What is cyber insurance and what is the MSP’s role?
Cyber attacks are on the rise in 2022, and, no one, it seems, is safe. Big enterprises, small businesses, healthcare organizations, and even K-12 school districts are increasingly being targeted by ransomware gangs and other malicious actors looking for attention and a quick pay day.
MSPs are on the front line of this surge. Hybrid work, digital transformation, and cloud migrations are expanding threat surfaces, making it tougher than ever to stop attacks from gaining that initial access and spreading throughout the network.
As a result, many organizations are looking at cyber insurance as a way to mitigate this risk. But, what is cyber insurance? How does it work? What role should the MSP play in their clients’ coverage? And how does cyber insurance provide a growth opportunity for enterprising MSPs?
We spoke with Joseph Brunsman, a cyber insurance expert, and best-selling author, about the trend and how it impacts MSPs.
What is cyber insurance?
Cyber insurance is a critical tool for protecting organizations from the ever-increasing threat of Internet-related risks, such as data breaches, ransomware attacks, and other malicious activity. This type of insurance could not only cover the costs of restoring lost or stolen data, but also the expenses incurred in defending against and settling claims related to cyber incidents. Coverages may include things like reimbursement for ransom payments, forensic investigation costs, business interruption reimbursement, and costs resulting from claims made by customers or other parties affected by the cyber incident.
Why should organizations get cyber insurance?
Cyber insurance is an essential component of any organization’s security strategy. This insurance provides a safety net in the event of a cyber-attack with financial resources to recover quickly and effectively. Without insurance, organizations may have to rely on legal proceedings, financial reserves, or borrow money to recover from a cyber-attack, which can significantly slow down the recovery process. However, it is important to note that cyber insurance should not be viewed as a replacement for robust security measures. Just like how dental insurance does not negate the need for good oral hygiene, cyber insurance should be seen as a complement to an organization’s overall security posture. Insurance applications should be used as a starting point for organizations to meet certain security baselines and can serve as a checklist for a solid cybersecurity strategy.
What is the MSP’s role in cyber insurance?
While MSPs do not have the legal expertise to advise on specific contract language, they can provide valuable support in other areas. As technology partners, MSPs can conduct security assessments, identify vulnerabilities, and work with organizations to develop a plan to close those gaps. By working closely with MSPs, organizations can gain a better understanding of their cyber risks and take steps to mitigate them. This can help the business qualify for an appropriate cyber insurance policy while also receiving more favorable rates.
What advice can you give your clients looking for a policy and provider?
The most frequent mistake I encounter is when organizations assign the task of procuring cyber insurance to a single individual without seeking input from other stakeholders. This can result in a policy that does not adequately meet the needs of the organization, as it may have sub-limits that fall short or miss crucial coverage features. For example, if the CFO is solely responsible for purchasing the policy, they may be primarily focused on coverage for cybercrime, but may not consider coverage for “bricking” which is a concern for the CTO. This can lead to a policy that is not comprehensive, leaving the organization exposed to unnecessary risks.
How is cyber insurance an opportunity for MSPs?
Cyber insurance can be both a carrot and a stick. MSPs can use cyber insurance to enforce new minimum security standards as well as drive better value and partnerships with their clients. The simple act of filling out a cyber insurance application can uncover gaps in security coverage and provide an opportunity for security teams to recommend additional protection to stakeholders. It can then serve as a roadmap for upsell and recurring revenue opportunities, creating more value per customer down the road.
What is the future of cyber insurance?
Threat surfaces are expected to continue expanding over the next several years—especially as organizations progress along their digital transformation journeys—leading to a rise in the volume and veracity of cyberattacks. This, combined with rising ransomware payments, make cyber insurance absolutely essential. MSPs should be making this recommendation to all their clients; if not contractually requiring it within their MSA.
Should cyber insurance be a requirement of engagement between MSPs and their customers?
I think this is an interesting concept. MSPs should already require that customers meet certain security baselines before taking them on as a client—multi-factor authentication (MFA) is an example. These requirements ensure that customers take security seriously and lessen the possibility of an MSP having to over-extend its resources putting out fires that could be solved by taking common sense precautions. Cyber insurance could be one of those security foundations—protecting customers, speeding recovery, and shielding MSPs from unnecessary liability.
Are there any tools MSPs can use to help their clients meet cyber insurance requirements?
SaaS Alerts automatically shuts down access to compromised SaaS platforms before the attack can spread to their internal networks. This contains the breach, minimizes damage, and leads to better policy renewal options.
Cyber insurance is a growing trend that you need to know about. Check out Joseph Brunsman’s books on cybersecurity and reach out to SaaS Alerts today to see how you can use cyber insurance as a growth opportunity for your business.