In business terms, the cloud is a relatively new phenomenon. According to the MIT Technology Review, the first reference to “cloud computing” was in 1996 and the term did not enter general usage until 2006. As business use of the cloud spread, IT departments were reluctant to store sensitive data on the cloud because of a perceived loss of control; security was in the hands of the cloud vendor, not the in-house IT team.
Over time, however, that thinking has changed as IT professionals came to understand that cloud vendors had a very strong self-interest in protecting clients’ data. The vendors invest heavily in security measures and make it their business to stay up to date on all the latest security patches and fixes. Many companies admit that they cannot hope to match cloud vendors in terms of the resources directed towards keeping data safe.
Still, there are lingering concerns. While vendors have indeed done a good job of protecting the data entrusted to them, the value of that aggregated data has skyrocketed and cyber-criminals are hard at work coming up with new ways to breach the vendors’ safeguards. New ways to send and retrieve data – including mobile devices and the Internet of Things – open up new vulnerabilities.
These issues create opportunities for astute property and casualty insurers. The extent of a cloud vendor’s liability in the event of a data breach is not always clear. Some insurers are providing cloud-specific coverage and others are writing data-breach policies holding the cloud vendor responsible if notification of a breach does not take place in a timely manner.
On a larger scale, however, cloud computing gives P&C insurers the chance to move from a “product-centric” role with clients to a broader role that combines risk management consulting with the development and sale of needed products. As companies store more and more of their data in the cloud, insurers should be examining new ways to protect current and existing clients in the still largely uncharted cloud environment.