It is not is but when it will happen to you


Leighton Chenery TV-Bay Magazine
Read ezine online

Most businesses use "the cloud", either internally for services like payroll processing or an employee benefits portal, or externally for customer relationship management, data storage or payment processing. But how does this impact your Insurable Risk? No doubt, it definitely complicates things.

Many companies will improve their security by shifting to the cloud because, in most cases, they're working with providers that make security a top priority.

But, what about the liability?

Liability is a shared responsibility between the cloud provider and its customers. Both sides have to be aware of security to prevent a breach and it may not always be clear who is at fault when there is a security failure.

In tackling these issues we need to address three different perspectives:

  1. The cloud customer
  2. The cloud provider
  3. The insurer

Cloud Customers and Cyber Insurance

When it comes to the insurance policy, the good news is that insurers now do a fairly good job of recognising what constitutes the cloud.

Most cyber insurance policies include a third-party network that you have contracted with to support your company. So, if a breach happens, the policy will respond regardless of where the data was stored. But there are still questions about whose responsibility it is.

There are lots of misconceptions around the cloud and liability because many companies assume that they have transferred their risk when their data is in third-party hands. The reality is that in most cases, there's very little protection in terms of liability with cloud providers.

The first thing to understand about a cyber breach and the cloud is that the legal obligation rests with the company that initially accepted the data. Cloud providers have limited their liability and since the damages are generally restricted to direct costs, they would not cover all aspects of a breach. I.e. the cost of responding to regulators or dealing with customer lawsuits.

A good cyber insurance policy will cover those costs, as well as the direct expenses related to dealing with a breach. So having your own cyber insurance is critical to addressing the entire exposure of a breach.

Even if you have your own cyber insurance, it's a good idea to request the cloud provider to obtain their own cyber coverage to help fund a loss. They might be more willing to compensate you if the costs are not coming out of their pocket, and their contribution can help fund the excess costs if your cyber insurance limits are insufficient.

This is something you can and should negotiate with them before becoming a customer.

Another consideration worth noting is that if you rely on a third-party to transact business for you, and a security failure shuts them down, many cyber policies won't cover the resulting loss of profits and extra expenses.

If this is a real exposure for you, look specifically for Business Interruption cover or speak to your Broker to be fully protected.

Cloud Providers and Cyber Insurance

A data breach claim for a cloud provider is in reality a Professional Indemnity (PI) claim. In most cases, the cloud provider has no direct liability to the individuals whose data have been breached. However, there may be a claim from companies that use them as their cloud provider for failing in their performance of services (in this case, keeping the company's data secure).

Cloud providers need to make sure that their PI policy will respond to cyber-related claims, because a cloud customer may demand to be compensated for direct and third-party (liability) costs incurred as a result of the breach.

For example, a customer may say it cost them millions of pounds to deal with notifying their customers about the data breach, or that they lost business as a result of the provider's failure.

Keep in mind that even though a cloud provider contract limits liability, it's not clear how successful this contract would be when it's time to pay a claim. If the cloud provider is truly negligent, the court may decide that the liability limits on the contract will not apply.

Insurers and Cyber Policies

Insurers don't worry about A policy for the cloud provider, it's the threat of a single breach impacting multiple customers of the cloud provider.

If an insurer writes 10,000 policies for customers of one cloud provider, and every single one of them makes a claim because of a breach, that's an aggregation problem.

This is a challenging unknown because the exposure is not something insurers can easily map. In property underwriting, for example, insurers can analyse their aggregated exposure to floods by post code. Cyber underwriters are starting to ask more questions about the number and type of cloud providers their clients are using, but the data is largely anecdotal so far.

We fully expect insurers to figure out how to analyse their exposure on cyber policies and the cloud. Eventually, this could lead to limitations on insurance capacity, and insurers may decide that they can only handle a certain number of policies for customers of each cloud provider.

In conclusion, the cloud has provided extreme efficiencies for businesses and in many cases, improvements in security. Cyber threats continue to be a growing issue and add some complexity to the insurance and risk management decisions.

