Data-assets and insurance

Following along the ‘Assets and enterprise architecture‘ theme, one of the questions that came up in the matching thread on LinkedIn was from Mike Stewart, which in effect illustrates well some of the distinctions about physical assets versus data-assets. His practical problem was in defining the right insurance for a data-centre; my response follows:

One question which has caused me a fair bit of pain in the last few weeks – how much should my organisation insure our data centres for? I can get my hands on apps, infrastructure etc.. But if data really is an asset (which should really have a known and quantifiable value, but in reality…) then surely most of the insurable amount of a data centre is in this.

Mike – “How much should our organisation insure our data centres for?”

Yes, agreed, “most of the insurable amount of a data centre is in [the data itself]” – except there’s no means to insure it in the same way as for the bricks-and-mortar, the servers or even the apps.

Conventional insurance covers physical, replaceable ‘things’ or replicable services and if you pop over to this site you will see that the apps fall into that second bracket. An app is ‘frozen data’, in effect a physicalised virtual-asset providing a service: it’s replaceable. (Mostly, anyway – a whole load of tangles around escrow and duplicable function, but that’s detail for another time.)

But the raw data itself is not replaceable: it’s a virtual asset, not a physical asset. It’s created / amended etc at specific points in time, and you can’t go back in time to replace it. (Ask me somewhen about painful experience in an engineering lab with hardware-encrypted data and the consequences of throwing away ten years later the ‘outdated’ computer used for the original encryption. 🙁 ).

You could possibly insure against loss of use of data – impact on business processes and the like. But that won’t replace the data.

Since the data itself is not replaceable, the real ‘insurance’ for the data is all the effort you put into backup, system-redundancy, remote storage, data escrow, data/information-architecture and so on. It would be entirely reasonable to class all of that as part of your insurance budget (and the much larger overall-enterprise insurance-budget, for that matter) – and might make some of the funding-arguments easier, too! 🙂

Hope this helps?

Leave a Reply

Your email address will not be published. Required fields are marked *