Overview of the SaaS industry

If there’s one “new” industry that has entrenched itself with no signs of going away, it’s Software as a Service (SaaS). It evolved from the days of a few mail-order software companies into a vast landscape of cloud-based behemoths with steady subscription-based revenue, low overhead and plenty of happy customers.

Companies categorized under this industry include Microsoft, SalesForce, Cisco, Adobe, Amazon Web Services, Slack and Zendesk. And those are just a few. These giants are setting the standard for how tech companies deliver their services, whether to other businesses or direct to consumers.

The value this model adds for innovators and their clients is undeniable and reflected in the growth of the industry. Two key points made by Forbes:

  • The total global public cloud market will be $178B in 2018, up from $146B in 2017, and will continue to grow at a 22% compound annual growth rate (CAGR).
  • Forrester predicts that more than 50% of global enterprises will rely on at least one public cloud platform to drive digital transformation and delight customers.
cloud usage growth

Some of the biggest risks SaaS companies face

Data Breaches

Data breaches are when sensitive information is data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. IBM study estimated that the average cost for companies who are victims of cyber attacks is a whopping $141 per record.

Cyber Attacks

SaaS companies are often victims of cyber crime such as DDoS attacks and randsomewear attacks. These attacks can lead to data being stollen or destroyed. The average cost of a cyber attack for enterprises grew from $1.2 million in 2016 to $1.3 million in 2017.

System Failures

By nature SaaS companies are heavily reliant on back end & front end systems and third party services providers for their applications, servers and data services. Any outages, downtimes or failures can result in lawsuits from customers who rely on their platforms to run their business.

Why is Insurance for Software as a Service Companies Important?

SaaS companies need their service to be as stable, fast and effective as advertised, but service outages can come from anywhere. Anything from routine system maintenance to targeted DDoS or cyber extortion attacks can trigger a business interruption. If the service fails (whether it’s because of an attack on their system or the system of a critical vendor like AWS) and then clients lose money, SaaS companies will have to pay the price in the form of lost income or, worse, lawsuits.

The damage to the company’s value, reputation, customer confidence can be significant after system failures and data breaches. Microsoft experienced this early on, soon to be followed by the likes of YahooLinkedIn, and Adobe.

Moving beyond the more technical, computer-based crises that can happen, there’s also the possibility of a more traditional failure in the company’s professional service. Sometimes a more carefully tailored professional liability (E&O) policy will also be required to cover unique exposures. An accounting software provider will want Tech E&O coverage in case a glitch causes a client some sort of financial loss, but what about run-of-the-mill accounting errors? Those would be excluded from a Tech E&O policy so a separate Accountant’s E&O policy may be necessary.

Some of the largest SaaS data breaches in history

Yahoo (2013)

m accounts

LinkedIn (2012)

m accounts

Adobe (2013)

m accounts

Weebly (2016)

m accounts

Protect Yourself and Your Organization

What Insurance do SaaS companies need?

Cyber Insurance

What it covers:
This protects your organization from lawsuits, fines and penalties arising out of a hacking attack or data breach. It can also reimburse the company for its direct expenses such as breach notification costs, credit monitoring, data restoration and forensic analysis.

Why you need it?:
If you collect any sort of personal or organizational information, have a “login” feature on your site, integrate with another organization’s systems in any way, have employees who could fall for a phishing scam, generate online content such as blog posts or even simply rely heavily on email communications, you need cyber liability insurance. SaaS companies are highly visible targets for hackers and, as such, should be protected.

Intellectual Property Insurance

What it covers:
Protects the company and its intellectual property. Policies can work two ways: 1. Defense policies provide legal defense costs if you are sued for an IP infringement 2. Abatement policies help cover the cost of enforcing your own IP rights

Why you need it?:
IP litigation is common and expensive. Companies in innovative, disruptive and/or competitive spaces may face suits from both competitors and patent trolls. For the latter, just having this policy in-force can act as a deterrent. In the case of competitors who may have a more valid claim, the policy provides much needed capital so that the company’s balance sheet doesn’t have to take the hit. (Not to mention the benefit of partnering with an experienced claims team who can guide you through the process).

