Cloud computing is growing in popularity among insurers andproducers—and as usage evolves, so too is a thorough understandingof the risks involved, says Tim Francis, second vicepresident/enterprise cyber lead for insurer Travelers.

|

In one sense, the exposures forcloud computing remain very much the same as they are for aninternal computer system: A potential cyber-attack or hacking couldaccess and expose precious personal data. Or information could gomissing or become exposed through negligence.

|

Cloud computing's disadvantage is that once a carrier or agencyhas turned over its data to the cloud, a degree of oversight islost. And the ability to grasp the extent of a data breach isimpaired, says Francis: "Control is limited, and you may not beallowed to look at the [cloud computing] information to identifywhat happened."

|

A breach could also be expensive "depending on what wascompromised, and what needs to be fixed," he adds.

|

What could become especially costly is when a hacking results ina company having to provide precautionary credit checks for clientsor, in some cases, even paying actual insurance claims.

|

The worst fallout is losing a client— which is made morefrustrating when the compromise is through no fault of the carrieror agency.

|

Francis advises an agency take the following steps to protectitself and more fully understand its exposure:

|

The first is doing a thorough cost-benefit analysis to determineif it's even economical to move to a cloud server; it's imperativean agency understand the benefits and pitfalls behind cloudcomputing before embarking down this path.

|

Next, do due diligence on the provider. Before finalizing anydecision to go with a cloud-computing vendor, have an attorneythoroughly review the contract. That review should note who isresponsible for what parts of the agency's data.

|

Finally, agents need to obtain good cyber-risk coverage—which issomething an agent should have anyway, regardless of whether datais handled in-house or through cloud computing. That coverageshould address information ranging from hard documents to exposurethrough the cloud by hackers involved in a criminal enterprise.

|

"Cloud computing is just a buzzword that can lead one to believethat there is nothing to think about—but someone can't think thatthey are immune to exposure and risk," Francis observes.

|

"[Agencies] handle a lot of information, and with technology,when it goes missing it is in big chunks—and that has a materialeconomic effect on an agency," says Francis. "Insurance can be aneffective backstop to a wave of liability and cost."

|

He notes that there are a host of insurance-policy products thatprovide protection. And while some of these are solid, there areothers that are deficient and may not protect the agency.

|

"Agents need to work with their carrier and make sure they aregetting the most up-to-date product or to understand that if thereare deficiencies [in the policy], what those deficiencies are andmake some business decisions based on that," he adds. 

Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader

  • All PropertyCasualty360.com news coverage, best practices, and in-depth analysis.
  • Educational webcasts, resources from industry leaders, and informative newsletters.
  • Other award-winning websites including BenefitsPRO.com and ThinkAdvisor.com.
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.