As Fortune 500 companies and other enterprises across North America devote increasingly large amounts of their tech budgets to cloud computing, it’s becoming more and more clear: the cloud is here to stay.
While such notable providers as Amazon, Dropbox and Box have insurance policies in place that protect themselves against liability from such cyber downfalls as breaches, data loss and downtime, no coverage exists that protects the consumers of these services. As a result, brokers are missing out on a colossal opportunity to protect their personal and commercial clients.
Alexander Saca and Guise Bule have set out to change that. After working in cloud computing for more than a decade, the duo realized that all policies in the market amounted to an errors and omissions (E&O) coverage for the cloud service providers, not the customers using them.
“Just look at Box, the obvious low-hanging fruit,” Bule said. “It has a couple hundred million customers with no Service Customer Agreement (SCA) and no insurance coverage for its customers.”
Bule can foresee a situation where a company such as Box sustains a cyber attack, and provides no mechanisms to compensate entities that had their data stolen. This could be particularly damaging to the affected parties since cyber liability typically occurs with a “long tail.”
“If hackers get a copy of that data, the effects and repercussions may not realize themselves for 3, 4, maybe 5 years,” Bule said. “They could be stealing ideas for 10 years and the company may not realize it’s happening until a decade later.”
Bule is currently working with Lloyd’s of London to develop consumer cloud protection, but plans to launch with just a simple, straightforward product.
“We would like to begin with basic customers for Dropbox and Box, since they all look the same besides for whether it’s personal or business data,” he said. “Pricing models around two kinds of customers is much easier to quantify.”
Payout caps will be somewhat low at first, since Cloudsurance is still figuring out how to develop pricing models accurately. Still, Bule figures that some protection for clients is better than none.
“The main problem we have right now is that we don’t know what the true cost of critical events happening, such as downtime data that’s lost from a cyber attack,” Bule said. “So our feeling is that we’d like to take a sufficient scan of customers and only then will we start to understand the costs of risks and be able to price insurance more accurately.”
Once the product hits the market later this year, Bule hopes that brokers and other insurance professionals realize what a critical opportunity this provides to commercial clients of all shapes and sizes.
“This is a multibillion dollar niche of insurance in its own right,” he said. “It’s time to come together and get our heads around this.”