SaaS Risk – lawyers working with SaaS companies



Lawyers and SaaS companies make interesting bed fellows. The two quite often have different views of what outcomes should look like in commercial contracts. For a startup SaaS company they are working to get their company up and running, to onboard customers as fast as possible and often look at six to twelve month timeframes, if not shorter. For a lawyer the core goals of their role are around risk mitigation and understanding the long term impacts of legal decisions that are made during the contracting process. A disconnect can occur when startups are required to shift risk appetites based on the continuous new information that they are receiving.

Let’s image a situation where a startup that is sitting at $1million in ARR has a large enterprise company in the sales pipeline with a $300,000 ARR contract on the line. That customer won’t budge on an unlimited liability cap in contract negotiations. In this case a friction arises between the startup and need to grow ARR to stay alive and success and the legal advice and the lawyers need to be provide guidance that is in the best interest of protecting the business. So how do SaaS companies and lawyers work though these situations to give the best results? One of the best ways to do this is looking at the risk profile of a startup companies product offering.

Lawyers should understand the companies risk profile

The risk profile of a company is not its appetite for risk but the level of risk outcomes that are associated with the work that they do. A lot of SaaS companies think of risk with a framework of the likelihood of an outcome and the downside attached to it. As examples of this we could look at the framework for multiple risk outcomes associated with the SaaS contract as mentioned above.

SaaS Risk

Risk of accepting or not accepting contract liability

  1. Data Breach

    • Likelihood of SaaS Risk – Very Low

    • Outcome – Very bad/risk to business continuality

    • Can be managed with renegotiation

  2. Loss of sale by not accepting

    • Likelihood of SaaS Risk – Certain

    • Outcome – Bad/slowdown of growth, threatens future funding

  3. Large liability in contract when signed

    • Likelihood of SaaS Risk – Certain

    • Outcome – Minimal/addressed with renegotiation at next renewal/aim to rectify before next funding event

By laying out the options that are associated with this decision making process we can start to understand why risk profile and the nuances around it are important. The largest risk involved in this view of a negotiation is that of a data breach and the liability clause being invoked. To better understand the risk profile of a business is to better understand how the business mitigates that risk in the actions it takes and in how the business is build.

Some SaaS businesses have very limited access to user information and private intellectual property of their customers. When a SaaS company really only uses the users email address, name and password to allow them to use the product then we understand how this would reduce the level of risk associated to a breach outcome.

Other functions that affect the risk associated to outcomes such as this are the security protocols that businesses have in place to keep data encrypted and the IT infrastructure that allows a company to provide its product.

An understanding of these parts of the startup that lawyers are working with will help them to better understand the risk associated with decisions. On top of this, gathering an understanding of the use case of customers who use the product is important to start to build negotiation and communication skills that can be used to get customers to meet you in a middle ground for negotiations. It is always prudent to capture the customer use case as part of your SaaS pipeline deal desk process.

Lawyers should always be open to learning more about the product that their contracts are based on. The real world applications of data and products can have a very large influence on how easy it becomes to negotiate with customers for software contracts. Taking these ideas and building out a risk profile on the potential outcomes of decisions and the likelihood of those outcomes will help both lawyers and startups to work together more effectively when contracting.