Cyber liability coverages dominated the insurance product news cycle again in 2013, but one segment of this risk that insurers are still grappling with how to insure is cloud computing. The real story here isn’t how many products were launched in 2013 addressing cloud providers or the exposures of storing data in a cloud, but rather the strides the industry made in 2013 in understanding and accepting the risk. However, experts say there is still a ways to go in meeting the insurance needs of this segment.
“The insurance industry has taken awhile to embrace the aspect of cloud computing. But as more companies move to clouds, the insurance industry has to recognize that data won’t be in an internal server but in the cloud,” says Fred Bartkiewicz, co-founder and partner of CyberRiskPartners, which develops and manages risk mitigation platforms for cloud companies through its subsidiary, CloudInsure. “Insurers have not fully embraced this technology and how it works.”
Most cyber liability products either exclude data loss by a third-party provider or have an endorsement that provides minimal coverage. As more companies turn to cloud providers, which they are increasingly doing, better coverage options are needed.
Indeed, results released in October from a survey conducted by research firm-Advisen indicated that cloud computing is gaining in popularity and “the percentage of organizations that examine the vulnerabilities from cloud services as part of their data security risk management program has also increased”. The respondents were mostly risk managers from a variety of industries including, healthcare, government and nonprofit, industrials, professional services, consumer discretionary and utilities.
Growth of this industry is a big factor that has led to insurers reconsidering the risk. Bartkiewicz says CloudInsure can measure its own growth rate by the insurance industry’s comfort level with cloud computing. Based on what it experienced in 2013, he says insurers are feeling more secure with covering this risk. One reason for that is cloud providers typically have more secure and sophisticated data security systems than what the average company uses. To that end, it is actually safer for a company to store important data on a cloud than on their own server.
Bartkiewicz says as the industry becomes more comfortable with the risk and more confident in this segments ability to keep data safe, better insurance options will become available.
“The insurance industry doesn’t want data to be where it’s not supposed to be and the way cloud providers hold data makes it nearly impossible for this to happen. Their interests are very much aligned,” he says. “One thing the insurance industry is starting to move past is the issue of aggregation and understanding that cloud companies have the same desires of insurance companies. Cloud providers don’t want one big hack to take down the infrastructure of the cloud.”
Oliver Brew, vice president of technology for Liberty International Underwriters, says carriers have failed to come up with effective cloud insurance products so far for a variety of reasons:
“For one, companies in this space in particular are inherent risk takers and the fast-pace of technology development has outpaced innovation and development in the insurance sector,” he says. “And second, I think until recently there hasn’t been a critical mass big enough to have an insurance sector focused on it.”
Liberty International Underwriters was one insurer that decided to tackle insuring the cloud computing segment in 2013. It partnered with CloudInsure last summer to provide insurance backing for cloud providers and the businesses that utilize them. Coverage applies to any loss, theft and liability of data stored within a cloud from a hacking, virus, or subsequent liability event. The platform offers insurance capacity of up to $10 million per risk and coverage through LIU for cloud providers if their systems fail to deliver, as well as to the businesses that store personal data with that cloud provider. Cloud providers and their clients also have access to LIU’s privacy breach resources, including pre-and post-breach services.
Many businesses that look at cloud storage to keep their important data secure have held back because of security concerns and cloud providers are not in a position to take on the liability for their data clients, says Bartkiewicz.
LIU and CloudInsure believe that offering a platform where cloud providers can fund the insurance for their clients will lead to more business for the segment.
“One of the most precious assets of any company, regardless of size, is their data assets. If they are not confident that it is secure, they will be reluctant to take advantage of the savings and benefits of a cloud,” says Brew.
Bartkiewicz says cyber liability insurance has recently shown its growth potential for insurers and he expects cloud computing could also be a big growth segment for those in the industry who choose to embrace this risk, especially since cloud computing is growing faster than any other segment of the cyber world.
“We don’t view cloud insurance as replacing cyber coverages, but rather as it becoming the largest subset of cyber,” he says. “The world is going to the cloud, whether the insurance industry accepts it or not. Insurers need to embrace the trend if they want to remain relevant.”
CloudInsure also formed an agreement with Lockton at the beginning of 2013, which allows it to establish relationships with primary insurers to offer liability coverage. The company is currently in talks with other insurers and three of the top 100 cloud providers.