Authored by Scott Godes and Kara Cleary The privacy and security of data continues to be a hot button issue for companies, with privacy and security events frequently in the news. What about for businesses that have moved to the cloud? Whether you are a cloud provider or a cloud user, data breaches and denial of service attacks are real risks. Have you considered whether and how your insurance program will respond to those risks? Here are three terms to remember that may help simplify some of the coverage issues: Computer System: Some insurance policies, which provide coverage for cybersecurity and privacy risks, have coverage that could turn on whether there was an impact to your “computer system.” A best practice is to understand whether the insurance policy has a narrow definition of that term. Would it include your company’s use of the cloud or the third-party networks your company is using? For cloud users, consider whether your company should buy an insurance policy that specifically references cloud computing or networks run by third-parties as defined policy terms in order to provide broad coverage.
Contracts: How will your company’s obligations under contracts with cloud providers or users be handled under the respective insurance policies? Many cyberinsurance policies continue to contain exclusions for liability assumed by contract, though exceptions to such exclusions also are common. What does this mean for the cloud? Aggressive insurance claims handlers might cite such an exclusion as a reason to deny coverage for contractual indemnity obligations. This could be an important issue for those cloud providers that offer their clients indemnification in the event of a breach or denial of service. In such an instance, how will the insurance company view the contractual obligation to send out required notifications or defending against lawsuits? If your company has contracts with vendors or clients that require indemnification for lawsuits, notification letters, forensic investigation, or other issues, a best practice would be to consider whether your insurance policy would cover those obligations to cloud users specifically. Caps: Even if your company holds insurance policies that provide broad coverage, are there limits on the total amounts of coverage for certain types of losses? Typically, those are referred to as sublimits, as they provide less than the total amount of the insurance policy’s aggregate limit. It is important to understand how your limits and sublimits work for different types of losses, before the event happens. For example, some cyberinsurance carriers use a sublimit in the policy for cloud-based risks. Without a careful review, a policyholder may think they have more coverage for cloud computing losses than what the policy provides due to the cap. With an increasing number of companies relying on the cloud on a daily basis, it is difficult to overstate the importance of having insurance coverage in place that could help offset financial losses for cloud-based incidents. The three Cs we’ve outlined above serve as a starting point for an analysis of coverage and where there might be room for improved policy language offered by the insurance company.Insurance Coverage Basics for Cloud Computing: 3 Cs to Remember
RELATED ARTICLES
After a Ransomware Attack, Does Property Insurance Cover Damaged Software and Hardware?
February 11, 2020 | Policyholder Protection, Cyber Insurance, Policy, Data Security
The Cloud: Selected Benefits, Risks, and Insurance Coverage Issues (Part 2)
May 5, 2017 | Policyholder Protection, Insurance, Data Security
The Cloud: Selected Benefits, Risks, and Insurance Coverage Issues (Part 1)
May 3, 2017 | Policyholder Protection, Insurance, Data Security
Does a CGL Insurance Policy Cover a Data Breach? The Fourth Circuit Says ‘Yes’
May 17, 2016 | Cyber Insurance, Data Breach, Policyholder Protection
Does a CGL Insurance Policy Cover a Data Breach? The Fourth Circuit Says 'Yes'
April 26, 2016 | Cyber Insurance, Insurance, Policyholder Protection
After a Ransomware Attack, Does Property Insurance Cover Damaged Software and Hardware?
February 11, 2020 | Policyholder Protection, Cyber Insurance, Policy, Data Security
The Cloud: Selected Benefits, Risks, and Insurance Coverage Issues (Part 2)
May 5, 2017 | Policyholder Protection, Insurance, Data Security
The Cloud: Selected Benefits, Risks, and Insurance Coverage Issues (Part 1)
May 3, 2017 | Policyholder Protection, Insurance, Data Security
Does a CGL Insurance Policy Cover a Data Breach? The Fourth Circuit Says ‘Yes’
May 17, 2016 | Cyber Insurance, Data Breach, Policyholder Protection
Does a CGL Insurance Policy Cover a Data Breach? The Fourth Circuit Says 'Yes'
April 26, 2016 | Cyber Insurance, Insurance, Policyholder Protection
Scott Godes quoted in Legaltech News Article "Cyberinsurance: A Necessary Protection in the Digital Era?"
