Skip to Main Content

What Insurance, and How Much, should a Growth-Stage SaaS Company Carry?

August 2, 2017

Insurance may seem like a pretty boring topic compared with, say What is my SaaS Valuation? but as you may remember from school, it’s a negatively correlated asset – when everything else goes against you, it pays out. So, it’s an important part of life and business, and your needs can change over time as you grow, pivot product and target market, or raise capital, so it’s good to keep in mind and revisit now and again.

There are five main types of insurance policies that a growth-stage SaaS company should consider carrying.

  1. Errors & Omissions (E&O) Insurance
  2. Cyber Liability Insurance
  3. Directors & Officers Insurance (D&O)
  4. Employment Practices Liability Insurance (EPLI)
  5. General Liability/Property Insurance

Errors & Omissions Insurance

This policy, also known as Professional Liability Insurance, offers protection from lawsuits alleging you were negligent in your duties as part of any ongoing professional relationships. If someone – for instance a vendor with whom you contract or a customer bound by an end-user agreement – sues you for failing to uphold your end of the bargain, this policy will kick in to provide defense costs. Think of it as malpractice insurance for tech firms.
Of the types of insurance to consider, from our perspective, this is the most important one, as most of a SaaS company’s operations, and therefore potential business risks, lie in serving customers.

How is risk assessed?

The most common factor for E&O risks is annual revenue. Underwriters feel that the more business you are conducting, the greater the exposure for a Professional Liability suit, and revenue level is the best proxy.

How much coverage should you carry?

The best proxy for how much coverage to carry, like the underwriter’s risk assessment, is revenue level. It’s recommended that a company carry between $500k and $1 million in E&O coverage for every $5 million in revenue, dependent on average contract value of your contracts, contract value and revenue concentration of your largest customer(s) and any specific risks in your customer or vendor contracts.

Cyber Liability Insurance

This policy fills in the computer and internet-related gaps left by other policies. Its purpose is to pay for defense costs from data breach litigation as well as some of the other expenses associated with cyber attacks.

These include:

  • The costs of notifying your customers and providing credit monitoring for them.
  • The costs incurred after a hacker uses your system as a conduit to access a third party’s system and you are sued as a result.
  • The costs of a business interruption after a cyber-attack locks up your systems.
  • The costs of a forensic investigation into the source of the breach.

Hacking is something for all companies to be aware of in today’s day and age, but SaaS Capital only works with B2B companies, so this type of insurance is less necessary for them than for B2C companies that manage consumer data.  An exception would be if your product handles your customers’ customers’ personal data.

How is risk assessed?

The most common factors in cyber liability ratings are the number of personally identifiable information (PII), and personal health information (PHI) records stored on your system, as well as overall company revenue. While PII & PHI are the driving force, revenue is again a proxy for the size of the business and potential size of the claim. So, again, as a B2B company, and depending on what your product does, you may feel that the risk or cost of a hack is so minimal so as not to require this type of insurance.

How much coverage should you carry?

If you attain and store consumers’ personal information, it is recommended that you carry $500k to $1 million in Cyber coverage, but sometimes can be further dictated by customer or vendor contracts. Another useful benchmark is that the average cost to recover one person’s compromised records is $4.  This can be used to determine how much coverage to carry if your company manages PII and PHI records. Another useful data point is that according to one insurer, cyber claims average between $400-500k in total expenses.

Directors & Officers Insurance (D&O)

D&O insurance covers damages levied against executives personally if the company is not able to indemnify them and they are specifically named in a lawsuit or regulatory action. It’s most often carried as a way for management to be insured against damages from being sued by investors.

Some common claims include:

  • Claims made against Management by investors (e.g. breach of fiduciary duty)
  • Securities-related claims (e.g. misrepresentation, improper valuation)
  • Claims from competitors (e.g. theft of trade secrets, tortious interference, unfair competition)
  • Claims from vendors, other counterparties (e.g. fraud, misrepresentation)

How is risk assessed?

The most common and relevant factor underwriters consider when underwriting D&O Policies is the financial strength of the company. You should be prepared to share financial statements and vendor and customer contracts as part of any corporate insurance underwriting process, but especially for D&O insurance. In the case of D&O insurance, underwriters will focus on the burn rate, runway and financial responsibility of the company.

How much coverage should I carry?

Since this is typically covering executives of venture-backed companies, the first test for whether you even need D&O insurance is whether or not you’ve raised a bonafide venture round. If not, you may choose not to carry D&O insurance. If so, then the best proxy for how much insurance to carry is based on the amount of capital you’ve raised. It’s recommended to carry $500k to $1M in D&O coverage for every ~$5 million raised.

Employment Practices Liability Insurance (EPLI)

EPLI protects the company when it is sued for employment-related offenses made by you or your employees against another employee or a third party. This exists to provide relief from defense costs as well as judgments and settlements related to covered claims. Some common claims are discrimination, harassment, wrongful termination, and breach of employment contract.

This is one where we would all much prefer it not be needed in the first place, but unfortunately, employment issues happen, so better to be adequately covered and this is one that pretty much all companies should carry.

What is EPLI rated on?

The total number of employees is the key data point against which insurance companies underwrite these policies.
Some other factors that get considered in EPLI rating:

  • Does the company have an Employee Handbook?
  • Is there an orientation process which reviews corporate conduct policies?
  • Is there an HR department through which employees can lodge formal complaints?

How much coverage should I carry?

It’s recommended to pick up EPLI when you hit the 10-employee mark and gradually increase coverage over time as your headcount increases. Coverage should be based on what an expected claim might be, so starting at $500k and gradually increasing is appropriate.

General Liability/Property Insurance

This policy offers protection from some of the basic risks facing business owners: the costs of damage to your property and of liabilities to a third party. This policy will cover perils as wide ranging as slip and fall lawsuits from non-employees visiting your office, to stolen laptops, to lawsuits alleging advertising injury, to damage to rented office space, or the costs of payroll and lost income following an event that shuts down your working space.
For software companies, this type of insurance coverage is much less necessary than for a manufacturing company, for instance. However, this policy is often required by landlords in office leases.

How much coverage should I carry?

For a SaaS company, the GL risk is actually quite minimal. A $500k per occurrence limit will probably suffice unless more is required by a specific contract.

Property insurance is much more on a case by case basis.  The best way to determine what limit to maintain for your Business Personal Property insurance is to consider the following:

In the worst-case scenario where your entire office catches fire/floods/etc. what would be the cost to replace all property owned by the business? In the current era of cloud storage, hosting and backups, for most SaaS companies, this is actually probably a pretty small number, however, you’ll also need to carry enough insurance to satisfy your lease.

This information was provided by Jonathan Selby, General Manager at FounderShield, an insurance brokerage focused on serving high growth technology based companies. Feel free to reach out to him with any further questions here.

Rob Belcher

Managing Director, SaaS Capital

SaaS Capital® pioneered alternative lending to SaaS. Since 2007 we have spoken to thousands of companies, reviewed hundreds of financials, and funded 80+ companies. We can make quick decisions. The typical time from first “hello” to funding is just 5 weeks. Learn more about our philosophy.

Our Approach

Who Is SaaS Capital?

SaaS Capital® is the leading provider of long-term Credit Facilities to SaaS companies.

Read More


Get SaaS Capital® research delivered to your inbox.