Major headlines like the Target credit card breach have increasingly put cyber liability insurance on the radar for businesses of all shapes and sizes. However, as the American workplace shifts from a traditional office to a mobile, technologically connected workforce, choosing the correct coverage becomes a trickier process for producers working with commercial clients.
Nearly 60% of server workload for US businesses is expected to be virtualized by the end of the year, according to IT company Awesome Cloud Services, meaning company data will largely be hosted by third-party sources.
This has an important bearing on both emerging new cyber risks and corresponding coverage—something that some carriers in the industry have been loath to embrace, said industry veteran Ty Sagalow.
“There are concerns that because many, many companies are now sharing a server, if that server is successfully hacked into, then every client’s information will be compromised,” Sagalow said. “That will lead to a systemic risk and multiple claims against multiple carriers, which is obviously very much disfavored.”
Because of that possibility, carriers are apprehensive about underwriting cloud computing risks through a general cyber liability policy. While many insurers are beginning to include coverage for such security breaches, the trend is a new one and exclusions for “third-party providers” of data storage are still common.
Vague policy language is also a challenge in finding coverage to address risk for clients storing data in the cloud.
“[The policy] might not even say cloud computing—they might put ‘third-party service provider,’” said Christine Marciano, president of the niche agency Cyber Data-Risk Partners. “It’s important to check the policy to see if it mentions third-party providers, as well as the definition of ‘computer network’ or ‘computer infrastructure’ to see if [the policy] offers coverage.”
Marciano said she prefers policies that are more clear in their definition of cloud computing and the details of coverage, as opposed to those that are “somewhat vague” and may leave room for misinterpretation, which could lead to clients “battling it out in court.”
Learning to identify these preferable policies will be critical for producers in the cyber insurance space as cloud computing continues to grow in popularity and more commercial clients express concern over the associated liability.
“We definitely have that question coming up a lot more,” Marciano said. “A lot more businesses are heading to the cloud because it’s a way to reduce the cost of housing their data. Their risks aren’t really minimalized, however, because it’s still their data regardless of where it’s hosted, and it will still be their responsibility to take care of the breach and the costs associated with it.”