Blog Articles
Read MSP360’s latest news and expert articles about MSP business and technology
Cyber Insurance 5 Important Things MSPs Must Know

Cyber Insurance: 5 Important Things MSPs Must Know

Cyber Insurance: 5 Important Things MSPs Must Know

As an MSP offering cybersecurity services and engaging with customers about securing their environment, you’re going to need to know a thing or two about cyber insurance.

You’re seen by your customers as a trusted advisor in all things tech. And because cyber insurance is so closely associated with cybersecurity, it’s likely going to be seen as something you should know a thing or two about, in order to help the customer consider whether they need a policy, what kinds of coverage they should have, etc.

To get you started, here are five pieces of information about cyber insurance you should know as a foundation.

1. Cyber Insurance Isn’t a Must

Like any part of a business’s risk mitigation efforts, cyber insurance is just another tool to choose from in order to help offset the risk that cyberattacks present to your customers’ operations. Remember how backups used to be seen as gimmicky and just “an insurance policy”? Well, that’s exactly what they are – a technology put in place just in case the unforeseen happens.

In the same way, cyber insurance isn’t a catch-all, broodingly protecting the customer with a safety net of sorts should a cyberattack occur. It’s quite the opposite; cyber insurance is a way for your customers to transfer the financial risk of a cyberattack to the insurer. And, given that most insurers evaluate a prospective insured’s cybersecurity stance before issuing a policy (more on this later), policies should be seen as a last resort should every other aspect of your customer’s cyber defenses fail.

That being said, it’s not necessary (unless specified by some regulatory or governing body) for a given business to have cyber insurance. It’s an option for those businesses and scenarios where having a policy in place makes sense.

And, given the massive increases in cyber insurance costs that have both already occurred and are expected to continue, it may become cost-prohibitive for a small business to participate at all.

New call-to-action

2. There Are Two Kinds of Coverage Your Customers May Want

While a given company may be issued a single policy, there are two types of claims that may be presented against a policy which, in turn, dictates the coverages that may need to be covered within the policy. The two types of claim coverages are:

  • 1st Party Claim Coverage – This cyber insurance coverage protects your customer should they be the victim of a data breach, cyber event, ransomware attack, a loss of funds (fraud), other situational types of coverage against things like reputational harm, voluntary shutdown of the business, business interruption reimbursement, and more.
  • 3rd Party Claims Coverage – This cyber insurance coverage protects against lawsuits by another party. For example, if your customer has a data breach and personal customer data (think social security numbers, credit card info, etc.) has been published on the dark web, your customer could be the subject of a lawsuit. This kind of coverage protects against class action claims, regulatory claims, and private rights of action claims.

Further reading Why Cyber Insurance Is Crucial for MSP Clients: An Unavoidable Necessity

3. There Are Some Tech Basics Needed

In 2022, not every cyber insurer has the exact same requirements. Cyber insurance is still somewhat in its infancy today, with many insurers learning from the outcomes of claims placed against initially issued policies and formulating what specific technologies need to be in place before they’ll even consider issuing a policy. The most rudimentary list that almost all insurers agree on includes (but certainly isn’t limited to):

  • Backups – This is on every insurer’s radar. The idea that a business can get itself back up and operational quickly means less impact to the insured (your customer) and, therefore, less damages to be presented in a claim.
  • Endpoint Protection – Insurers realize that phishing remains the number-one attack vector for most cyberattacks, so they require you to have protection on endpoints as a minimum.
  • Patch / Vulnerability Management – Keeping operating systems and applications up to date is critical to minimize the use of supply chains (read: the software vendors that make the applications your customers utilize) as an attack vector.

4. Policies Are Cheaper Than a Breach

According to IBM’s Cost of a Data Breach report this year, the average data breach costs the victim organization around $4.5 million. That seems very much an enterprise number, so let’s use the last published number available, which came from Ponemon’s 2019 “State of Cybersecurity in Small & Medium Size Businesses” report, where the average cost after a cyberattack was $1.2 million. Even if you scale that number down a bit to better reflect the size of your typical customer, it’s still evident that the cost of a cyber insurance policy is materially lower than dealing with a breach. But, in the spirit of keeping things real, be sure to check out the last consideration…

5. Pay Attention to Policy Specifics

Insurers aren’t just offering a blanket “you’re protected against all things cyber”, as they wouldn’t remain in business for very long. There are plenty of cases where a claim was denied, the insured sued the insurer, and lost in court because of a technicality involving the policy covering specific types of threat actions that weren’t present in the attack that prompted the claim in the first place. So, whether you’re involved in helping your customer choose a policy, or just providing them with guidance, make sure they understand that the only way a claim will be paid is if the attack actions follow the policy coverage to the letter.
Getting the Most out of Cyber Insurance
Does your customer absolutely need a cyber insurance policy? No. Should they have one? Probably. Will it definitely cover the customer’s losses should an attack occur? It depends.

The reality is that cyber insurance is an opportunity for you as the customer’s trusted technology partner to ensure they are as protected as possible, minimizing the risk of a successful attack and, therefore, the need for a claim. By providing your customer with proper guidance, you set them and you up for success through better cybersecurity controls and incident response plans in place, and a proper level of dependency on a cyber insurance policy as just one of many parts of the overarching cybersecurity strategy.

author avatar
Nick Cavalancia
Nick Cavalancia, technical evangelist and co-founder of Conversational Geek, has over 25 years of enterprise IT experience, is an accomplished consultant, speaker, trainer, writer, and columnist, having achieved industry certifications including MCSE, MCT, Master CNE and Master CNI.
FREE ASSETS
Ransomware Awareness Poster Pack

The poster pack includes:

  • Explanation of how ransomware works
  • 5 points on how your clients can protect themselves against ransomware
  • Reminders to stop clicking on suspicious emails
New call-to-action
Whitepaper icon