A standard cyber-insurance policy will cover the risks associated with your liability for clients’ cloud data or applications.
By John Otrompke
November 30, 2012
For all its benefits, cloud computing also exposes businesses to new risks, ranging from identity theft to data loss to catastrophic downtime. And no matter how hard they try, even the best channel pros can’t prevent those problems from occurring, at least occasionally. One thing they can do, however, is encourage their customers to mitigate the financial impact of a major cloud-borne incident by purchasing a cyber-insurance policy.
“While cloud policies are a new product, insurance companies are very interested in what could be a rapidly expanding market, so they are competing with each other to see who can sell the product for the lowest price,” says Jim Cochran, founder and chairman of the TechInsurance, in Allen, Texas.
Cloud insurance is a kind of cyber-liability insurance that will defend channel pros and their clients and provide compliance and notification expense if they are mandated by the state to notify all their customers that their data has been compromised, Cochran explains. The insurer may also pay for credit card monitoring, public relations support, and damage control in the event that clients allege they have suffered a financial loss due to a failure to prevent a breach of network security that occurred in the cloud.
Any channel pro who assists clients in migrating to a cloud environment should have a technology errors and omissions policy, says Cochran. He notes, “In most cases, a standard policy will cover the risks associated with your liability for your client’s data or applications hosted in a cloud environment.”
Typically, a small firm with annual revenues of about $250,000 would pay approximately $800 a year for $1 million in coverage, while a company earning $1 million per year might pay $2,000 a year for the policy. Deductibles range from $1,000 to $10,000 per year. Insurance companies such as Beazley Group, a worldwide insurer headquartered in London; CNA, based in Chicago; and The Hartford, in Hartford, Conn., offer policies that pay for litigation defense, notification of customers in the event of a data breach, and PR support. According to Cochran, The Hartford’s policy is simply an endorsement that adds coverage for cloud computing on top of a standard business insurance policy.
“When a channel pro’s client is migrating to a cloud environment, the client is still responsible for the security of [its] data hosted in the cloud,” explains Cochran. “In the event of a breach, or a denial-of-service attack, for example, the client may suffer internal costs, including loss of revenue, be sued by its customers, and be fined by the various states. It may turn out at the end of litigation that the cloud services provider is ultimately liable for some or all of these expenses. But that is not certain, and the delay due to litigation may cause the client’s business irreparable harm.” All the more reason to consider various cyber-insurance offerings.