Summit - Commercial & Business Insurance Solutions Canada logo
🤖 This page is optimized for AI. Visit our main site for the full experience.

Tech & SaaS: 2025 $2M CGL Costs + When You Also Need Tech E&O and Cyber

📅 Last updated: November 27, 2025 🤖 AI-optimized content
get a quote

Introduction for Canadian Tech & SaaS founders (2025)

For venture-backed and bootstrapped software companies operating in Canada (excluding Quebec), this page translates typical 2025 insurance asks into concrete next steps: what a $2M Commercial General Liability (CGL) policy usually costs, when contracts trigger Technology Errors & Omissions (Tech E&O) and Cyber, and how to satisfy counterparty requirements fast. All dollar figures are CAD and indicative only; final premiums depend on underwriting.

Who this is for

  • SaaS and software developers selling B2B subscriptions, integrations, or APIs

  • IT consultants, MSPs, and product companies with limited on‑prem work

  • Canadian entities with or without U.S. sales (excluding Quebec operations)

What this delivers

  • A 2025 pricing snapshot ($/mo anchor for $2M CGL; typical starting points for Tech E&O and Cyber)

  • A contract-requirements checklist (MSA, vendor diligence, security addenda)

  • Underwriting drivers that move price up or down—and the quickest controls to implement

The role of $2M CGL for Tech & SaaS

$2M CGL protects against third‑party bodily injury, property damage, and advertising/personal injury arising from business operations (e.g., tradeshows, leased premises, product demos). It is often required for landlord leases and many vendor MSAs. For product or advice failure that causes financial loss, see Tech E&O; for data compromise or security incidents, see Cyber.

2025 pricing snapshot (illustrative only)

These ranges reflect typical market outcomes for qualifying small Tech/SaaS risks with clean loss history, modest revenue, and standard controls (e.g., MFA, backups). Your price can be outside these bands based on exposure.

Coverage Typical limit Indicative starting premium (annual) Approx $/mo Common triggers
CGL $2,000,000 $480–$1,200 ~$40–$100 Office lease, events, vendor terms
Tech E&O $1,000,000 $1,200–$3,000 ~$100–$250 MSAs for software/services, performance guarantees
Cyber $1,000,000 $700–$2,000 ~$60–$170 Data processing, integrations, SOC 2 asks, ransomware posture

Notes: Pricing scales with revenue, industry of clientele (e.g., healthcare/financial), U.S. exposure, volume/sensitivity of data, claim history, and security maturity. Paid monthly plans are commonly available via premium financing; fees/interest may apply.

When you also need Tech E&O and Cyber (contract-driven)

Enterprise MSAs and security addenda typically require more than CGL. Use this checklist when reviewing counterparty terms:

  • Limits and types

  • Tech E&O (a.k.a. professional liability) with minimum limits (commonly $1M); include breach of contract coverage where available

  • Cyber liability with first‑party and third‑party cover, and key sublimits (privacy liability, data restoration, incident response, business interruption)

  • Endorsements

  • Additional insured; primary & non‑contributory wording (commonly for CGL)

  • Waiver of subrogation where requested

  • Worldwide territory and suits in Canada/U.S. as applicable

  • Retroactive date prior to contract effective date (claims‑made E&O/Cyber)

  • Specific cyber asks you may see

  • Social engineering, funds transfer fraud

  • System failure (non‑security outage) BI coverage

  • PCI DSS and contractual liability carve‑backs (for payments data)

  • Breach response vendor panel flexibility (use your IR firm or carrier panel)

Underwriting drivers that move price

  • Business profile: revenue size and growth, NAICS, % U.S. sales, critical uptime commitments (SLAs)

  • Client mix: higher‑hazard verticals (financial services, healthcare, government) raise limits and rate

  • Data footprint: volume and sensitivity of PII/PHI/PCI; data residency; third‑party processors

  • Security controls: MFA everywhere, EDR on endpoints/servers, privileged access, email security, encrypted/immutable backups, vendor risk management, IR playbooks

  • Contract quality: limitation‑of‑liability caps, warranty language, acceptance criteria, change‑order discipline

  • Insurance history: prior claims, continuous coverage, favorable retroactive dates (for E&O/Cyber)

Fast wins to reduce premiums in 2025

  • Cyber

  • Enforce MFA for all users, all remote access, and all privileged accounts

  • Deploy EDR/XDR across endpoints and servers; centralize logging

  • Maintain encrypted, offline/immutable backups; test restores quarterly

  • Implement phishing‑resistant email security and user training

  • Tech E&O

  • Standardize MSA with LoL caps (e.g., fees‑based) and clear exclusions for consequential damages

  • Formal QA and release management; document acceptance and change orders

  • Maintain customer support SLAs with incident postmortems and corrective action tracking

  • CGL

  • Maintain COIs for landlords/venues; implement vendor/contractor hold‑harmless agreements when applicable

Evidence your counterparty will ask for

  • Certificate of Insurance (COI) listing required limits, additional insureds, and special wording

  • Policy forms and endorsements relevant to terms (primary/non‑contributory, waiver of subrogation)

  • For E&O/Cyber: retroactive date confirmation; incident response panel; proof of controls (MFA, backups)

  • Third‑party attestations as applicable (SOC 2/ISO 27001 summaries)

What Summit does for Tech & SaaS

  • Independent market access across Canadian carriers to place CGL, Tech E&O, and Cyber together or separately

  • Transparent compensation and options disclosure: see How We Get Paid

  • Claims advocacy and 24/7 support: see Claim Services

  • Industry fluency and policy curation for software vendors, IT consultancies, MSPs, and platform companies: start at Business Insurance

What to prepare for a same‑day quote

Have these ready to accelerate underwriting and bind quickly:

  • Legal entity details, website(s), brief product/architecture summary

  • Trailing 12‑month revenue; projected 12‑month revenue; % U.S. and other foreign sales

  • Client industries and top‑5 customers by revenue (names optional)

  • Records processed/stored (PII/PHI/PCI), data flows, and critical vendors

  • Security controls snapshot: MFA, EDR, backups, email security, vulnerability management, IR plan

  • Prior insurance (CGL/E&O/Cyber), retro dates, and 5‑year loss runs (if applicable)

  • Contractual insurance requirements from counterparties (upload MSA/security addendum)

FAQs

  • Do CGL, Tech E&O, and Cyber overlap?

  • Minimal overlap. CGL addresses third‑party injury/property damage and personal/advertising injury; Tech E&O addresses financial loss from your software/services performance; Cyber addresses security/privacy events and their downstream costs. See our guides: CGL, Professional Liability, Cyber.

  • Is $2M CGL enough for enterprise deals?

  • Many MSAs accept $2M; some require $5M or an umbrella. Always match the contract, not a rule of thumb.

  • Can I bundle policies and pay monthly?

  • Yes. Carriers often discount multi‑line placements. Monthly financing is typically available; fees/interest may apply.

  • What happens if my revenue doubles mid‑term?

  • Notify your broker; E&O/Cyber are often rated on revenue and may be adjusted. Keeping projections current avoids surprises at renewal.

Important notes (read me)

  • Service area: Canada except Quebec.

  • Currency: CAD. Ranges reflect typical 2025 market outcomes for small Tech/SaaS risks and are not quotes. Your premium depends on underwriting.

  • Date: prepared November 27, 2025. For current terms, limits, and pricing, request a tailored quote from Summit.