April 25, 2016 | Cyber Insurance, Policyholder Protection
Scott Godes Quoted in Law360: Insurance Article “Data Breach Report Shows Cyberinsurance Not A Cure-All”
March 16, 2016 | Data Breach, Policyholder Protection
Scott Godes Quoted in Law360 Article, “A Cyberattack Survival Guide for Policyholders”
October 2, 2015 | Cyber Insurance, Data Breach, Policyholder Protection
What Insurance Should Cover Target’s Visa Settlement?
August 20, 2015 | Cyber Insurance, Data Breach, Policyholder Protection
Scott Godes Quoted in Law360 Article, "Cyberinsurance Thaw Hinges On Data-Sharing Bills”
April 29, 2015 | Cyber Insurance, Policyholder Protection
Will Cyberinsurance Cover Target’s $19 Million MasterCard Settlement?
April 20, 2015 | Data Breach, Insurance, Policyholder Protection
Scott Godes Quoted in Cyber Risk Network’s article, “10 million settlement with consumers a ‘good deal’ for Target, insurers”
March 25, 2015 | Data Breach, Policyholder Protection
Cybercrime: How Insurance Can Protect Your Company
March 17, 2015 | Cyber Insurance, Policyholder Protection
Should Retailers Rely On CGL Coverage For Data Breaches?
March 13, 2015 | Cyber Insurance, Policyholder Protection
2014 Year in Review: A National Insurance Recovery Webinar
January 9, 2015 | Insurance, Policyholder Protection
The Other Cyber Shoe Has Dropped – What Does that Mean for Your Insurance Program?
December 9, 2014 | Cyber Insurance, Data Breach, Policyholder Protection
Scott Godes to Present at the Comprehensive Conference on Cybersecurity Law Presented by Law Seminars International
November 20, 2014 | Cyber Insurance, Policyholder Protection
Scott Godes to Present “Be a Cyber Risk Hero: Understand the Risks & Learn Best Practices to Get Them Insured”
August 29, 2014 | Cyber Insurance, Policyholder Protection
Scott Godes to present at ACC-SoCal's Networking Cocktail Reception: "Be a Cyber Risk Hero – Understand the Risks and Learn Best Practices to Get Them Insured."
July 3, 2014 | Cyber Insurance, Data Breach, Policyholder Protection
Scott Godes and Ken Gorenberg present "Taking the Target Off Your Back: Insurance Coverage for Data Breaches and Other Cybersecurity Threats"
May 21, 2014 | Cyber Insurance, Data Breach, Policyholder Protection
Scott Godes to present at the AFP® Annual Conference in Washington, DC
May 14, 2014 | Cyber Insurance, Data Breach, Policyholder Protection
Scott Godes presents "Cultivating Ethics: Mitigating Vulnerability to Cyber and Data Security Threats in Order to Maintain Client Confidentiality"
May 8, 2014 | Cyber Insurance, Data Breach, Policyholder Protection
Increasing data breach costs should lead to a review of insurance policies and vendor contracts
May 8, 2014 | Cyber Insurance, Data Breach, Privacy, Policyholder Protection
Chris Yetka presents "Cyber Risk: The Cost of a Breach"
May 7, 2014 | Cyber Insurance, Privacy, Policyholder Protection
Scott Godes to Speak at the NetDiligence Cyber Risk & Privacy Liability Forum June 11-13, 2014
April 29, 2014 | Cyber Insurance, Policyholder Protection
5 Tips For Reviewing And Buying Cyberinsurance
April 29, 2014 | Cyber Insurance, Policyholder Protection
RELATED PRACTICE AREAS
Subscribe
Do you want to receive more valuable insights directly in your inbox? Visit our subscription center and let us know what you're interested in learning more about.
View Subscription Center