The bottom line is that when storing data in the cloud, your best bet is to ensure the risks are managed just as tightly as if you were storing it on your own systems.


Tags: iss114 | insurance | cyber | cloud | Leighton Chenery
Contributing Author Leighton Chenery

Read this article in the tv-bay digital magazine
Article Copyright tv-bay limited. All trademarks recognised.
Reproduction of the content strictly prohibited without written consent.

Related Interviews
  • Remote access-U-CPU enabling hybrid cloud computing from G&D at IBC 2019

    Remote access-U-CPU enabling hybrid cloud computing from G&D at IBC 2019

  • Xytech Mediapulse V9 Cloud platform with new user interface at IBC2019

    Xytech Mediapulse V9 Cloud platform with new user interface at IBC2019

  • The Teracue Application Cloud show at IBC 2018 (German version)

    The Teracue Application Cloud show at IBC 2018 (German version)

  • The Teracue Application Cloud show at IBC 2018

    The Teracue Application Cloud show at IBC 2018

  • Blue Lucy with BLAM3 and their very own cloud at IBC 2018

    Blue Lucy with BLAM3 and their very own cloud at IBC 2018

  • Playbox Cloud Air at IBC 2107

    Playbox Cloud Air at IBC 2107

  • Cloud Media Management with Medway from Marquis Broadcast at IBC 2017

    Cloud Media Management with Medway from Marquis Broadcast at IBC 2017

  • Hybrid Cloud Media Aggregation from Cantemo at NAB 2017

    Hybrid Cloud Media Aggregation from Cantemo at NAB 2017

  • Elemental Technologies cloud innovations at NAB 2016

    Elemental Technologies cloud innovations at NAB 2016

  • FORSCENE Cloud Editing at NAB 2015

    FORSCENE Cloud Editing at NAB 2015

  • ERA - Cloud Services - at BVE 2015

    ERA - Cloud Services - at BVE 2015

  • Aframe Cloud Video at IBC 2013

    Aframe Cloud Video at IBC 2013

  • Haivision: Video Cloud at NAB 2013

    Haivision: Video Cloud at NAB 2013

  • Object Based Storage Solutions from Object Matrix at NAB 2017

    Object Based Storage Solutions from Object Matrix at NAB 2017

  • New CEO and news update from TMD at NAB 2017

    New CEO and news update from TMD at NAB 2017

  • Prime Focus Technologies at IBC 2016

    Prime Focus Technologies at IBC 2016

  • Prime Focus Technologies at NAB 2016

    Prime Focus Technologies at NAB 2016

  • Playbox at IBC 2015

    Playbox at IBC 2015

  • ERA - Adobe Anywhere - at BVE 2015

    ERA - Adobe Anywhere - at BVE 2015

  • Grass Valley at BVE 2015

    Grass Valley at BVE 2015

  • NETIA at BVE 2015

    NETIA at BVE 2015

  • Forscene at IBC 2014

    Forscene at IBC 2014

  • Thomson Video Networks at IBC 2014

    Thomson Video Networks at IBC 2014

  • Comigo at IBC 2014

    Comigo at IBC 2014

  • ChyronHego Metacast at IBC 2014

    ChyronHego Metacast at IBC 2014

  • Elemental Technologies Software-Defined Video at NAB 2014

    Elemental Technologies Software-Defined Video at NAB 2014

  • Elemental Technologies HEVC solutions at NAB 2014

    Elemental Technologies HEVC solutions at NAB 2014

  • Elemental Technologies Multiscreen Solutions at NAB 2014

    Elemental Technologies Multiscreen Solutions at NAB 2014

  • ERA at BVE 2014

    ERA at BVE 2014

  • ERA Avere at BVE 2014

    ERA Avere at BVE 2014

  • Forbidden Technologies FORscene at BVE 2014

    Forbidden Technologies FORscene at BVE 2014

  • Forbidden Technologies FORscene App at BVE 2014

    Forbidden Technologies FORscene App at BVE 2014

  • Haivision on BroadcastShow LIVE at IBC 2013

    Haivision on BroadcastShow LIVE at IBC 2013

  • Front Porch Digital on BroadcastShow LIVE at IBC 2013

    Front Porch Digital on BroadcastShow LIVE at IBC 2013

  • Forbidden Technologies on BroadcastShow LIVE at IBC 2013

    Forbidden Technologies on BroadcastShow LIVE at IBC 2013

