It is not is but when it will happen to you


Leighton Chenery TV-Bay Magazine
Read ezine online

Most businesses use "the cloud", either internally for services like payroll processing or an employee benefits portal, or externally for customer relationship management, data storage or payment processing. But how does this impact your Insurable Risk? No doubt, it definitely complicates things.

Many companies will improve their security by shifting to the cloud because, in most cases, they're working with providers that make security a top priority.

But, what about the liability?

Liability is a shared responsibility between the cloud provider and its customers. Both sides have to be aware of security to prevent a breach and it may not always be clear who is at fault when there is a security failure.

In tackling these issues we need to address three different perspectives:

  1. The cloud customer
  2. The cloud provider
  3. The insurer

Cloud Customers and Cyber Insurance

When it comes to the insurance policy, the good news is that insurers now do a fairly good job of recognising what constitutes the cloud.

Most cyber insurance policies include a third-party network that you have contracted with to support your company. So, if a breach happens, the policy will respond regardless of where the data was stored. But there are still questions about whose responsibility it is.

There are lots of misconceptions around the cloud and liability because many companies assume that they have transferred their risk when their data is in third-party hands. The reality is that in most cases, there's very little protection in terms of liability with cloud providers.

The first thing to understand about a cyber breach and the cloud is that the legal obligation rests with the company that initially accepted the data. Cloud providers have limited their liability and since the damages are generally restricted to direct costs, they would not cover all aspects of a breach. I.e. the cost of responding to regulators or dealing with customer lawsuits.

A good cyber insurance policy will cover those costs, as well as the direct expenses related to dealing with a breach. So having your own cyber insurance is critical to addressing the entire exposure of a breach.

Even if you have your own cyber insurance, it's a good idea to request the cloud provider to obtain their own cyber coverage to help fund a loss. They might be more willing to compensate you if the costs are not coming out of their pocket, and their contribution can help fund the excess costs if your cyber insurance limits are insufficient.

This is something you can and should negotiate with them before becoming a customer.

Another consideration worth noting is that if you rely on a third-party to transact business for you, and a security failure shuts them down, many cyber policies won't cover the resulting loss of profits and extra expenses.

If this is a real exposure for you, look specifically for Business Interruption cover or speak to your Broker to be fully protected.

Cloud Providers and Cyber Insurance

A data breach claim for a cloud provider is in reality a Professional Indemnity (PI) claim. In most cases, the cloud provider has no direct liability to the individuals whose data have been breached. However, there may be a claim from companies that use them as their cloud provider for failing in their performance of services (in this case, keeping the company's data secure).

Cloud providers need to make sure that their PI policy will respond to cyber-related claims, because a cloud customer may demand to be compensated for direct and third-party (liability) costs incurred as a result of the breach.

For example, a customer may say it cost them millions of pounds to deal with notifying their customers about the data breach, or that they lost business as a result of the provider's failure.

Keep in mind that even though a cloud provider contract limits liability, it's not clear how successful this contract would be when it's time to pay a claim. If the cloud provider is truly negligent, the court may decide that the liability limits on the contract will not apply.

Insurers and Cyber Policies

Insurers don't worry about A policy for the cloud provider, it's the threat of a single breach impacting multiple customers of the cloud provider.

If an insurer writes 10,000 policies for customers of one cloud provider, and every single one of them makes a claim because of a breach, that's an aggregation problem.

This is a challenging unknown because the exposure is not something insurers can easily map. In property underwriting, for example, insurers can analyse their aggregated exposure to floods by post code. Cyber underwriters are starting to ask more questions about the number and type of cloud providers their clients are using, but the data is largely anecdotal so far.

We fully expect insurers to figure out how to analyse their exposure on cyber policies and the cloud. Eventually, this could lead to limitations on insurance capacity, and insurers may decide that they can only handle a certain number of policies for customers of each cloud provider.

In conclusion, the cloud has provided extreme efficiencies for businesses and in many cases, improvements in security. Cyber threats continue to be a growing issue and add some complexity to the insurance and risk management decisions.

