It is not is but when it will happen to you


Leighton Chenery TV-Bay Magazine
Read ezine online

Most businesses use "the cloud", either internally for services like payroll processing or an employee benefits portal, or externally for customer relationship management, data storage or payment processing. But how does this impact your Insurable Risk? No doubt, it definitely complicates things.

Many companies will improve their security by shifting to the cloud because, in most cases, they're working with providers that make security a top priority.

But, what about the liability?

Liability is a shared responsibility between the cloud provider and its customers. Both sides have to be aware of security to prevent a breach and it may not always be clear who is at fault when there is a security failure.

In tackling these issues we need to address three different perspectives:

  1. The cloud customer
  2. The cloud provider
  3. The insurer

Cloud Customers and Cyber Insurance

When it comes to the insurance policy, the good news is that insurers now do a fairly good job of recognising what constitutes the cloud.

Most cyber insurance policies include a third-party network that you have contracted with to support your company. So, if a breach happens, the policy will respond regardless of where the data was stored. But there are still questions about whose responsibility it is.

There are lots of misconceptions around the cloud and liability because many companies assume that they have transferred their risk when their data is in third-party hands. The reality is that in most cases, there's very little protection in terms of liability with cloud providers.

The first thing to understand about a cyber breach and the cloud is that the legal obligation rests with the company that initially accepted the data. Cloud providers have limited their liability and since the damages are generally restricted to direct costs, they would not cover all aspects of a breach. I.e. the cost of responding to regulators or dealing with customer lawsuits.

A good cyber insurance policy will cover those costs, as well as the direct expenses related to dealing with a breach. So having your own cyber insurance is critical to addressing the entire exposure of a breach.

Even if you have your own cyber insurance, it's a good idea to request the cloud provider to obtain their own cyber coverage to help fund a loss. They might be more willing to compensate you if the costs are not coming out of their pocket, and their contribution can help fund the excess costs if your cyber insurance limits are insufficient.

This is something you can and should negotiate with them before becoming a customer.

Another consideration worth noting is that if you rely on a third-party to transact business for you, and a security failure shuts them down, many cyber policies won't cover the resulting loss of profits and extra expenses.

If this is a real exposure for you, look specifically for Business Interruption cover or speak to your Broker to be fully protected.

Cloud Providers and Cyber Insurance

A data breach claim for a cloud provider is in reality a Professional Indemnity (PI) claim. In most cases, the cloud provider has no direct liability to the individuals whose data have been breached. However, there may be a claim from companies that use them as their cloud provider for failing in their performance of services (in this case, keeping the company's data secure).

Cloud providers need to make sure that their PI policy will respond to cyber-related claims, because a cloud customer may demand to be compensated for direct and third-party (liability) costs incurred as a result of the breach.

For example, a customer may say it cost them millions of pounds to deal with notifying their customers about the data breach, or that they lost business as a result of the provider's failure.

Keep in mind that even though a cloud provider contract limits liability, it's not clear how successful this contract would be when it's time to pay a claim. If the cloud provider is truly negligent, the court may decide that the liability limits on the contract will not apply.

Insurers and Cyber Policies

Insurers don't worry about A policy for the cloud provider, it's the threat of a single breach impacting multiple customers of the cloud provider.

If an insurer writes 10,000 policies for customers of one cloud provider, and every single one of them makes a claim because of a breach, that's an aggregation problem.

This is a challenging unknown because the exposure is not something insurers can easily map. In property underwriting, for example, insurers can analyse their aggregated exposure to floods by post code. Cyber underwriters are starting to ask more questions about the number and type of cloud providers their clients are using, but the data is largely anecdotal so far.

We fully expect insurers to figure out how to analyse their exposure on cyber policies and the cloud. Eventually, this could lead to limitations on insurance capacity, and insurers may decide that they can only handle a certain number of policies for customers of each cloud provider.

In conclusion, the cloud has provided extreme efficiencies for businesses and in many cases, improvements in security. Cyber threats continue to be a growing issue and add some complexity to the insurance and risk management decisions.

The bottom line is that when storing data in the cloud, your best bet is to ensure the risks are managed just as tightly as if you were storing it on your own systems.


Tags: iss114 | insurance | cyber | cloud | Leighton Chenery
Contributing Author Leighton Chenery

Read this article in the tv-bay digital magazine
Article Copyright tv-bay limited. All trademarks recognised.
Reproduction of the content strictly prohibited without written consent.

Related Interviews
  • Remote access-U-CPU enabling hybrid cloud computing from G&D at IBC 2019

    Remote access-U-CPU enabling hybrid cloud computing from G&D at IBC 2019

  • Xytech Mediapulse V9 Cloud platform with new user interface at IBC2019

    Xytech Mediapulse V9 Cloud platform with new user interface at IBC2019

  • The Teracue Application Cloud show at IBC 2018 (German version)

    The Teracue Application Cloud show at IBC 2018 (German version)

