Sniffing the clouds
Anyone who works in the insurance industry is no stranger to difficult days, and on days like these, there are occasions where I find myself fantasising about leaving it all and starting up a nightclub.
It would be called ‘The Third Party’. The logic is simple: first there is the party, then the after-party and now ‘The Third Party’. There would be no need to stick to cliché cocktail names such as ‘Manhattan’, ‘Margarita’ and ‘Bloody Mary’ when we can use ’Large Loss‘, ’Subpoena‘ and ’Restraining Order‘. We could even call the entrance fee the ’party and party costs’.
Smoking for inspiration
The Third Party would be a place where brokers could unwind and underwriters could smoke whatever it is they smoke to get policy premium and claims settling inspiration. It is in these clouds that the conversation could drift towards cloud computing.
Cloud computing is not to be confused with vapour ware. Cloud computing is a bit like calculus, people sort of know what it is, but not really.
In its simplest form, cloud computing is simply separating the software from the hardware. A common example of this is a web browser - if your computer crashed, you could continue browsing by simply moving to another computer.
Having it all out there
There are many benefits to cloud computing such as up-time reliability, load-balancing and cost savings. Yet, despite these clear benefits, it seems impossible to have a discussion about cloud computing without someone raising a concern about having all your data “out there”.
Although there is no doubt that the data in these clouds can be compromised, any reputable cloud hosting organisation would employ the necessary skills to protect the cloud from attack. Yes, the cloud is by no means immune to attack, but a far more likely attack vector would be exploiting the rest of the user’s system – especially the upload and download functions.
Data in transit is often vulnerable to sniffing. In this case, sniffing does not refer to the standard greeting protocol among neighborhood mongrels, but rather a technique used by hackers to intercept and copy the information that is being sent and received.
It should be remembered that sniffing is not a risk peculiar to cloud computing - it is just as much a risk when performing other computer functions such as sending emails.
Don’t judge a book by its cover
Typically, general liability policies exclude risks related to data being compromised. There are various ways in which they do this, the most common of which seems to be some obscure exclusion about magnetic fields. That exclusion probably dates back to a time before cybercrime and many of the more modern policies contain more explicit exclusions such as “there is no cover for liability arising out of the loss, damage, disclosure, inaccessibility, incorrect rendering, duplication or detrimental change to any data or of any consequence therefrom, unless as a direct consequence of damage to tangible property”.
This exclusion is best illustrated by way of example: suppose the insured accidentally drove a forklift into Ashley Madison’s computer server and as a result, all kinds of exciting information were lost. This loss would typically be covered. By contrast, if the insured was hosting Ashely Maddison’s information in terms of some cloud service there would be no cover for loss of data if a file server crashed. To cover that loss a Cyber Risks policy would be needed.
Complex cover
Given the complexities of commercial insurance cover, one can only wonder how the clients of direct insurers are faring.
How do they know what to include or omit when trying to structure their portfolio cost effectively?
There is no denying that many of the direct insurers have a large book of business, but are all those clients adequately covered? This brings us to the moral of the story: you cannot judge a book by its cover.