The bottom line is that when storing data in the cloud, your best bet is to ensure the risks are managed just as tightly as if you were storing it on your own systems.


Tags: iss114 | insurance | cyber | cloud | Leighton Chenery
Contributing Author Leighton Chenery

Read this article in the tv-bay digital magazine
Article Copyright tv-bay limited. All trademarks recognised.
Reproduction of the content strictly prohibited without written consent.

Related Interviews
  • The Teracue Application Cloud show at IBC 2018 (German version)

    The Teracue Application Cloud show at IBC 2018 (German version)

  • The Teracue Application Cloud show at IBC 2018

    The Teracue Application Cloud show at IBC 2018

  • Blue Lucy with BLAM3 and their very own cloud at IBC 2018

    Blue Lucy with BLAM3 and their very own cloud at IBC 2018

  • Playbox Cloud Air at IBC 2107

    Playbox Cloud Air at IBC 2107

  • Cloud Media Management with Medway from Marquis Broadcast at IBC 2017

    Cloud Media Management with Medway from Marquis Broadcast at IBC 2017

  • Hybrid Cloud Media Aggregation from Cantemo at NAB 2017

    Hybrid Cloud Media Aggregation from Cantemo at NAB 2017

  • Elemental Technologies cloud innovations at NAB 2016

    Elemental Technologies cloud innovations at NAB 2016

  • FORSCENE Cloud Editing at NAB 2015

    FORSCENE Cloud Editing at NAB 2015

  • ERA - Cloud Services - at BVE 2015

    ERA - Cloud Services - at BVE 2015

  • Aframe Cloud Video at IBC 2013

    Aframe Cloud Video at IBC 2013

  • Haivision: Video Cloud at NAB 2013

    Haivision: Video Cloud at NAB 2013

  • Be More with Clear from Prime Focus Technologies at NAB 2017

    Be More with Clear from Prime Focus Technologies at NAB 2017

  • Object Based Storage Solutions from Object Matrix at NAB 2017

    Object Based Storage Solutions from Object Matrix at NAB 2017

  • New CEO and news update from TMD at NAB 2017

    New CEO and news update from TMD at NAB 2017

  • Prime Focus Technologies at IBC 2016

    Prime Focus Technologies at IBC 2016

  • Prime Focus Technologies at NAB 2016

    Prime Focus Technologies at NAB 2016

  • Playbox at IBC 2015

    Playbox at IBC 2015

  • ERA - Adobe Anywhere - at BVE 2015

    ERA - Adobe Anywhere - at BVE 2015

  • Grass Valley at BVE 2015

    Grass Valley at BVE 2015

  • NETIA at BVE 2015

    NETIA at BVE 2015

  • Forscene at IBC 2014

    Forscene at IBC 2014

  • Thomson Video Networks at IBC 2014

    Thomson Video Networks at IBC 2014

  • Comigo at IBC 2014

    Comigo at IBC 2014

  • ChyronHego Metacast at IBC 2014

    ChyronHego Metacast at IBC 2014

  • Elemental Technologies Software-Defined Video at NAB 2014

    Elemental Technologies Software-Defined Video at NAB 2014

  • Elemental Technologies HEVC solutions at NAB 2014

    Elemental Technologies HEVC solutions at NAB 2014

  • Elemental Technologies Multiscreen Solutions at NAB 2014

    Elemental Technologies Multiscreen Solutions at NAB 2014

  • ERA at BVE 2014

    ERA at BVE 2014

  • ERA Avere at BVE 2014

    ERA Avere at BVE 2014

  • Forbidden Technologies FORscene at BVE 2014

    Forbidden Technologies FORscene at BVE 2014

  • Forbidden Technologies FORscene App at BVE 2014

    Forbidden Technologies FORscene App at BVE 2014

  • Haivision on BroadcastShow LIVE at IBC 2013

    Haivision on BroadcastShow LIVE at IBC 2013

  • Front Porch Digital on BroadcastShow LIVE at IBC 2013

    Front Porch Digital on BroadcastShow LIVE at IBC 2013

  • Forbidden Technologies on BroadcastShow LIVE at IBC 2013

    Forbidden Technologies on BroadcastShow LIVE at IBC 2013

  • Cambridge Imaging Systems on BroadcastShow LIVE at IBC 2013

