Insurers lag on cloud cover
Cloud computing presents businesses with a new set of risks the insurance sector is finding hard to comprehend.
Data sovereignty, security, migration and risk mitigation are some of the issues insurers must quickly grasp as more organisations take on the cloud and get ahead of what little cloud cover exists.
Eric Lowenstein, client manager, financial services group of Aon, Sydney, said there was a big gap between what conventional insurance offered and the risks presented by cloud computing.
"There is a broad range of cover options available but these have problems. What are the geographical exclusions in regard to data sent offshore? And there are uncertainties about the definition of networks. Do they include devices like iPads, laptops, etc?" he said.
Lowenstein said the cloud posed risks to many stakeholders. "All stakeholders in the business need to be engaged: IT, marketing legal, communication, as well as the CFO and CEO. This is a new kind of exposure that a lot of entities are taking notice."
In the US there is already the beginnings of a cloud computing insurance industry. In April the MSPAlliance, an association of cloud service providers, announced a partnership with insurance broker Lockton to "offer comprehensive protection for cloud and managed service providers worldwide". But this provides risk mitigation for cloud service providers, not for their customers. Lockton is expanding its activities to Australia
Insurance cover for enterprise users is available from another US-based organisation, CloudInsure, which also has partnered with Lockton. CloudInsure promises to provide indemnity assurance to cloud service providers and enterprises in support of service level agreements, and financial protection for customers "commensurate with their data risk within the cloud".
Paula Eggers, senior associate at Lockton in Australia, said the company's cyber risk activities would be available here. "Lockton in the UK and Asia have just resourced up around cyber risk and that will be rolled out to Australia," she said.
David Vaile, from the Cyberspace Law and Policy Centre at the University of NSW, said there was a big risk associated with data stored offshore, because it was subject to the laws of the host country.
"In the past the cloud has been seen as something just 'out there' - beyond jurisdiction. That is completely wrong. Rather than escaping from jurisdiction in the cloud, you are actually subject to many jurisdictions. And those jurisdictions might not be what
Adrian Lawrence, a partner with law firm Baker & McKenzie, warned that the US Patriot Act, which grants wide-ranging powers to US government agencies, could be applied outside the US to any cloud service provider that was owned by, or a subsidiary of, a US company.
"To the extent that a US corporation is involved in the storage of data offshore from the US, the US authorities will assert their right to access that data," he said.
InvestSMART FORUM: Come and meet the team
We're loading up the van and going on tour from April to June, with events on the NSW central & north coast, the QLD mid-north coast and in Perth, Adelaide, Melbourne, Sydney and Canberra. Come and meet the team and take home simple strategies that you can use to build an investment portfolio to weather any storm. Book your spot here.
Want access to our latest research and new buy ideas?
Start a free 15 day trial and gain access to our research, recommendations and market-beating model portfolios.Sign up for free