It is not is but when it will happen to you


Leighton Chenery TV-Bay Magazine
Read ezine online

Most businesses use "the cloud", either internally for services like payroll processing or an employee benefits portal, or externally for customer relationship management, data storage or payment processing. But how does this impact your Insurable Risk? No doubt, it definitely complicates things.

Many companies will improve their security by shifting to the cloud because, in most cases, they're working with providers that make security a top priority.

But, what about the liability?

Liability is a shared responsibility between the cloud provider and its customers. Both sides have to be aware of security to prevent a breach and it may not always be clear who is at fault when there is a security failure.

In tackling these issues we need to address three different perspectives:

  1. The cloud customer
  2. The cloud provider
  3. The insurer

Cloud Customers and Cyber Insurance

When it comes to the insurance policy, the good news is that insurers now do a fairly good job of recognising what constitutes the cloud.

Most cyber insurance policies include a third-party network that you have contracted with to support your company. So, if a breach happens, the policy will respond regardless of where the data was stored. But there are still questions about whose responsibility it is.

There are lots of misconceptions around the cloud and liability because many companies assume that they have transferred their risk when their data is in third-party hands. The reality is that in most cases, there's very little protection in terms of liability with cloud providers.

The first thing to understand about a cyber breach and the cloud is that the legal obligation rests with the company that initially accepted the data. Cloud providers have limited their liability and since the damages are generally restricted to direct costs, they would not cover all aspects of a breach. I.e. the cost of responding to regulators or dealing with customer lawsuits.

A good cyber insurance policy will cover those costs, as well as the direct expenses related to dealing with a breach. So having your own cyber insurance is critical to addressing the entire exposure of a breach.

Even if you have your own cyber insurance, it's a good idea to request the cloud provider to obtain their own cyber coverage to help fund a loss. They might be more willing to compensate you if the costs are not coming out of their pocket, and their contribution can help fund the excess costs if your cyber insurance limits are insufficient.

This is something you can and should negotiate with them before becoming a customer.

Another consideration worth noting is that if you rely on a third-party to transact business for you, and a security failure shuts them down, many cyber policies won't cover the resulting loss of profits and extra expenses.

If this is a real exposure for you, look specifically for Business Interruption cover or speak to your Broker to be fully protected.

Cloud Providers and Cyber Insurance

A data breach claim for a cloud provider is in reality a Professional Indemnity (PI) claim. In most cases, the cloud provider has no direct liability to the individuals whose data have been breached. However, there may be a claim from companies that use them as their cloud provider for failing in their performance of services (in this case, keeping the company's data secure).

Cloud providers need to make sure that their PI policy will respond to cyber-related claims, because a cloud customer may demand to be compensated for direct and third-party (liability) costs incurred as a result of the breach.

For example, a customer may say it cost them millions of pounds to deal with notifying their customers about the data breach, or that they lost business as a result of the provider's failure.

Keep in mind that even though a cloud provider contract limits liability, it's not clear how successful this contract would be when it's time to pay a claim. If the cloud provider is truly negligent, the court may decide that the liability limits on the contract will not apply.

Insurers and Cyber Policies

Insurers don't worry about A policy for the cloud provider, it's the threat of a single breach impacting multiple customers of the cloud provider.

If an insurer writes 10,000 policies for customers of one cloud provider, and every single one of them makes a claim because of a breach, that's an aggregation problem.

This is a challenging unknown because the exposure is not something insurers can easily map. In property underwriting, for example, insurers can analyse their aggregated exposure to floods by post code. Cyber underwriters are starting to ask more questions about the number and type of cloud providers their clients are using, but the data is largely anecdotal so far.

We fully expect insurers to figure out how to analyse their exposure on cyber policies and the cloud. Eventually, this could lead to limitations on insurance capacity, and insurers may decide that they can only handle a certain number of policies for customers of each cloud provider.

In conclusion, the cloud has provided extreme efficiencies for businesses and in many cases, improvements in security. Cyber threats continue to be a growing issue and add some complexity to the insurance and risk management decisions.

The bottom line is that when storing data in the cloud, your best bet is to ensure the risks are managed just as tightly as if you were storing it on your own systems.


Tags: iss114 | insurance | cyber | cloud | Leighton Chenery
Contributing Author Leighton Chenery

Read this article in the tv-bay digital magazine
Article Copyright tv-bay limited. All trademarks recognised.
Reproduction of the content strictly prohibited without written consent.

Related Interviews
  • The Teracue Application Cloud show at IBC 2018 (German version)

    The Teracue Application Cloud show at IBC 2018 (German version)

