But guess what: your liability and cyber exposure remain firmly planted on YOUR ground.

Your organization is responsible for safeguarding all data and information you collect from third parties. Using a cloud service to store your data does not transfer your liability in the event of a breach, and you can be held accountable.

Selecting the right cloud service provider can mean the difference between a lasting success or a costly failure. You need to ask the right questions and set the right requirements to ensure that your potential cloud provider increases your productivity, not your risks.

Before signing a contract, make sure it addresses the following:

1. Is the provider obligated to replace your stored data if a disaster destroys their servers?
2. Are there resources in place to back-up your data to ensure that there cannot be any permanent loss?
3. Is the timeframe for the cloud provider to restore your data short enough for your business?
4. Where is the data stored? While your provider may be headquartered in Canada, it could utilize server space in multiple countries. Depending on the location, this could mean reduced security standards.
5. Is the process to transfer data from their servers back into your control well-defined, should your business relationship end for any number of reasons?

You’re never done with cybersecurity even once you complete your due diligence and select a cloud provider that you can entrust with your data. Despite your best efforts, you could still experience a breach.

How can Cyber Insurance help?

When you or your cloud provider has experienced a breach, time is of the essence. Many cyber insurers provide you with immediate access to a legal Breach Coach who manages your response and investigation process.

The right breach coach will help you start the response process under attorney-client privilege. This way, you can carefully prepare and control how information is released publicly. By engaging legal counsel specializing in data breaches, you are assured that you will be compliant with breach notification requirements.