Higher adoption of the cloud, digital transformation, and the unprecedented rise of AI and machine learning (ML) are just some of the things that helped Software-as-a-Service (SaaS) companies continue to expand in 2023.
Unsurprisingly, the sector is set to be worth $197 billion by the end of the year and is expected to grow to $232 billion by the end of the next. And not for nothing: this year, VCs poured almost half of their capital into companies with SaaS business models.
As we gaze into the promising horizon of the future, it’s imperative to acknowledge potential challenges and risks facing the insurance SaaS industry in 2024. Persistent cybercrimes, intellectual property litigation, and emerging regulations could pose obstacles to the sector’s advancement, underscoring the importance of conducting a comprehensive threat assessment for every SaaS startup. Delve into the top five legal risks confronting insurance SaaS enterprises in the upcoming year and explore effective strategies for mitigating them in an ever-evolving digital landscape.
1. Cybersecurity and Data Breaches
According to Gartner, security and risk management spending will increase 14% in 2024. The consulting giant has also named continuous threat exposure management (CTEM) one of its top 10 strategic technology trends for next year. And SaaS companies should take this news to heart. A recent report showed that four out of five surveyed businesses identified cybersecurity incidents in the past year.
So, the industry’s expansion isn’t coming without the pains of heavy cybercrime. For companies, this means losing clients’ trust in their product, as thousands of sensitive information could be on the line with each breach. Plus, to top it all off, IBM has reported that the average cost of data breaches has gone up to $4.45 million in 2023 — meaning they’re also the costliest scenarios for SaaS enterprises.
Given the cost and likelihood of cyberattacks, emerging companies must consider protecting against these consequences. Cyber liability insurance, for example, helps those in the SaaS industry in the case of third-party lawsuits stemming from cyberattacks and steps up in the aftermath of these events to support data restoration and cost reimbursement.
2. Intellectual Property Infringement
Software companies aren’t immune to copyright infringement. Take the case of Google vs. Oracle in 2021, where these two tech giants clashed when Oracle found thousands of lines of source code and Java programming language APIs in Google’s early version of the Android operating system. After two years of legal back and forth, the Supreme Court ruled in favor of Google, alleging their use of Oracle’s API was fair.
While copyright litigations can cost $278,000 on average, trademark lawsuits could cost $2 million. And in such a competitive market, full of emerging companies and numerous software innovations, the smallest slip could be considered an infringement and be contested in a court of law.
SaaS businesses must protect their software assets to avoid unintentional similarities or theft from competitors. One way to do this is by getting IP indemnity, a clause that protects businesses from infringement risks and providing cost reimbursement. This is one of the benefits of IP insurance, which protects a company’s property — from copyrighted codes to patented platform designs — and covers them in case of claims. In a sector with massive high-growth opportunities, one can never be too careful.
3. Service Interruptions and System Failures
Fortune recently reported that cloud outages are increasing, citing Microsoft Azure and Google Cloud’s downtime earlier this year as some of the most prominent SaaS incidents so far in 2023. But why are they so important? Nowadays, several moving pieces in a business function through cloud-based SaaS services: its communication platform, software and even database service.
This dependence on providers also means downtime tends to be a costly affair — $365,000 per hour in 2023, to be exact. The same can be said about system failures, which could be software glitches, a code bug, or any error built directly into the SaaS system (which happens a lot after system updates). And, because systems can be unpredictable and human error is unavoidable, SaaS companies must equip themselves to deal with the aftermath of these events.
A crucial step for companies is including a limitation of liability clause in service agreements. That way, the SaaS provider protects itself from paying damages in specific situations, like power outages outside its control. For issues directly related to the service, companies seek help from insurance companies to alleviate the legal and financial burden of such incidents. Business Interruption insurance is a good place to start to get support in case of oversight or inadequate work lawsuits.
4. Compliance and Regulatory Changes
Nothing is certain except death, taxes, and regulatory changes. For SaaS companies, this is especially true since the industry deals with a myriad of financial, security, and data components that intertwine with other industries as well. So, businesses must stay on top of compliance trends to make the necessary changes in their product. This keeps them trustworthy to clients and in check with the law.
For example, just this year, American states like Virginia and Utah followed suit after California enforced GDPR-inspired laws — known for being wildly different and more strict than American laws. Although only five states have joined so far, some expect more to join them soon. Such laws that mimic what the EU has been doing for years translate into more data privacy accountability from SaaS companies, giving data ownership back to individuals who can set boundaries on who and what personal data companies can see.
