Google Cloud is now the first major cloud service provider to offer cyber risk insurance – an area of business that has been lacking coverage for years as more and more organizations save and store their data, including confidential customer information, in the cloud. By teaming up with European insurance companies Allianz and Munich Re, Google is now offering this new insurance product to corporate users of Google Cloud services. To qualify for the insurance, business Google Cloud clients must have annual revenue between $500 million to $5 billion and must apply and meet certain underwriting requirements.
Cyber Insurance Application Allows Underwriters to See Data in Cloud
As industry insiders point out, one of the unique aspects of Google Cloud’s new cyber insurance is that companies applying for it will need to grant permission for underwriters to view the data they have stored in the cloud. One of the key features of Google Cloud – and other competitors – is that the solution encrypts stored content so that nobody other than data owners could view, or grant access to others to view, their information.
However, in order for Google, Allianz, and Munich Re to determine whether or not they will provide an applicant cyber insurance coverage and if so, how much they will charge for it, the group will need to assess the risk that the applicant will be the victim of a cybercrime.
The underwriting process will most likely involve a review of the type of data an applying company is storing in Google Cloud, though it is possible that confidential information such as customers’ personally identifying data will be redacted and unviewable to insurance underwriters. Google Cloud’s announcement about its new cyber insurance included no mention of how applicants’ risk will be assessed or what confidential data owned by the applicant will be viewable to underwriters.
Google’s New Cyber Insurance Matches Rising Cybercrime
This new cyber insurance, which covers up to $50 million in business losses to compensate for insured companies’ lost revenue for up to a year, comes at a time when cyberattacks are at their highest. The ISACA, which stands for Information Systems Audit and Control Association, estimates that in the United States alone, financial losses due to cybercrime will reach $6 trillion by the end of 2021.
Recent headline-making cyberattacks and ransomware attacks include:
- The SolarWinds supply chain attack, which exposed data for major worldwide companies and US government organizations including Microsoft, FireEye, NVidia, and Cisco.
- The Marriott International cyberattack, in which private information of 5.2 million hotel guests – including names, mailing address, email addresses, phone numbers, Marriott loyalty account numbers, employer names for corporate accounts, and the users’ gender and date of birth – were exposed.
- The Twitter cyberattack on high profile user accounts including those of Microsoft Founder Bill Gates, Amazon Founder Jeff Bezos, Entrepreneur Elon Musk, US presidents Barack Obama and Joe Biden, and popular ridesharing app Uber.
- A ransomware attack on Garmin. The attack forced the smartwatch maker to shut down several services and affected its customer service call centers, rendering them inoperable. During the attack, customers were unable to call customer service or tech support to get any information, which most likely made the attack even scarier and frustrating for Garmin watch wearers and the company.
- A ransomware attack on huge German software company Software AG, which has over 10,000 enterprise customers in 70 countries around the world.
Cyberattacks Risk Reputational Damage and Revenue Loss
A cyberattack or data breach may expose private data, disrupt business, and lead to lost revenues. In many cyberattacks, hackers seek out a targeted company’s customer data. When personal information – such as a customer’s name, address, and credit card number – is exposed, it is often used by the cybercriminal or sold to a third party on the dark web, potentially leading to millions of cases of identity theft by illegally using the hacked customer personal information.
These types of data breaches can have very negative impacts on a company’s reputation. The consequences can be so severe that exposed clients – and would be new clients – refuse to do business with the company, causing significant revenue losses.
One of the most expensive cyberattacks was on Sony’s Playstation network. After being hacked, which exposed 77 million Playstation accounts, Sony lost nearly $171 million in revenue.
While it’s not explicitly clear if it is covered by the Google Cloud cyber insurance, an additional cybercrime that costs companies money is called a ransomware attack. With this type of cybercrime, hackers install malicious software onto a company’s cloud site. The company is then notified via a message that appears on computer screens that access to their confidential information is being held for ransom, and will only be released after a large sum of money has been paid.
Ransomware costs can be extremely high. In 2020, the United States travel company CWT was the victim of a ransomware attack. The company paid $4.5 million in ransom after hackers stole massive amounts of confidential business files and took 30,000 of the company’s computers offline.
Google Cyber Insurance Targets Major Global Corporations
According to information posted on the Google Cloud website, this new cyber insurance has the potential to offer cyber risk coverage to some of the world’s largest organizations. The Google Cloud website states that its solution is used by:
- 8 of the top 10 telecommunications companies.
- 7 of the top 10 media & entertainment companies.
- 7 of the top 10 retail & CPG companies.
- 7 of the top 10 software & internet companies.
- 5 of the top 10 financial services companies.
- 5 of the top 10 logistics and transportation companies.
- 5 of the top 10 professional services companies.
- 5 of the top 10 automotive manufacturing services companies.
To learn more about Google Cloud and its new cyber insurance offering, go to cloud.google.com.
Implications for Insurance Defense Law Firms
Google’s move into the cyber insurance market is a certain indicator of explosive growth. Law firms that are looking for more panel counsel opportunities are advised to carefully consider a cybersecurity practice. While the revenue qualifying level is high at $500 million, this will likely be reduced over time as more middle-market firms are targeted.
On the business side, law firms themselves are likely clients for cyber insurance coverage as more files move into a cloud-based, digital realm.
Insurance Defense Marketing Consultant for Law Firms
If your insurance defense law firm is asking how you can improve your marketing communications and business development efforts, give us a call. We have helped more than 200 insurance defense law firms in 40 states pursue new client opportunities.
Legal Expert Connections, Inc. offers three key benefits to insurance defense law firms nationwide:
- We are the leading U.S. legal marketing agency specializing in the insurance defense market. We make it our business to identify who you need to contact at an insurance company, corporation or municipality to be considered as a panel counsel member. We accelerate your business development process by helping you focus on introducing your law firm to new prospective clients.
- You get a structured business development process. We guide your law firm through a proven three-step campaign that brings discipline, focus, and productivity to your marketing efforts.
- Increase revenue with professional, Bar-compliant legal marketing campaigns. We do the research to identify insurance panel managers, so you can focus your time on the business development process.
This article is provided for educational purposes only. It is not to be interpreted as legal advice or an opinion in regard to any topic discussed. The article should not be used as a substitute for legal advice from a licensed attorney in your state. Every situation is different and circumstances vary widely depending on the governing state law, policy provisions, and related considerations.