It is not is but when it will happen to you


Leighton Chenery TV-Bay Magazine
Read ezine online

Most businesses use "the cloud", either internally for services like payroll processing or an employee benefits portal, or externally for customer relationship management, data storage or payment processing. But how does this impact your Insurable Risk? No doubt, it definitely complicates things.

Many companies will improve their security by shifting to the cloud because, in most cases, they're working with providers that make security a top priority.

But, what about the liability?

Liability is a shared responsibility between the cloud provider and its customers. Both sides have to be aware of security to prevent a breach and it may not always be clear who is at fault when there is a security failure.

In tackling these issues we need to address three different perspectives:

  1. The cloud customer
  2. The cloud provider
  3. The insurer

Cloud Customers and Cyber Insurance

When it comes to the insurance policy, the good news is that insurers now do a fairly good job of recognising what constitutes the cloud.

Most cyber insurance policies include a third-party network that you have contracted with to support your company. So, if a breach happens, the policy will respond regardless of where the data was stored. But there are still questions about whose responsibility it is.

There are lots of misconceptions around the cloud and liability because many companies assume that they have transferred their risk when their data is in third-party hands. The reality is that in most cases, there's very little protection in terms of liability with cloud providers.

The first thing to understand about a cyber breach and the cloud is that the legal obligation rests with the company that initially accepted the data. Cloud providers have limited their liability and since the damages are generally restricted to direct costs, they would not cover all aspects of a breach. I.e. the cost of responding to regulators or dealing with customer lawsuits.

A good cyber insurance policy will cover those costs, as well as the direct expenses related to dealing with a breach. So having your own cyber insurance is critical to addressing the entire exposure of a breach.

Even if you have your own cyber insurance, it's a good idea to request the cloud provider to obtain their own cyber coverage to help fund a loss. They might be more willing to compensate you if the costs are not coming out of their pocket, and their contribution can help fund the excess costs if your cyber insurance limits are insufficient.

This is something you can and should negotiate with them before becoming a customer.

Another consideration worth noting is that if you rely on a third-party to transact business for you, and a security failure shuts them down, many cyber policies won't cover the resulting loss of profits and extra expenses.

If this is a real exposure for you, look specifically for Business Interruption cover or speak to your Broker to be fully protected.

Cloud Providers and Cyber Insurance

A data breach claim for a cloud provider is in reality a Professional Indemnity (PI) claim. In most cases, the cloud provider has no direct liability to the individuals whose data have been breached. However, there may be a claim from companies that use them as their cloud provider for failing in their performance of services (in this case, keeping the company's data secure).

Cloud providers need to make sure that their PI policy will respond to cyber-related claims, because a cloud customer may demand to be compensated for direct and third-party (liability) costs incurred as a result of the breach.

For example, a customer may say it cost them millions of pounds to deal with notifying their customers about the data breach, or that they lost business as a result of the provider's failure.

Keep in mind that even though a cloud provider contract limits liability, it's not clear how successful this contract would be when it's time to pay a claim. If the cloud provider is truly negligent, the court may decide that the liability limits on the contract will not apply.

Insurers and Cyber Policies

Insurers don't worry about A policy for the cloud provider, it's the threat of a single breach impacting multiple customers of the cloud provider.

If an insurer writes 10,000 policies for customers of one cloud provider, and every single one of them makes a claim because of a breach, that's an aggregation problem.

This is a challenging unknown because the exposure is not something insurers can easily map. In property underwriting, for example, insurers can analyse their aggregated exposure to floods by post code. Cyber underwriters are starting to ask more questions about the number and type of cloud providers their clients are using, but the data is largely anecdotal so far.

We fully expect insurers to figure out how to analyse their exposure on cyber policies and the cloud. Eventually, this could lead to limitations on insurance capacity, and insurers may decide that they can only handle a certain number of policies for customers of each cloud provider.

In conclusion, the cloud has provided extreme efficiencies for businesses and in many cases, improvements in security. Cyber threats continue to be a growing issue and add some complexity to the insurance and risk management decisions.

