Currently most SaaS suppliers and SaaS customers do not take out specific cyber insurance and rely upon the provisions of a general insurance policy to cover liabilities in the event of a claim for a cyber incident or a data breach. This is partly due to the fact that few insurers offer adequate cyber insurance policies and SaaS customers and SaaS suppliers often fail to consider the need for a specialist policy of insurance to ensure that they are covered in the event of a claim being denied under a general insurance policy.
General Insurance
Many insurers may not have anticipated providing cover against cyber risks under their general insurance policies and it is likely that disputes will arise as to whether or not a cyber claim is covered when a SaaS supplier or SaaS customer makes a claim. Taking out cyber insurance could reduce this risk.
Professional Indemnity Insurance
Commonly PI insurance covers directors insurance, property risk and some limited cyber cover. However as cyber risks are becoming more common for SaaS suppliers and SaaS customers there is an increasing need to specifically protect against cyber risks i.e. hacking, DNS attacks, phishing etc.
Future Need for Cyber Insurance
Cyber insurance is often seen as too expensive by SaaS suppliers and SaaS customers and they actively chose not to purchase such additional insurance cover.
From the 25th of May 2018, when the new Data Protection Regulation (GDPR) comes into effect there will be a substantial increase in the risk of a cyber claim for a data breach. It is important to be aware that the GDPR applies to all SaaS customers and SaaS suppliers in the EU and any non-EU located SaaS customers and SaaS suppliers offering goods or services in the EU or who monitor the behaviour of EU data subjects. Accordingly the GDPR will apply to UK SaaS customers and SaaS suppliers regardless of if, and when, there is a “Brexit”.
GDPR Fines
The GDPR imposes more onerous obligations on both data processors and data controllers. In particular, the fines which can be applied by any EU data protection authority for breach of the GDPR will increase substantially. Fines of up to €20 million or 4% of global annual turnover for the preceding financial year can be imposed.
Summary
SaaS suppliers and SaaS customers need to consider now the need to increase existing insurance cover to encompass the above changes to data protection law, and when doing so, it could be prudent to consider taking out specialist cyber insurance.
Help
Irene Bodle is an IT lawyer specialising in SaaS agreements with over 10 years experience in the IT sector. If you require assistance with any SaaS, ASP, software on demand contracts or any other IT legal issues contact me:
irene.bodle@bodlelaw.com
www.bodlelaw.com
To register for my newsletter click here
______________________________________________________
Other related articles:
- SaaS Agreements – Liability – Covering the Risks with Insurance
- SaaS Agreements – Data Protection – New Obligations for SaaS Suppliers
- SaaS Agreements – Data Protection – New Obligations for SaaS Customers
- SaaS Agreements – Data Protection – Amending EU Model Clauses
- SaaS Agreements – Data Protection – Privacy Shield Update
- SaaS Agreements – Data Protection – Privacy Shield Approved
- SaaS Agreements – Data Protection – Microsoft Irish Data Centre Decision
- SaaS Agreements – Legal Implications of a Brexit
- SaaS Agreements – Data Protection – Brexit and the GDPR
- SaaS Agreements – FAQs – What is SaaS and Essential Terms to include in a SaaS Agreement
- SaaS Agreements – Essential Elements
- SaaS Agreements – Essential Elements – SLAs Explained
- SaaS Agreements – Data Protection – New General Data Protection Regulation (GDPR)
- SaaS Agreements – Data Protection – Transfer of Data Outside the EEA
- SaaS Agreements – Data Protection – Which Law Applies
- SaaS Agreements – Data Protection – The Patriot Act
- SaaS Agreements – Data Protection – Russian Data Centres