As a result, providers have to run different versions of their service depending on their region or make massive shifts to accommodate a global scale.
But this is just the tip of the iceberg. SaaS companies must become chameleons that easily and quickly adapt to these changes, from software tweaks to internal policies and terms and conditions updates to clients. Ticking all compliance and regulatory boxes is a priority for an industry that keeps expanding, innovating, and widely relying on venture capital to become successful.
In trying to meet these new demands, businesses are better off appointing a Chief Compliance Officer (CCO) who solely focuses on the hurdles of the area. In this role, the one in charge will be monitoring industry changes, communicating with every department about new modifications and successfully enforcing them in the company.
On the other hand, companies can get extra help by acquiring insurance that covers regulatory fines and penalties — often through Directors and Officers insurance. Doing so often mitigates the heavy burden of the financial losses that come with such penalties. To ensure businesses are getting the right coverage, insurers assess the insurability of fines and penalties depending on industry specificities, like being a provider of legal software, communications software, database storage, etc.
5. Contractual Liabilities
When selling their services, SaaS companies must draft a contract outlining their rights and responsibilities as a vendor. And much like service interruptions and systems failures, it’s impossible to predict when things will go wrong and cause a breach of these terms. For example, SaaS agreements usually include a Service Level Agreement (SLA) informing of the service’s minimum performance standard to assure customers that downtime will seldom happen — where the minimum is 99.9%.
Data privacy and ownership, payments, and cybersecurity are also included in SaaS agreements, outlining how the provider handles customer data, how, when and what amount the client will pay and safety measures against cyberattacks. However, extensive outages, data leaks, and many other unprecedented issues that result in breach of contract might put SaaS companies in legal hurdles.
If an indemnity clause isn’t included, exempting the provider from legal responsibility in certain situations, then clients have grounds to sue the company for the damages caused. And, as discussed in previous scenarios, data breaches and service interruptions can be costly for SaaS companies.
To further protect themselves from financial and legal losses, companies can seek a Contractual Liability Insurance Policy (CLIP), which acts as a safety net whenever they need to fulfill their responsibilities for a breach of contract, mitigating any financial impacts.
Emerging Risks: The Unknowns of 2024
2024 looks like a promising year for the SaaS industry: A few companies are set to go the Initial Public Offering (IPO) route and inflation is decreasing while interest rates reach their peak and die down. Plus, after such a tough 2023, things can only look up, right?
However, this ever-evolving market can quickly become chaotic and difficult to pin down, and that’s where risks arise. To start, next year, companies like Unicommerce and Databricks have the chance to IPO. While this can help reactivate VC investments, going public can also bring its own set of risks — like post-acquisition litigation.
On the other hand, a recent report shows that sales cycles have become longer for SaaS businesses in 2023, and it seems like an upward trend into the coming year, with the biggest issue being payment bottlenecks. A lack of flexible payment options has stalled contract creation, the report cites, with contract values decreasing as well.
Lastly, as AI takes center stage in the tech sector, we might see more copyright and data privacy cases stemming from generative AI usage in the industry. SaaS companies must heavily monitor their usage of this technology with trust, risk, and security management strategies to ensure they stay compliant in the IP and data safety departments.
Key Components for Successful Risk Mitigation
With these evident risks posing threats in 2024, it’s undeniable that SaaS companies need the most support they can get to ensure continued business success. So, to stay compliant, safe, accountable, and operational, leaders must constantly run assessments with each department (IT, accounting, compliance, and so on) to identify potential threats and growth opportunities.
Furthermore, SaaS insurance is a necessary tool for businesses to weather any storm, be it legal or financial. Alongside insurance experts, companies can identify their weak spots and growth areas that need the most protection, creating specialized coverage tailored to the potential and evolving risks of the business’ adjacent industries.
New Year, New Opportunities
As we head into another promising year for the SaaS industry, it’s important to keep detractors like cybersecurity, IP infringement, service downtime, regulations and compliance and contractual liabilities in mind to run into as little disruption as possible.
Also, remember to have constant conversations with your insurance brokers so your protection is as updated as possible, reducing risks to a minimum in a landscape where threats evolve by the minute.
At Founder Shield, we know that for SaaS, cyberattacks make up some of the industry’s biggest headaches. So, start your 2024 by knowing the best cyber risk management strategies to protect your company and ensure its success. Download our Cyber Risk Management Guide to stay informed on the top vulnerabilities and the gaps your business might need to fill in.