Software as a Service (SaaS): Conversation starters

For SaaS companies, the main source of claims is breach of contract. Contracts often include guarantees or warranties, such as a delivery deadline or the product’s ability to perform to the expected level. While these promises are essential to trading, they also expose SaaS businesses to significant risks if something goes wrong—and when it does, the contract is often the first place a client’s legal team will look.

To safeguard against these risks, robust tech errors and omissions (E&O) insurance is essential. Policies should not only provide comprehensive breach of contract cover, but afford coverage for other E&O exposures such as misrepresentation and misstatement.  

System outages can be a significant issue for SaaS companies, disrupting their clients’ operations and potentially leading to reputational damage and financial loss. Whether caused by a cyber event such as a ransomware attack, a glitch, design fault or a simple human error, clients can hold their SaaS provider responsible for an outage.

A modular technology E&O package policy should offer protection against E&O and cyber exposures, ensuring cover for losses stemming from outages. Comprehensive policies, like CFC’s, provide coverages with separate limits of liability.

Electronic funds transfers have become a prime target for cybercriminals. By hacking into email accounts and impersonating trusted contacts, they send fraudulent payment instructions that can be very difficult to detect. These scams are especially dangerous as cybercriminals study their victims’ payment patterns and often operate through legitimate, compromised email accounts. Once payments are diverted, banks rarely succeed in recovering the funds, leaving the victim to bear the losses.

CFC’s tech E&O policy includes a cybercrime section that offers unlimited reinstatements in the aggregate for unrelated events. This ensures insured businesses remain protected throughout the policy term, even if multiple events occur.

Many SaaS companies handle third-party data, such as personally identifiable information (PII) or corporate information. If this data is subjected to unauthorized access or disclosure, the SaaS provider may be required to notify affected individuals, incurring costs and reputational harm. While the SaaS provider may not be the ultimate data controller, they act as the data processor and so are still liable in the event of a breach.

A robust tech E&O policy should include privacy and security liability coverage. To help insureds through an incredibly challenging time such as a breach, CFC not only covers the costs associated with privacy and security events but also provides access to our in-house incident response team at nil deductible—helping to minimize the incident’s impact and get the business back up and running, fast.

SaaS providers often pride themselves on having technology that’s ‘the best in the business’. While that may be true, competitors might not see it the same way. Some might claim the software’s functionality, a specific line of code or even their patent has been infringed upon, leading to potential legal disputes.

CFC’s tech E&O policy is designed to cover intellectual property (IP) infringement. Our dedicated IP team supports insureds in patent-related disputes, both for the defense and pursuit of claims.