  • The Teracue Application Cloud show at IBC 2018

    The Teracue Application Cloud show at IBC 2018

  • Blue Lucy with BLAM3 and their very own cloud at IBC 2018

    Blue Lucy with BLAM3 and their very own cloud at IBC 2018

  • Playbox Cloud Air at IBC 2107

    Playbox Cloud Air at IBC 2107

  • Cloud Media Management with Medway from Marquis Broadcast at IBC 2017

    Cloud Media Management with Medway from Marquis Broadcast at IBC 2017

  • Hybrid Cloud Media Aggregation from Cantemo at NAB 2017

    Hybrid Cloud Media Aggregation from Cantemo at NAB 2017

  • Elemental Technologies cloud innovations at NAB 2016

    Elemental Technologies cloud innovations at NAB 2016

  • FORSCENE Cloud Editing at NAB 2015

    FORSCENE Cloud Editing at NAB 2015

  • ERA - Cloud Services - at BVE 2015

    ERA - Cloud Services - at BVE 2015

  • Aframe Cloud Video at IBC 2013

    Aframe Cloud Video at IBC 2013

  • Haivision: Video Cloud at NAB 2013

    Haivision: Video Cloud at NAB 2013

  • Object Based Storage Solutions from Object Matrix at NAB 2017

    Object Based Storage Solutions from Object Matrix at NAB 2017

  • New CEO and news update from TMD at NAB 2017

    New CEO and news update from TMD at NAB 2017

  • Prime Focus Technologies at IBC 2016

    Prime Focus Technologies at IBC 2016

  • Prime Focus Technologies at NAB 2016

    Prime Focus Technologies at NAB 2016

  • Playbox at IBC 2015

    Playbox at IBC 2015

  • ERA - Adobe Anywhere - at BVE 2015

    ERA - Adobe Anywhere - at BVE 2015

  • Grass Valley at BVE 2015

    Grass Valley at BVE 2015

  • NETIA at BVE 2015

    NETIA at BVE 2015

  • Forscene at IBC 2014

    Forscene at IBC 2014

  • Thomson Video Networks at IBC 2014

    Thomson Video Networks at IBC 2014

  • Comigo at IBC 2014

    Comigo at IBC 2014

  • ChyronHego Metacast at IBC 2014

    ChyronHego Metacast at IBC 2014

  • Elemental Technologies Software-Defined Video at NAB 2014

    Elemental Technologies Software-Defined Video at NAB 2014

  • Elemental Technologies HEVC solutions at NAB 2014

    Elemental Technologies HEVC solutions at NAB 2014

  • Elemental Technologies Multiscreen Solutions at NAB 2014

    Elemental Technologies Multiscreen Solutions at NAB 2014

  • ERA at BVE 2014

    ERA at BVE 2014

  • ERA Avere at BVE 2014

    ERA Avere at BVE 2014

  • Forbidden Technologies FORscene at BVE 2014

    Forbidden Technologies FORscene at BVE 2014

  • Forbidden Technologies FORscene App at BVE 2014

    Forbidden Technologies FORscene App at BVE 2014

  • Haivision on BroadcastShow LIVE at IBC 2013

    Haivision on BroadcastShow LIVE at IBC 2013

  • Front Porch Digital on BroadcastShow LIVE at IBC 2013

    Front Porch Digital on BroadcastShow LIVE at IBC 2013

  • Forbidden Technologies on BroadcastShow LIVE at IBC 2013

    Forbidden Technologies on BroadcastShow LIVE at IBC 2013

  • Cambridge Imaging Systems on BroadcastShow LIVE at IBC 2013

    Cambridge Imaging Systems on BroadcastShow LIVE at IBC 2013

  • Digital Vision on BroadcastShow LIVE at IBC 2013

    Digital Vision on BroadcastShow LIVE at IBC 2013

  • Haivision live encoding HEVC at IBC 2013

    Haivision live encoding HEVC at IBC 2013

  • Tedial at NAB 2013

    Tedial at NAB 2013

  • Haivision at NAB 2012

    Haivision at NAB 2012

  • Chyron at NAB 2012

    Chyron at NAB 2012

  • TSL at BVE 2012

    TSL at BVE 2012


Related Shows
  • Remote working in post production with DNAFabric from StorageDNA

    Remote working in post production with DNAFabric from StorageDNA


Articles
How to successfully buy AV and Broadcast Equipment at Auction
Dan Main

Perhaps you wouldn't expect an auctioneer to tell you this - but yes, there are risks to buying equipment at auction; just probably not the risks that you think.

So what are the real risks to buying at auction, and how can they be managed?

Tags: auction | tips | buying at an auction | fraud | auction risks | Dan Main
Contributing Author Dan Main Click to read
AJA Video Systems - Ki Pro GO User Review with Spellbinder Films
Ben Sherriff The Ki Pro GO is a portable multi-channel H.264 recorder offering up to 4-channels of simultaneous HD and SD recording to off the shelf USB drives with redundant recording capabilities. Our friend Ben Sherriff tales a look
Tags: AJA | ki pro go | dit | h.264 | recorder | live events | usb recording | 10bit | Ben Sherriff
Contributing Author Ben Sherriff Click to read
In Ear Monitors Help The Cast And Crew of Americas Got Talent Cope With Covid19 Restrictions
KitPlus Capturing performances for television is a stressful business, especially if the programme is being filmed live. You want everything to be perfect but you are also aware that many things can go wrong, even with the best laid plans.
Tags: bubblebee | inear | sidekick | KitPlus
Contributing Author KitPlus Click to read
ERA IaaS at University of Salford
KitPlus The University of Salford (UoS) is widely recognised in both academic and professional circles as a leading educational establishment in acoustics and media production. In 2011 the University moved its television and radio courses from its main campus just outside Salford city centre into the Orange Tower on the main piazza of MediaCityUK (MCUK).

This purpose-built hub for broadcasters, facility houses and production companies was created when redevelopment of the old Salford Quays docks area began in 2007. UoS was among the first institutions to consider moving to MCUK, along with the BBC, which had already committed to transfer many of its departments from London.

Tags: era | salford university | university of salford | seagate | mcuk | KitPlus
Contributing Author KitPlus Click to read
ITN using Densitron Intelligent Display System across multiple news programmes
KitPlus Impressed by the system’s flexibility, ITN has gradually rolled-out the IDS solution for display and control applications across ITV, Channel 4 and Channel 5 news output
Tags: ids | densitron | itn | newsroom | display | KitPlus
Contributing Author KitPlus Click to read