Extending the reach of cyber insurance
Corporate data now lives well outside the boundaries of a company's own building walls. It's on smartphones, laptops and even employees' own home-based desktops. It's in the cloud and on servers owned by business partners.
As a result, cyber insurance generally follows the data within a company, whether it resides on a hard drive or a server or a laptop or a smartphone, says Ken Goldstein, vice president of Chubb Group of Insurance Companies. "It's the natural extension of the coverage," he says.
Some insurance companies recently introduced specific policies called "excess contractual technology coverage" that can be purchased to cover problems stemming from data that resides with vendors, such as in the cloud.
Michael Overly, a partner at the law firm Foley & Lardner LLP, says IT leaders should both verify the extent of coverage with their own cyber insurance carrier and ask questions about what coverage their vendors carry before signing any contracts.
"Sophisticated companies now understand this issue and understand the risk involved and will be asking specifically for some sort of coverage from their cloud providers," Overly says. "That said, a lot of companies aren't yet quite sensitive to this issue. They don't know yet to even ask for this type of coverage."
Pratt is a Computerworld contributing writer in Waltham, Mass. Contact her at firstname.lastname@example.org.