This is part of a series of interviews with Asigra Partners. In this post we’re talking with Mark Saville, Director at Data2Vault who discusses why companies would need an insurance policy for critical data, the risks associated with only having cyber insurance and the best way to reduce the risks associated with residual loss.
MS: DI is a policy issued by underwriters and brokers to protect against the residual risk of permanently losing critical data. It allows you to protect your organisations most critical, unique business assets and offers full financial protection in the case of data loss. We are a unique solution because we are currently the only solution that compensates for data loss as well as the value of our payouts are higher. Think of it like this: data insurance is like fire insurance. You try to avoid the risk as much as possible, but you’ll still need insurance in case the building were to burn down. It’s the same thing in the world of IT… the best practice is that an organisation would have firewalls, antivirus, backup and replication in place, but there is still a residual risk that you may still lose your critical data, and for that reason, this is why you have a data insurance policy.
MS: As an Asigra Service Provider, we have built an Insured Data Environment, which has been certified to give our clients the extra protection they need for peace of mind. It also provides the underwriter with a proven method to recover the clients’ critical data and therefore reduce the likelihood to have to make a significant payout.
MS: Cyber Insurance is a valuable policy, but it only protects personal identifiable data and personal sensitive information against copy theft or loss of data through a cyber-threat. If there is no cyber-attack there is no basis for a claim. Data Insurance, on the other hand protects against the permanent loss of critical data. As an example, a pharmaceutical or a food/beverage company may have a loss of formula or patents, which contains no personally identifiable data, and could only be covered by data insurance.
MS: That’s really up to the client to determine what is critical vs. what is not. If any of our clients need further clarity to assess what should be covered, we have risk analysts and data classification consultants who will help with the identification and valuation of data if the customer needs assistance. Once the client defines what should be insured, together, with the underwriters Allianz, a fair value will be agreed.
MS: In high hazard industries there is already an appreciation of residual risk, and the cost associated with minimising residual risk to an acceptable level. As these industries increasingly become more digital, the principles of safeguarding against residual risk of data loss becomes equally important. Organisations in high hazard industries are also conscious that the loss of critical data could have extremely negative ramifications on the business (i.e. shutting down after a data loss) and therefore discussing data insurance to residual risk with business executives is a language they understand.
MS: Even if every possible step to prevent data loss was taken, there would always be a residual risk of data loss. Data Insurance, through an assessment of risk and use of the Insured Data Environment helps reduce the residual risk to an acceptable level and provides both the ability to recover lost data or financial compensation if the data cannot be recovered from the Insured Data Environment.
MS: A commercially licensed and supported Backup and Recovery solution or service is a pre-condition of Data Insurance as it demonstrates the organisation follows good practices in safeguarding their data. With a conventional backup and recovery solution there is no 100 per cent guarantee that any lost critical data can be recovered. Data Insurance covers that residual risk of data loss.
MS: Data Insurance does not replace Backup and Recovery solutions, it augments existing protection. Like many other insurance policies, the client has a small number of pre-requisites to qualify for Data Insurance. A Backup and Recovery solution is a best business practice and the client must also identify and value their critical data which will then be placed into the Insured Data Environment, at this point a Data Insurance policy will be issued.
Interested in learning more about Data Insurance and how to minimise residual risk? Data2Vault is running a series of free seminars throughout March and April across the UK to educate organisations of all sizes on how to protect their business critical assets.
Click on the button below to register and select the venue that suits you best.