Cloud computing is growing in popularity among insurers and producers—and as usage evolves, so too is a thorough understanding of the risks involved, says Tim Francis, second vice president/enterprise cyber lead for insurer Travelers.

In one sense, the exposures for cloud computing remain very much the same as they are for an internal computer system: A potential cyber-attack or hacking could access and expose precious personal data. Or information could go missing or become exposed through negligence.

Cloud computing's disadvantage is that once a carrier or agency has turned over its data to the cloud, a degree of oversight is lost. And the ability to grasp the extent of a data breach is impaired, says Francis: "Control is limited, and you may not be allowed to look at the [cloud computing] information to identify what happened."

A breach could also be expensive "depending on what was compromised, and what needs to be fixed," he adds.

What could become especially costly is when a hacking results in a company having to provide precautionary credit checks for clients or, in some cases, even paying actual insurance claims.

The worst fallout is losing a client— which is made more frustrating when the compromise is through no fault of the carrier or agency.

Francis advises an agency take the following steps to protect itself and more fully understand its exposure:

The first is doing a thorough cost-benefit analysis to determine if it's even economical to move to a cloud server; it's imperative an agency understand the benefits and pitfalls behind cloud computing before embarking down this path.

Next, do due diligence on the provider. Before finalizing any decision to go with a cloud-computing vendor, have an attorney thoroughly review the contract. That review should note who is responsible for what parts of the agency's data.

Finally, agents need to obtain good cyber-risk coverage—which is something an agent should have anyway, regardless of whether data is handled in-house or through cloud computing. That coverage should address information ranging from hard documents to exposure through the cloud by hackers involved in a criminal enterprise.

"Cloud computing is just a buzzword that can lead one to believe that there is nothing to think about—but someone can't think that they are immune to exposure and risk," Francis observes.

"[Agencies] handle a lot of information, and with technology, when it goes missing it is in big chunks—and that has a material economic effect on an agency," says Francis. "Insurance can be an effective backstop to a wave of liability and cost."

He notes that there are a host of insurance-policy products that provide protection. And while some of these are solid, there are others that are deficient and may not protect the agency.

"Agents need to work with their carrier and make sure they are getting the most up-to-date product or to understand that if there are deficiencies [in the policy], what those deficiencies are and make some business decisions based on that," he adds.

Special Reports /

Cloud Computing's Popularity Growing, But What’s the Risk for Agencies?

Related Stories

Recommended For You