(Authors Note: This article was written using scenarios and coverage descriptions that are pertinent to the US. We would expect that markets outside the US have similar requirements and coverages.)
The cyber insurance market is becoming more mature, and while it was once something that MSPs may have considered, it’s now pretty much mandatory for MSPs. And it’s a big opportunity for them to acquire new business.
What is Cyber Insurance?
In a nutshell, cyber insurance (or cyber liability insurance) is a service that can offset some of the costs associated with a data breach or cyber security incident.
MSPs should already have various types of insurance to protect their business, and this particular policy covers financial losses a business would incur in the event of a data breach or some other cybercrime incident.
Typically, cyber liability insurance policies provide the following coverages:
- Lost revenue protection - Covers revenue lost due to the cyber attack
- Data recovery services - Attempts to recover lost data
- Investigation services - Attempts to find out the source of the breach
- Hardware repairs/replacement
- Customer and regulatory body notification support
- Credit monitoring services for impacted parties
- Ransomware attack protection - full or partial payment of ransom, legal fees and fines
Why MSPs Need Cyber Insurance
MSPs are susceptible to threats from malicious parties just like any other business, and cyber insurance is meant to help MSPs protect their own businesses against the impact of a potential breach.
However, there is an additional, very important reason why MSPs need cyber insurance: MSPs are a major link for any potential attacks on their clients. An MSP will manage the IT and security of dozens (sometimes hundreds) of clients, each with dozens (sometimes hundreds, or thousands) of users. In the case where an MSP gets compromised, it's very possible that hackers will be able to also compromise downstream clients due to the MSPs’ admin access to all of their clients’ systems.
When that happens, the consequences can be catastrophic. Cyber liability insurance is thus essential to mitigate the financial and legal effects of the breach(es) and help keep the MSP’s business alive while they deal with the fallout.
Why the Clients of MSPs Need Cyber Insurance
MSP clients are also susceptible to direct cyber attacks like any other SME. They, too, need cyber insurance to help in the case they get compromised. The policies covering the costs of recovering systems to operational states is the main aim, but in the event of special cases like a ransomware attack, it might provide access to funds to pay the ransom, which can be the difference between the client continuing to trade… or going out of business.
Cyber insurance isn’t, of course, a replacement for cyber security, and insurance companies will surely require proof that good cyber security practices are in place (this is your opportunity!). So in addition to providing the financial support necessary to withstand an event like this, cyber insurance should help encourage everyone to be more aware of their security responsibilities as individuals and as a business, even if they do not feel technically-inclined to do so, as not taking security measures seriously can lead to a breach of the policy.
The Opportunity for MSPs
Ensuring that clients have cyber insurance in place is really important for MSPs, and some are starting to enforce it as a requirement for their clients.
Cyber insurance providers make certain stipulations that must be adhered to or the insurance would be invalidated. And because the MSP should play a part in delivering these security services, MSPs have an opportunity to introduce new suites of security tools into their clients’ infrastructure to meet the requirements of cyber insurers, and extend their role as advisors and partners in the ongoing success of their clients.
The tangible (and intangible) benefits are very real, and are not as far away as you might expect. In fact, some of my colleagues at JumpCloud along with industry experts recently hosted a webinar on the topic of not just what tools and approaches MSPs can bring to their security offerings, but also how to sell and defend them to their clients. I highly recommend you check that out, or share below what successes you have found bringing the security discussion front-and-center to your clients.
