As cloud becomes more pervasive, many organizations are seeking ways to insure themselves from unexpected downturn. Traditional and new insurers are starting to offer insurance programs designed to protect companies' information, networks, and operations from cloud failure, a market likely to grow and help spur further adoption of cloud among enterprises.
Insurance companies have struggled with ways to address the business continuity and protection needs of cloud customers.
In June, Marsh unveiled an insurance offering designed specifically to protect companies -- especially small and midsized organizations -- against losses stemming from a cloud service provider's failure. This stems from greater cloud adoption, interest from businesses' finance and risk executives, and a lack of a financial safety net for companies affected by non-traditional business interruptions resulting from managed service providers’ actions, Bob Parisi, Senior Vice President and Network Security and Privacy Practice Leader for Marsh, told 21cIT.
We looked at the cybersecurity market and we saw that there were a couple of things missing. The trigger for an insurance claim under business interruption and extra expense was computer security failure or, at best, a technology failure that wasn’t due to a physical event -- software wasn’t working, technology wasn’t working. The companies generally defined it as an interruption, but it had to be "your" computer system; it had to be the insured’s computer system. Your computer system starts to mean less than it did before. If all your servers are from a cloud provider, your computer system is not really where the risk is; their computer system is where the risk is. We hadn’t seen a really robust option for insuring or transferring the risk of contingent risk interruption in the cyber world.
Marsh's CloudProtect offering can cover loss of income; costs you incur procuring services from a new provider; and costs associated when transitioning to this new provider, according to the insurance firm. As part of the service, Marsh provides risk assessment.
Of course, Marsh is not alone in eyeing this opportunity. As CloudNow executives wrote recently in Forbes:
Cloud will evolve from a one-to-one relationship between end-user and cloud provider to a one-to-many, flourishing ecosystem comprised of cloud insurers, such as CloudInsure, broker services, and other intermediaries enabling organizations to enjoy the financial and operational benefits of federated cloud formations.
CloudInsure -- a wholly owned subsidiary of CyberRiskPartners, LLC and sister company of CyberFactors, LLC -- offers insurance and reinsurance specifically designed for cloud, according to the company's Website. Said CloudInsure CEO Mike Paisan:
The insurance industry needs the cloud industry, and cloud industry needs the insurance industry -- they just don't know it yet. We see that for Cloud Companies, and Tech in general, innovation and adoption is happening at a faster rate than a single insurance company can manage on their own, we anticipate great support and partnerships from the primary insurance, with opportunities in these markets on the scale of cloud.
Some argue, however, that clients are covered under existing cybersecurity policies. Scott Godes of counsel at law firm Dickstein Shapiro L.L.P. told BusinessInsurance.com (registration required) that he's seen few, if any, policies that specifically named cloud computing. Typically, he said, liability policies and first-party policies are written to include cloud computing. "Close attention should be paid to when the term 'computer system' or 'computer network' is defined, if those are the operative terms of what is covered," he told BusinessInsurance.com.
How does your organization handle cloud insurance: Is it part of your existing cyber policy, or have you sought additional, cloud-specific coverage?