The bottom line is that when storing data in the cloud, your best bet is to ensure the risks are managed just as tightly as if you were storing it on your own systems.


Tags: iss114 | insurance | cyber | cloud | Leighton Chenery
Contributing Author Leighton Chenery

Read this article in the tv-bay digital magazine
Article Copyright tv-bay limited. All trademarks recognised.
Reproduction of the content strictly prohibited without written consent.

Related Interviews
  • Remote access-U-CPU enabling hybrid cloud computing from G&D at IBC 2019

    Remote access-U-CPU enabling hybrid cloud computing from G&D at IBC 2019

  • Xytech Mediapulse V9 Cloud platform with new user interface at IBC2019

    Xytech Mediapulse V9 Cloud platform with new user interface at IBC2019

  • The Teracue Application Cloud show at IBC 2018 (German version)

    The Teracue Application Cloud show at IBC 2018 (German version)

  • The Teracue Application Cloud show at IBC 2018

    The Teracue Application Cloud show at IBC 2018

  • Blue Lucy with BLAM3 and their very own cloud at IBC 2018

    Blue Lucy with BLAM3 and their very own cloud at IBC 2018

  • Playbox Cloud Air at IBC 2107

    Playbox Cloud Air at IBC 2107

  • Cloud Media Management with Medway from Marquis Broadcast at IBC 2017

    Cloud Media Management with Medway from Marquis Broadcast at IBC 2017

  • Hybrid Cloud Media Aggregation from Cantemo at NAB 2017

    Hybrid Cloud Media Aggregation from Cantemo at NAB 2017

  • Elemental Technologies cloud innovations at NAB 2016

    Elemental Technologies cloud innovations at NAB 2016

  • FORSCENE Cloud Editing at NAB 2015

    FORSCENE Cloud Editing at NAB 2015

  • ERA - Cloud Services - at BVE 2015

    ERA - Cloud Services - at BVE 2015

  • Aframe Cloud Video at IBC 2013

    Aframe Cloud Video at IBC 2013

  • Haivision: Video Cloud at NAB 2013

    Haivision: Video Cloud at NAB 2013

  • Object Based Storage Solutions from Object Matrix at NAB 2017

    Object Based Storage Solutions from Object Matrix at NAB 2017

  • New CEO and news update from TMD at NAB 2017

    New CEO and news update from TMD at NAB 2017

  • Prime Focus Technologies at IBC 2016

    Prime Focus Technologies at IBC 2016

  • Prime Focus Technologies at NAB 2016

    Prime Focus Technologies at NAB 2016

  • Playbox at IBC 2015

    Playbox at IBC 2015

  • ERA - Adobe Anywhere - at BVE 2015

    ERA - Adobe Anywhere - at BVE 2015

  • Grass Valley at BVE 2015

    Grass Valley at BVE 2015

  • NETIA at BVE 2015

    NETIA at BVE 2015

  • Forscene at IBC 2014

    Forscene at IBC 2014

  • Thomson Video Networks at IBC 2014

    Thomson Video Networks at IBC 2014

  • Comigo at IBC 2014

    Comigo at IBC 2014

  • ChyronHego Metacast at IBC 2014

    ChyronHego Metacast at IBC 2014

  • Elemental Technologies Software-Defined Video at NAB 2014

    Elemental Technologies Software-Defined Video at NAB 2014

  • Elemental Technologies HEVC solutions at NAB 2014

    Elemental Technologies HEVC solutions at NAB 2014

  • Elemental Technologies Multiscreen Solutions at NAB 2014

    Elemental Technologies Multiscreen Solutions at NAB 2014

  • ERA at BVE 2014

    ERA at BVE 2014

  • ERA Avere at BVE 2014

    ERA Avere at BVE 2014

  • Forbidden Technologies FORscene at BVE 2014

    Forbidden Technologies FORscene at BVE 2014

  • Forbidden Technologies FORscene App at BVE 2014

    Forbidden Technologies FORscene App at BVE 2014

  • Haivision on BroadcastShow LIVE at IBC 2013

    Haivision on BroadcastShow LIVE at IBC 2013

  • Front Porch Digital on BroadcastShow LIVE at IBC 2013

    Front Porch Digital on BroadcastShow LIVE at IBC 2013