Directors & Officers Insurance

What it covers:
Protects the company and key individuals from liability related to the management of the organization. Companies that indemnify their executives against certain covered claims can turn to their D&O policy for reimbursement. In addition, if the organization itself is named in a suit, the policy would defend the entity.

Why you need it?:
Ensures the company and its leadership is protected from legal liability related to allegations of breach of fiduciary duty and other management-related claims. It provides the capital required to absorb certain legal costs without mortgaging the future of the entire organization.

Professional Liability Insurance (E&O)

What it covers:
Also referred to as “Errors & Omissions ” or “malpractice” insurance. It covers the SaaS companies if an act, error, or omission committed in the course of the company’s performance of professional services is alleged to have caused a financial loss for a third party.

Why you need it?:
Complex litigation expensive and there’s a lot that can go wrong for financial technology companies in particular. The policy responds to the threat of professional service disputes by paying legal fees and judgments or settlements that result from a lawsuit for an alleged failure in the provision of professional services.

Workers Compensation & Employers Liability

What it covers:
Provides a legally required coverage protecting employees if they are physically injured or get sick while on the job. Legal requirements vary state-by-state so be sure to research the laws in each state where you have employees located.

Why you need it?:
Fines could be imposed on any company that doesn’t comply with their state’s workers comp laws. Employers liability coverage also provides valuable legal defense costs if a lawsuit develops in connection with the injury or illness outside of what standard Workers Compensation covers.

Property Insurance

What it covers:
Building coverage protects properties that are owned, while business personal property coverage reimburses for covered damage to the contents of a building. Lost income and extra expenses caused by a covered loss can also be addressed by business interruption coverage.

Why you need it?:
Any company with a physical presence runs the risk of their physical property being damaged or destroyed. If you hold large amounts of inventory or own equipment you’ll often have a lot at stake. On top of that, renting temporary office space after a fire is a surprise cost that no business needs to be caught off guard by.

Employment Practices Liability Insurance

What it covers:
Protects the organization and its management by paying the costs of defending against certain suits from employees or investigations from government agencies. Common claims include allegations of harassment, discrimination, retaliation, and wrongful termination.

Why you need it?:
If you or the organization itself is named in such a claim, the coverage would defend you and pay the judgment or settlement against you. Keep in mind how easy it is for an employee to start an action that requires a legal defense.

General Liability Insurance

What it covers:
Covers the organization from some of the fundamental risks that come with running an SaaS organization, such as ‘slip and fall’ claims, damage to a third party’s property, products liability claims, damage to rented space, and personal or advertising injury claims.

Why you need it?:
It forms the foundation of any risk management program. On top of protecting the company from legal liability caused by bodily injury or property damage, this coverage is usually required in contracts like office leases and vendor agreements.

Crime Insurance

What it covers:
Protects the company from loss caused by certain illegal activities. Unlike many other commercial insurance policies, it has nothing to do with defending against lawsuits from third parties. This policy instead reimburses the company itself for losses of money, securities or other tangible property that it directly experiences.

Why you need it?:
Most businesses are exposed to the risk of criminal activity. This insurance protects your company from crimes committed within the company itself as well crimes committed by people or other factors outside of your company. Common claims include:

  • Employees stealing money from the company or clients.
  • Inadvertently accepting stolen credit cards, counterfeit credit card numbers or payments from unauthorized users
  • Non-employees stealing from the company’s office or from the premises of the company’s bank.
  • Robbery of valuables while in transit under the care of a messenger or armored car.
  • Computer and wire transfer fraud.

How it Works

Create Profile

Get Quotes

Sleep Well

SaaS companies we work with

Learn more about insurance for SaaS companies

Vendors, cities, partners, investors, etc.— often require specific insurance policies as a part of a contract. We breakdown why and what you need to know
Read More
Partnering with the right cloud provider is essential. Google Cloud outline how to mitigate cyber risk through trust, security, and proper cyber insurance.
Read More
Featured on the OpenView Partners blog. Carl breaks down risk management for SaaS-based companies.
Read More