  • Cambridge Imaging Systems on BroadcastShow LIVE at IBC 2013

    Cambridge Imaging Systems on BroadcastShow LIVE at IBC 2013

  • Digital Vision on BroadcastShow LIVE at IBC 2013

    Digital Vision on BroadcastShow LIVE at IBC 2013

  • Haivision live encoding HEVC at IBC 2013

    Haivision live encoding HEVC at IBC 2013

  • Tedial at NAB 2013

    Tedial at NAB 2013

  • Haivision at NAB 2012

    Haivision at NAB 2012

  • Chyron at NAB 2012

    Chyron at NAB 2012

  • TSL at BVE 2012

    TSL at BVE 2012


Related Shows
  • Den Lennie and Larry Jordan - Cloud Editing BVE 2015

    Den Lennie and Larry Jordan - Cloud Editing BVE 2015


Articles
IP Technology for Broadcast Audio Routing Systems
Tom Knowles As the AoIP debate continues to confuse and delight in equal measure, what is clear is different scenarios require specific solutions. So is there a solution that encompasses open standards and existing proven AoIP technologies to the benefit of all?
Tags: iss139 | aoip | ssl | solid state logic | system T | dante | audinate | aes67 | st2110 | domain manager | Tom Knowles
Contributing Author Tom Knowles Click to read or download PDF
To Remotely Go - TVFutures
Michael Parsons One of my biggest concerns as an academic responsible for the education of hundreds of students is the ‘appropriateness’ of much of the technology we purchase and implement within the curriculum. The last few years have seen tremendous change in all sorts of technologies, and the broadcast industry is just one sector that has seen some significant leaps in innovation.
Tags: iss139 | university | portsmouth | graduation | guildhall | newtek | streaming | pxw-fs7 | ndi | ip | ndihx ptz camera | Michael Parsons
Contributing Author Michael Parsons Click to read or download PDF
Making Metadata Work
Bruce Devlin - new I dare say that if you’re a keen reader of my column then you will be brushing up on your Dutch pronunciation and acclimatising yourself to mayonnaise on your chips rather than ketchup. If you’re really keen then you’ll also be making sure that you practise your Dutch jokes about the Flemish to ensure you don’t accidentally tell a Flemish joke about the Dutch at 2am on Sunday morning in a local bar somewhere near the red light district in Amsterdam.
Tags: iss139 | metadata | class | mrmxf | ibc | mesa | Bruce Devlin - new
Contributing Author Bruce Devlin - new Click to read or download PDF
Original KVM or KVM over IP
Jochen Bauer Will the technology used in broadcasting solely consist of IP devices? For years, IP has been entering all areas of life. Especially control room applications as they are typically deployed in broadcasting benefit from the IP revolution in many ways. But an “IP-only broadcast world” is not yet here. Nevertheless, the trend clearly moves towards IP transmission, even though a large part of content production still uses traditional transmission paths. And therefore we continue to live in a hybrid world, using both original and IP-based technology. KVM experts Guntermann und Drunck still rely on both original KVM and KVM-over-IP™ to be able to offer their customers the best of both worlds.
Tags: iss139 | kvm | gdsys | guntermann and drunck | kvm-over-ip | Jochen Bauer
Contributing Author Jochen Bauer Click to read or download PDF
The Future of Broadcast Connectivity
Jamie Adkin The use of KVM equipment has been essential to meet the evolving needs of the broadcast industry for many years. Over that time, many in the industry have recognised the importance of using IP-enabled KVM to break down technological barriers and enable real-time access to visuals wherever and whenever they’re needed. These components are vital parts in live production environments in particular.
Tags: iss139 | adder | kvm | ip kvm | Jamie Adkin
Contributing Author Jamie Adkin Click to read or download PDF