    Cambridge Imaging Systems on BroadcastShow LIVE at IBC 2013

  • Digital Vision on BroadcastShow LIVE at IBC 2013

    Digital Vision on BroadcastShow LIVE at IBC 2013

  • Haivision live encoding HEVC at IBC 2013

    Haivision live encoding HEVC at IBC 2013

  • Tedial at NAB 2013

    Tedial at NAB 2013

  • Haivision at NAB 2012

    Haivision at NAB 2012

  • Chyron at NAB 2012

    Chyron at NAB 2012

  • TSL at BVE 2012

    TSL at BVE 2012


Related Shows
  • Den Lennie and Larry Jordan - Cloud Editing BVE 2015

    Den Lennie and Larry Jordan - Cloud Editing BVE 2015


Articles
Trade shows and their role in the wired world
Richard Baker Historically trade shows afforded an opportunity to collect the latest brochures relevant to the visitor's chosen industry or career path. Today there seems little reason to store data of any kind, let alone paper brochures, when information is so easily accessible online. Brochure back-packing at exhibitions has become a rare sight, rarer still since the security clampdown on visitor luggage at exhibitions. Today's efficient show delegate need only carry a mobile phone and, in deference to tradition, a bundle of business cards. The phone doubles as a snapshot camera, video camera, dictaphone, email reader, internet browser, Skype communicator, and so on.
Tags: iss133 | finepoint | ibc | nab | kitplus show | bve | Richard Baker
Contributing Author Richard Baker Click to read or download PDF
The Biggest Toy Shop in the World
Emma Morrison When Nigel Woodford started his career at BBC Wood Norton in 1962, television was black and white and BBC Two had not yet been launched. In 2018 Nigel will retire, and Richmond Film Services, the pro-audio equipment rental company set up by Nigel in 1973, can count numerous contributions to iconic moments in British cultural, sporting and film history over this time.
Tags: iss133 | richmond film services | audio rental | auction | liquidity | go-dove | Emma Morrison
Contributing Author Emma Morrison Click to read or download PDF
What is next in OTT
Mary Kay Evans In the past year alone, we’ve seen a substantial increase in the amount of OTT content that’s being streamed. In the first quarter of 2018, there’s been a 114 percent year-over-year growth in streaming video hours, and those numbers are only expected to rise. With OTT revenue predicted to reach $16.6B in 2018, a 40% gain over last year, there’s no question that OTT is booming, and that there’s never been a more critical time to pay attention to the space.
Tags: iss133 | ott | verizon | cisco | Mary Kay Evans
Contributing Author Mary Kay Evans Click to read or download PDF
Ride along on the Tour de Tech at IBC
Lorna Garrett Finding your way through the halls and aisles of the massive IBC can feel a bit like attempting to complete all 21 stages of the Tour de France — but in far fewer days. But have no fear; your team at Garland is all geared up and ready to show you the best on show at this year's exhibition.
Tags: iss133 | garland | liveu | lu600 | media excel | teracue | wisi | broadcast wireless systems | bws | artel | ibc | Lorna Garrett
Contributing Author Lorna Garrett Click to read or download PDF
The Pace of Change
Dick Hobbs - new

The youngest human to stand on the moon (so far) was Charles Moss, the lunar module pilot of Apollo 16. Charlie had a wonderful claim: his father witnessed the Wright Brothers’ first flight at Kitty Hawk, and lived to see his son on the moon.

Does anything capture the speed of technological advance better than that? The whole of the history of powered flight in one lifetime.

Tags: iss133 | state of the nation | st2110 | st2110-10 | Dick Hobbs - new
Contributing Author Dick Hobbs - new Click to read or download PDF