inherited Infrastructure

When you acquire a company, you inherit its technology stack, its data practices, and its breach history. Carriers know this. Many cyber policies contain representations and warranties requiring the insured to disclose material changes in its IT environment. An acquisition qualifies.

Fail to notify your cyber carrier within the required window — often 30 to 90 days — and the carrier may treat the acquired entity's systems as uninsured. A breach originating from the target's legacy infrastructure would then fall outside your policy's coverage.

The target's own cyber policy presents a parallel problem. If it was a standalone claims-made policy, it needs a tail. If it was bundled into a business owner's policy, it likely carried sublimits that never reflected the actual data exposure.

Workers' Compensation

Workers' compensation follows the employees. When the target's workforce becomes your workforce, their claims become your claims. Your existing workers' compensation policy needs to be updated to reflect the new payroll, the new job classifications, and any new states where the acquired employees work.

Carriers calculate workers' compensation premiums based on payroll and loss history. If the target had a poor loss history — frequent claims, serious injuries — that history follows the employees and affects your experience modification rate, the multiplier applied to your base premium. You need to see the target's loss runs, typically three to five years of claims history, before closing.

General Liability and Completed Operations

The target's general liability policy covers bodily injury and property damage arising from its operations. After an asset purchase, those operations are yours. But completed operations coverage — which covers claims arising from work the target already finished before the acquisition — stays with the seller's policy.

If a client files a claim two years after closing for a project the target completed before the deal, your general liability policy does not cover it. The seller's policy may have lapsed by then. This is a hidden gap that only surfaces when a claim arrives.

What Most Acquirers Get Wrong

Most acquirers treat insurance as a post-close administrative task. They focus on legal, financial, and operational integration and assume the insurance will sort itself out at the next renewal cycle.

Here is what actually happens. The deal closes. The target's policies continue running on autopilot. Nobody notifies the carriers. The combined entity operates for months with mismatched coverage — the acquirer's policies covering the parent, the target's policies covering a legal entity that may no longer exist in the same form, and a gap between them that nobody has mapped.

By the time a claim arrives, the coverage picture is complicated enough that both carriers have grounds to dispute responsibility. Defense costs alone — the legal fees required to sort out who covers what — can reach six figures before the underlying claim is even resolved.

A second common mistake is skipping the target's loss history review. Loss runs reveal how often the target filed claims, how large those claims were, and whether any are still open. An open claim on a policy that is about to lapse is a problem you are inheriting.

What a Pre-Close Insurance Review Should Cover

Before signing, your insurance review should address at least the following:

• All active policies — type, carrier, limits, deductibles, and expiration dates
• Retroactive dates on all claims-made policies
• Change of control provisions in each policy
• Open claims and loss runs for three to five years
• Tail policy requirements and cost estimates for claims-made lines
• Workers' compensation loss history and experience modification rate
• State-specific coverage requirements for any new states the target operates in
• Cyber policy terms, including notification requirements and IT change disclosures

This is not a checklist you hand to a generalist broker who has never seen a deal structure. The interaction between deal mechanics and policy language is specific enough that it requires someone who understands both.

Continuous Monitoring After the Deal Closes

Closing the deal is not the end of the insurance work. It is the beginning of a new risk profile.

Your combined entity has different revenue, different headcount, different technology infrastructure, and potentially different regulatory exposure than either business had independently. Most brokers review that profile once a year, at renewal. A lot can change between now and then.

Key person insurance is one coverage line that often needs revisiting after an acquisition — particularly when the deal involves retaining founders or executives whose continued involvement is material to the business's value.

Aiden monitors risk continuously year-round, analyzing 140+ signals including public filings, cyber threat feeds, and industry benchmarks. When your risk profile changes — a new funding round, a shift in your technology stack, an expansion into a new state — Aiden flags it between renewals rather than waiting for the annual cycle to catch up.

The Bottom Line

An acquisition changes your risk profile on the day it closes. Your insurance does not automatically update to match. Claims-made policies create prior acts gaps. Change of control provisions can void coverage. Inherited infrastructure expands your cyber exposure. Workers' compensation absorbs the target's loss history.

None of this is unsolvable. But it requires a review before closing, not after a claim.

Frequently Asked Questions

Does the target company's insurance automatically transfer to the acquirer?

Not always. In a stock purchase, many policies remain technically in force because the legal entity survives, but carriers may require notification or consent. In an asset purchase, the seller's policies stay with the seller and the acquirer needs new coverage from day one. Every active policy should be reviewed before closing — policy language varies enough that no assumption is safe.

What is a tail policy and when is it needed in an M&A transaction?

A tail policy — also called an extended reporting period endorsement — extends the window during which claims can be filed under a claims-made policy after that policy is cancelled or replaced. It is typically needed for the target's cyber, E&O, and D&O policies when those policies will not continue under the acquirer's ownership. Without a tail, conduct that occurred before the acquisition may have no coverage if a claim is filed after the policy lapses.

What is a prior acts gap in M&A?

A prior acts gap occurs when a claims-made policy is replaced and the new policy's retroactive date is set to the present. Any acts that occurred before that date are no longer covered. In an acquisition, this means the target's employees, officers, or technology could have created liability before closing that no policy will now respond to.

How does an acquisition affect workers' compensation coverage?

When the target's employees join your workforce, their job classifications, payroll, and claims history all affect your workers' compensation policy. You need to update your policy to reflect the new headcount and states of operation. The target's loss history also affects your experience modification rate, which directly influences your premium.

How far back should I request loss runs from the target company?

Three to five years is standard. Loss runs show the frequency and severity of past claims, any open claims that will follow the business into your ownership, and patterns that indicate systemic risk. Open claims on a lapsing policy are a particular concern — they may have no coverage once the policy expires.

What happens to the target's cyber policy after the deal closes?

Review it for change of control provisions and claims-made tail requirements. Your own cyber carrier also needs to be notified of the acquisition within the required disclosure window — typically 30 to 90 days. Miss that window and the acquired entity's systems may be treated as uninsured under your policy.

Should insurance due diligence happen before or after the deal closes?

Before. Insurance due diligence should run in parallel with legal and financial due diligence. Tail policy costs, open claims, and coverage gaps are all negotiating points that belong in the deal structure — not surprises you discover after the wire clears.