To view this page ensure that Adobe Flash Player version 11.1.0 or greater is installed.
COMMENT IT’S NOT IF BUT LIKELY WHEN WILL IT HAPPEN TO YOU. Leighton Chenery Most businesses use “the cloud”, either internally for services like payroll processing or an employee beneﬁts portal, or externally for customer relationship management, data storage or payment processing. But how does this impact your insurable risk? No doubt, it deﬁnitely complicates things. Many companies will improve their security by shifting to the cloud because, in most cases, they’re working with providers that make security a top priority. But, what about the liability? Liability is a shared responsibility between the cloud provider and its customers. Both sides have to be aware of security to prevent a breach and it may not always be clear who is at fault when there is a security failure. In tackling these issues we need to address three different perspectives: 1. The cloud customer 2. The cloud provider 3. The insurer Cloud Customers & Cyber Insurance Sutton Winson is a specialist Insurance Broker in the Broadcast & Media industry and is able to help you manage your business risks. To discuss your insurance requirements, please contact Leighton Chenery on Leighton.chenery@ swib.co.uk, call 07976327407 or visit suttonwinson.com When it comes to the insurance policy, the good news is that insurers now do a fairly good job of recognising what constitutes the cloud. Most cyber insurance policies include a third-party network that you have contracted with to support your company. So, if a breach happens, the policy will respond regardless of where the data was stored. But there are still questions about whose responsibility it is. There are lots of misconceptions around the cloud and liability because many companies assume that they have transferred their risk when their data is in third-party hands. The reality is that in most cases, there’s very little protection in terms of liability with cloud providers. 30 | KITPLUS - THE TV-BAY MAGAZINE: ISSUE 114 JUNE 2016 The first thing to understand about a cyber breach and the cloud is that the legal obligation rests with the company that initially accepted the data. Cloud providers have limited their liability and since the damages are generally restricted to direct costs, they would not cover all aspects of a breach. I.e. the cost of responding to regulators or dealing with customer lawsuits. A good cyber insurance policy will cover those costs, as well as the direct expenses related to dealing with a breach. So having your own cyber insurance is critical to addressing the entire exposure of a breach. Even if you have your own cyber insurance, it’s a good idea to request the cloud provider to obtain their own cyber coverage to help fund a loss. They might be more willing to compensate you if the costs are not coming out of their pocket, and their contribution can help fund the excess costs if your cyber insurance limits are insufficient. This is something you can and should negotiate with them before becoming a customer. Another consideration worth noting is that if you rely on a third-party to transact business for you, and a security failure shuts them down, many cyber policies won’t cover the resulting loss of profits and extra expenses. If this is a real exposure for you, look specifically for Business Interruption cover or speak to your Broker to be fully protected.