Gajus - Fotolia
Google has partnered with Allianz and Munich Re to create a cloud-specific cyber insurance program.
In a blog post Tuesday, Google Cloud announced the new partnership, called the Risk Management Program, in collaboration with the two insurance carriers. Google referred to it as a "first-of-its kind partnership between a major cloud provider and leading cyber insurance companies."
Google's intention is to ease the transition of sensitive workloads onto its platform while providing customers cyber insurance coverage to protect them financially from potential losses.
"That includes navigating risk management in the ever-evolving cloud-native environment," the blog post said. "Tackling the issue of risk management in the cloud required a collaboration with insurance industry leaders to create a complete solution for our customers."
Allianz Global Corporate and Specialty (ACGS) and Munich Re designed a specialized cyber insurance policy exclusively for Google Cloud customers called Cloud Protection+. Currently, only Google Cloud customers in the U.S. are eligible, according to the Cloud Protection+ program page.
Coverage includes a diagnostic review to asses a prospective client's security posture, after which the insurance carriers provide policies for both first-party and third-party coverage for up to $50 million in potential losses.
First-party coverage include business interruption and contingent business interruption, crisis management costs, cyber extortion attacks such as ransomware as well as others, while third-party coverage focuses on privacy and network security, regulatory fines and penalties, among other concerns.
The diagnostic reviews are performed via a new Google security tool called Risk Manager, which is free to all Google Cloud Clients as part of the Risk Protection Program. According to the blog, it enables customers to measure and manage their risk on Google Cloud and obtain a report on their security posture.
In an email to SearchSecurity, a Google spokesperson said customers need to share a Risk Manager report with the insurers, Allianz and Munich Re, to determine eligibility for Cloud Protection+. The assessment cannot come from a third party. The spokesperson also said Risk Manager only asses customers' Google Cloud environments.
While clients cannot "fail" a Risk Manager review, Chris Storer, global head of cyber facultative and corporate at Munich Re, told SearchSecurity the report created in the Risk Manager tool is part of the submission information the client provides insurance carries. Information from the Risk Manager report as well as supplementary submission information will be used to determine whether a customer demonstrates a sound level of cyber risk maturity and whether they are eligible for Cloud Protection+.
"If a client has not yet implemented some security measures, for example, because he has not been using the advantages of the Google Cloud as a customer for long and perhaps does not know it well, this can also lead to measures in his own risk management that adequately increase his security," Storer said in an email to SearchSecurity.
According to the blog, Google will "prioritize access for our Security Command Center Premium Customers."
The cyber insurance market has experience rapid growth in recent years as public and private organizations contend with the rising costs of sensitive data breaches and cyber attacks. For example, an increase in ransomware attacks have put major pressure on enterprises to seek financial relief through insurance coverage.
This isn't the first cybersecurity insurance partnership for Allianz. In 2018, the insurer joined forces with Apple and Cisco, along with professional services firm Aon. Apple and Cisco customers could qualify for policy benefits and discounts for their Allianz coverage. In addition to cybersecurity insurance coverage, the partnership intended to offer incident response services from both Cisco and Aon.