  • Forbidden Technologies on BroadcastShow LIVE at IBC 2013

    Forbidden Technologies on BroadcastShow LIVE at IBC 2013

  • Cambridge Imaging Systems on BroadcastShow LIVE at IBC 2013

    Cambridge Imaging Systems on BroadcastShow LIVE at IBC 2013

  • Digital Vision on BroadcastShow LIVE at IBC 2013

    Digital Vision on BroadcastShow LIVE at IBC 2013

  • Haivision live encoding HEVC at IBC 2013

    Haivision live encoding HEVC at IBC 2013

  • Tedial at NAB 2013

    Tedial at NAB 2013

  • Haivision at NAB 2012

    Haivision at NAB 2012

  • Chyron at NAB 2012

    Chyron at NAB 2012

  • TSL at BVE 2012

    TSL at BVE 2012


Related Shows
  • KitPlus Daily 30th April 2020

    KitPlus Daily 30th April 2020


Articles
Connect A Broadcast-Quality Miniature Camera To Your Computer!
Spencer Doran Upgrade any home working or live streaming setup with a broadcast-quality professional webcam
Tags: webcam | marshall | CV503 | USB | ZOOM | Streaming | Spencer Doran
Contributing Author Spencer Doran Click to read
CLASS Is Remote Cloud Working the New Norm
Bruce Devlin - new The Tuk-tuk driver has just dropped us off at the hotel in Jaipur. The guard has let us through the gates, past the dogs and the obligatory cow rummaging in the garbage. We wash our hands, head for the bar and before the first Kingfisher beer arrives, I am connected to the virtual Mr MXF compute kingdom where a million unread emails, Slack messages, requests for help with broken workflows and rejected files are waiting on a collection of virtual servers somewhere in cloud-land.
Tags: iss142 | mrmxf | mr mxf | covid-19 | remote | gotomeeting | Bruce Devlin - new
Contributing Author Bruce Devlin - new Click to read or download PDF
State of the Nation and Virtual Social Distancing
Dick Hobbs - new Under normal circumstances, I usually make my plans for NAB in November time. It’s when the airlines tend to have sales. This year, for personal reasons, I did not get around to booking back then, and it was only at the end of February that I could start thinking about it.
Tags: iss142 | nab | kitplus show | iabm | darren whitehead | warner media | streaming | Dick Hobbs - new
Contributing Author Dick Hobbs - new Click to read or download PDF
TVFutures My Dive in to Learning
Lucy Crow In 2014 I had my first taste of underwater diving. I was on a family holiday and I happened across the experience of a lifetime. Within the first few minutes of that adventure I had decided that I wanted to be part of the diving world going forward. After countless dives and extensive training to become a scuba diving instructor, I made the decision to attend university. I knew that whatever I was going to study, I wanted it to involve my passion for Scuba.
Tags: iss142 | ccitv | university portsmouth | scuba | go-pro | blue planet | Lucy Crow
Contributing Author Lucy Crow Click to read or download PDF
The Importance of Audio Production Systems
Tom Knowles Large-scale entertainment programming presents a unique set of challenges for broadcasters. Often extremely high-profile keystones of a broadcaster’s schedule and increasingly billed as live ‘event television’, as well as delivering the very best audio quality they demand a huge degree of flexibility and agility in terms of their production. With music being such a core component of their appeal to growing audiences, in both linear broadcast and online, nowhere is that more important than their audio production systems.
Tags: iss142 | ssl | solid state logic | system T | tempest engine | binaural encoder | Tom Knowles
Contributing Author Tom Knowles Click to read or download PDF