Duty to defend pays your legal costs; duty to indemnify pays the judgment or settlement.
A "duty to defend" policy means the insurer must pay for your legal defense from the start of a claim. A "duty to indemnify" policy pays covered amounts but the insurer does not control the defense—it typically advances defense costs as they are incurred rather than paying afterward. Most GL policies include duty to defend. Public-company D&O is usually written without a duty to defend (the insurer advances defense costs and you choose counsel), while private-company and startup D&O is often written on a duty-to-defend basis—so check your specific form. Cyber policies vary widely—many modern cyber policies actually provide a duty to defend, appointing breach and defense counsel from a carrier panel, while others operate on a reimbursement basis.
General Liability (GL) policies typically include duty to defend—the insurer pays legal fees from day one. D&O is typically duty to indemnify (reimbursement)—the insurer generally advances defense costs as they are incurred and pays covered amounts. Most modern cyber policies (and many Tech E&O policies) are duty to defend—the carrier triggers breach response and appoints/pays panel counsel—though some still operate on a reimbursement basis.
Definitions are educational and may be modified by your specific policy language, endorsements, and state rules. For regulatory guidance, refer to the California Department of Insurance or the NAIC.
Last updated: July 2026.