Many companies believe that by utilizing a Cloud provider they do not need Cyber Liability aka Data Privacy Coverage. The common belief is that the Cloud itself assumes any and all liabilities and would respond to any claims of hacking, reputation rehabilitation, data theft and copyright infringement relating to the first party.
The questions Cloud providers 'customer's should ask are in short "How bad would it be for an organization if information about it gets out (employee or customer information?"; "How bad would it be if an employee of a cloud leaked information?"; "How bad would it be if the customer could not access information the Cloud is responsible for?"
Cloud customers should never assume that they are covered first dollar if a claim is filed. Typical Cloud-Customer contracts include provisions that the Cloud's Cyber Liability policy (if they even have one) will be excess to any underlying policies.
Regardless, of this, disclosure that a Cloud is indeed handling the cyber responsibilities of a company can reduce the cost of coverage for the primary policy holder.
Company's should also be requesting that they be named as Additional Insureds on the providers Cyber Liability policy and requesting evidence of this and that the provider does indeed have coverage in place.
No comments:
Post a Comment