The manager of a fine hotel would never allow an electrician or plumber to work without being insured; it’s standard fare on service contracts in the physical world. Not so in cloud computing, where provider coverage in the form of cyber insurance is far from a given. This undoubtedly will change as businesses push providers to share the risks of a data breach or unexpected downtime, experts said.
Such large cloud computing providers as Salesforce.com Inc. do carry cyber insurance to mitigate the risk of data breaches or unexpected downtime, but “smaller providers are not carrying insurance and have no plan to [do so] until the larger customers push back and say, ‘You’re in our risk profile now,’” said Drew Bartkiewicz, vice president of technology and new media markets at The Hartford Financial Services Group, a cyber insurance company based in New York.
For the cloud computing model to work, cloud customers, as well as cloud providers, need to share the risk, according to Drue Reeves, director of research for the Burton Group in Midvale, Utah. If a provider were wholly responsible for the data of hundreds or thousands of tenants, it simply wouldn’t be able to buy enough insurance to cover the liability. To protect themselves in this risky situation, cyber insurers generally cap their policies at $10 million or $15 million, forcing providers and large customers to keep shopping, experts said.