Cyber Insurance: An Efficient Way to Manage Security and Privacy Risk in the Cloud?
As organizations of all stripes increasingly rely on cloud computing services to conduct their business, (with many organizations entering into cloud computing arrangements with multiple cloud providers), the need to balance the benefits and risks of cloud computing is more important than ever. This is especially true when it comes to data security and privacy risks. Cloud providers are sitting on reams of data from thousands of customers, including sensitive information such as personal information, trade secrets, and confidential and proprietary information. To criminals Cloud providers are prime targets. At the same time, based in large part on the amount of risk aggregated by Cloud providers, most Cloud customers are unable to secure favorable contract terms when it comes to data security and privacy. While customers may enjoy some short term cost-benefits by going into the Cloud, they may be retaining more risk then they want (especially where Cloud providers refuse to accept that risk contractually). In short, the players in this industry are at an impasse. Cyber insurance may be a solution to help solve the problem.
Continue Reading...Insurers Deny Coverage for Breach Notice Costs (and why companies should consider cyber insurance coverage and why brokers should offer it)
It was recently reported that an insurance carrier (Colorado Casualty Insurance Co.) denied coverage (and filed a lawsuit) for the $3.3 million in costs the University of Utah incurred to provide notice of a security breach involving the records of 1.7 million patients from the University’s hospitals. You can find a copy of Colorado Casualty's declaratory judgment action complaint here. The University also filed its own counter claim, cross-claim and third party claim. As discussed further below, the University's cross-claim is against Perpetual Storage (the service provider that allegedly lost the data) and its third party claim is against Perpetual Storage’s insurance broker (the broker that placed the insurance coverage with Colorado Casualty).
The parenthetical in the title of this blogpost may seem counter-intuitive perhaps, but it appears that this controversy and the pleadings that have been filed paint a picture of what can potentially go wrong when proper cyber or technology errors and omissions coverage is not in place. It will be interesting to see how this case shakes out (and I make no predictions on what will happen because I lack too much information to analyze the issue), but I guarantee that the players involved are probably wishing they purchased explicit cyber or technology errors and omissions coverage (again, it appears that they may not have, but I don’t have all the information to state that definitively). Instead, they will have to litigate with no guarantees of success (and large hurdles for the University). Ironically, the University may ultimately recover from insurance proceeds, but those proceeds may come from the insurer that provides errors and omissions coverage to Perpetual Storage's insurance broker.**
Continue Reading...