  • The Teracue Application Cloud show at IBC 2018

    The Teracue Application Cloud show at IBC 2018

  • Blue Lucy with BLAM3 and their very own cloud at IBC 2018

    Blue Lucy with BLAM3 and their very own cloud at IBC 2018

  • Playbox Cloud Air at IBC 2107

    Playbox Cloud Air at IBC 2107

  • Cloud Media Management with Medway from Marquis Broadcast at IBC 2017

    Cloud Media Management with Medway from Marquis Broadcast at IBC 2017

  • Hybrid Cloud Media Aggregation from Cantemo at NAB 2017

    Hybrid Cloud Media Aggregation from Cantemo at NAB 2017

  • Elemental Technologies cloud innovations at NAB 2016

    Elemental Technologies cloud innovations at NAB 2016

  • FORSCENE Cloud Editing at NAB 2015

    FORSCENE Cloud Editing at NAB 2015

  • ERA - Cloud Services - at BVE 2015

    ERA - Cloud Services - at BVE 2015

  • Aframe Cloud Video at IBC 2013

    Aframe Cloud Video at IBC 2013

  • Haivision: Video Cloud at NAB 2013

    Haivision: Video Cloud at NAB 2013

  • Be More with Clear from Prime Focus Technologies at NAB 2017

    Be More with Clear from Prime Focus Technologies at NAB 2017

  • Object Based Storage Solutions from Object Matrix at NAB 2017

    Object Based Storage Solutions from Object Matrix at NAB 2017

  • New CEO and news update from TMD at NAB 2017

    New CEO and news update from TMD at NAB 2017

  • Prime Focus Technologies at IBC 2016

    Prime Focus Technologies at IBC 2016

  • Prime Focus Technologies at NAB 2016

    Prime Focus Technologies at NAB 2016

  • Playbox at IBC 2015

    Playbox at IBC 2015

  • ERA - Adobe Anywhere - at BVE 2015

    ERA - Adobe Anywhere - at BVE 2015

  • Grass Valley at BVE 2015

    Grass Valley at BVE 2015

  • NETIA at BVE 2015

    NETIA at BVE 2015

  • Forscene at IBC 2014

    Forscene at IBC 2014

  • Thomson Video Networks at IBC 2014

    Thomson Video Networks at IBC 2014

  • Comigo at IBC 2014

    Comigo at IBC 2014

  • ChyronHego Metacast at IBC 2014

    ChyronHego Metacast at IBC 2014

  • Elemental Technologies Software-Defined Video at NAB 2014

    Elemental Technologies Software-Defined Video at NAB 2014

  • Elemental Technologies HEVC solutions at NAB 2014

    Elemental Technologies HEVC solutions at NAB 2014

  • Elemental Technologies Multiscreen Solutions at NAB 2014

    Elemental Technologies Multiscreen Solutions at NAB 2014

  • ERA at BVE 2014

    ERA at BVE 2014

  • ERA Avere at BVE 2014

    ERA Avere at BVE 2014

  • Forbidden Technologies FORscene at BVE 2014

    Forbidden Technologies FORscene at BVE 2014

  • Forbidden Technologies FORscene App at BVE 2014

    Forbidden Technologies FORscene App at BVE 2014

  • Haivision on BroadcastShow LIVE at IBC 2013

    Haivision on BroadcastShow LIVE at IBC 2013

  • Front Porch Digital on BroadcastShow LIVE at IBC 2013

    Front Porch Digital on BroadcastShow LIVE at IBC 2013

  • Forbidden Technologies on BroadcastShow LIVE at IBC 2013

    Forbidden Technologies on BroadcastShow LIVE at IBC 2013

  • Cambridge Imaging Systems on BroadcastShow LIVE at IBC 2013

    Cambridge Imaging Systems on BroadcastShow LIVE at IBC 2013

  • Digital Vision on BroadcastShow LIVE at IBC 2013

    Digital Vision on BroadcastShow LIVE at IBC 2013

  • Haivision live encoding HEVC at IBC 2013

    Haivision live encoding HEVC at IBC 2013

  • Tedial at NAB 2013

    Tedial at NAB 2013

  • Haivision at NAB 2012

    Haivision at NAB 2012

  • Chyron at NAB 2012

    Chyron at NAB 2012

  • TSL at BVE 2012

    TSL at BVE 2012


Related Shows
  • Den Lennie and Larry Jordan - Cloud Editing BVE 2015

    Den Lennie and Larry Jordan - Cloud Editing BVE 2015


Articles
Future proofing post production storage
Josh Goldenhar Advancements in NVMe (Non-Volatile Memory Express), the storage protocol designed for flash, are revolutionising data storage. According to G2M Research, the NVMe market will grow to $60 billion by 2021, with 70 percent of all-flash arrays being based on the protocol by 2020. NVMe, acting like steroids for flash-based storage infrastructures, dynamically and dramatically accelerates data delivery.
Tags: iss135 | nvme | sas | sata | it | storage | post production | Josh Goldenhar
Contributing Author Josh Goldenhar Click to read or download PDF
The making of The Heist
Tom Hutchings Shine TV has never been one to shy away from a challenge, be that in terms of using new technologies, filming ideas or overall formats: we pride ourselves on being ambitious and risk-takers.
Tags: iss135 | liveu | heist | streaming | cellular | mobile | connectivity | Tom Hutchings
Contributing Author Tom Hutchings Click to read or download PDF
Your two week editing future
Alex Macleod

So here we are - January again! Usually a good time to reflect on the year just gone by, and a good time to look forward to the coming months as the new year begins.

When I was reflecting on my 2018, and when thinking about what to write for my first article for Kit Plus - I kept coming back to one theme - organisation.

Tags: iss135 | editing | mediacity training | premiere pro | dit | Alex Macleod
Contributing Author Alex Macleod Click to read or download PDF
21st Century Technology for 20th Century Content
James Hall A big challenge facing owners of legacy content is rationalising and archiving their tape and film-based media in cost effective and efficient ways, whilst also adding value. Normally the result of this is to find a low cost means of digitising the content – usually leaving them with a bunch of assets on HDD. But then what? How can content owners have their cake and eat it?
Tags: iss135 | legacy | digitising | digitizing | archive | James Hall
Contributing Author James Hall Click to read or download PDF
Test, Measurement and Standards
Alan Wheable The Alliance for IP Media Solutions (AIMS), is a non-profit trade alliance that fosters the adoption of one set of common, ubiquitous, standards-based protocols for interoperability over IP in the media and entertainment, and professional audio/video industries.
Tags: iss135 | omnitek | aims | SNMP | hdr | ai | Alan Wheable
Contributing Author Alan Wheable Click to read or download PDF