We love speaking to business owners of SAAS companies. Now this may sound very smug but we love it even more when those business owners have spent the last 3 or 4 years discussing their insurance needs with a general insurance provider then discover us. That is not a criticism of general insurance brokers, they would wipe the floor with us in lots of other areas. But we can answer all the questions and provide solutions for SAAS companies that other brokers simply can’t. Why is that? Well for the simple reason that we speak to SAAS companies every single day. We also speak to specialist technology insurers every day. We know the specific challenges affecting SAAS companies and from conversations with the insurers we work with we know the claims that are hitting those companies. We know this industry inside and out.
The one thing we have noticed about this sector, is the distant lack of expertise surrounding the question of ‘data’. SAAS companies are different to what you might call traditional software companies. As you might expect, we use software to help us run our business. By chance it’s NOT SAAS software, but a piece of software which sits on our IT infrastructure and is accessible to all our staff using our server. Some of our competitors use SAAS software. One significant difference between the two is data. Our software sits on our systems, and as a result all our data sits on our systems. Protecting that data is our responsibility and has nothing to do with the company that provides the software. On the other hand, when companies use software which is accessible over the internet (I.e. SAAS), often the data inputted on that software is sitting on the servers of the SAAS company. So the SAAS company is responsible for the security of that data and ensuring it’s accessible at all times.
We strongly believe that the risk profile between a provider of off the shelf software and a provider of SAAS is distinctly different because of the data. Where SAAS business owners can go wrong (and our broker competitors in the advice they provide) is understanding which insurance policy is responsible for claims relating to that data; is it the “cyber and data insurance” as the name might suggest or is it professional indemnity?
There isn’t actually a black and white answer. This is because it depends on the formation of the policies that you are purchasing, and I am afraid in some instances claims can be excluded if you are not buying the right policy with the right provider.
We help clients understand which insurance will cover the loss of data and how that insurance might respond. We also work with the insurers to ensure they
a) understand your software and
B) understand the data held on your systems, and what impact the comprising of that data may have