Why Every MSP Client Should Have Cyber Insurance
10 December 2021 Comments Off on Why Every MSP Client Should Have Cyber Insurance Uncategorized
Hacking, cyber attacks, financial fraud, and data leakage will always be inevitable in the digital realm. All tech companies including MSPs and their clients need to equip themselves with the right tools, processes, and policies to avoid a major mishap.
Cyber insurance policies are becoming an important part of all MSPs and their clients. This is due to a significant increase in the attacks by cybercriminals on small and large-scale businesses. The average cost of a ransomware payment has jumped from $4000 to $178,000 in just a few years.
As the digital space grows, MSPs and their customers are adding cyber insurance policies to the mix as protection. But there are a lot of factors you as an MSP need to consider while taking up a cyber insurance plan or pitching one to your client.
Let’s discuss a few of them.
Your Customers Need it
Customers need protection against a potential hack, breach, malware, or phishing attacks. It is reported that small businesses can spend up to $1 million just to restore normal business operations after a cyber attack. This includes data breaches, downtime, forensics, and customer notifications.
Since 2019, there has been a 424% rise in SMB cyber breaches, and these small businesses really need to consider getting insured, instead of paying that much money in damages. Moreover, companies risk their reputation getting damaged in the event of a cyber attack — which means no more business in the future.
As an MSP, it is your job to highlight these figures to your clients in order for them to get secured, because ultimately the MSP will also be held accountable if such a scenario occurs.
The Longer you Wait, The More it Will Cost
As a small business, and as an MSP, it is in the interest of both parties to get an insurance plan as soon as you can. Because the cost of cyber insurance policies is based upon today’s threats and what is going to happen tomorrow.
Threats are evolving with time, and insurance companies are continuously engaged in doing risk analysis to adjust their rates. A policy that will cost you $1000 per a million in today’s date might increase up to 10x in the coming years or even months.
While making policies, insurance companies analyze cyber events that occur every year and adjust the costs of those events to formulate the prices of their policies.
It’s better to secure your business at your earliest convenience because halfway through the year things might change drastically.
As an MSP, It Is Your Job To Guide Your Clients
As a trusted service provider to your customer, it is imperative that you help your clients make all the right decisions to safeguard their business. We understand that it might be difficult considering the evolving circumstances, but at all costs, do not let your customer be the doctor and the patient.
The customer relationship creates a large incentive for the MSPs to quickly resolve any issue to salvage customer goodwill — while it is important to restore operations, it is equally important to get insured in time.
Upsell based on Insurance criteria
Insurance companies are getting smarter every day. Certain carriers require that MSPs and customers meet certain technical criteria to qualify for insurance policies. This includes Multi-Factor Authentication (MFA).
Most MSPs offer MFA, but if you are not, then you are definitely going to lose your customers to the competition. Customers want to mitigate business risk and get an insurance policy. So get the smartest people in your company, to guide them at every step.
Make sure you address each challenge & requirement of insurance providers, with complete transparency. Upsell your services to your clients like vCIO tools, MFA, identity access management, patches, and updates.
Insurance Won’t Solve Your Security Problem
Let’s assume you are successful in convincing your client to buy cyber insurance. But just because they bought insurance, does not mean that both of you stop taking your security seriously. It is not advised to buy insurance and have poor security.
Cyber insurance is a great tool to mitigate risk, it covers you financially and puts you at ease. But in a case of a breach, your reputation can fall down and your business will be severely impacted. Take the Facebook-Cambridge Analytica data scandal for example.
Pay Attention To The Details
Be transparent with clients. If you are pushing them to buy insurance, guide them through everything that will be covered. Cyber insurance companies have specific protocols to mitigate damage, and it is your responsibility to follow them. Otherwise, your claim would be at a risk.
If it is in your agreement to offer a particular service like MFA, or SIMM, or a Pen test, then follow through with it. Maintain a proper log of information, and maintain your documents and reports, so that in case of an event, the threat vector can be detected. If you fail to follow the given guidelines, your claim may become void.
Work with both your client and insurance provider to ensure that incident response systems are in place, everything in the guidelines is being followed and in case of an attack, you are liable for a valid claim. The insurance companies will scrutinize all of these factors during their audit process.
Regularly Update Your Service Agreements
MSPs and their clients might have cyber insurance. However, the only link between them is their service agreement. The only possibility of a liability issue can arise in this area. So make sure you are regularly updating your service agreements, and they are reflected in the business.
Have regular cybersecurity conversations with your customers. Get the best of your employees to explain to your customers what the latest threats are, and how the damage is being done. Recreate a scenario where their business might be affected in the same manner. This might be enough to convince them to review the service agreements with you and with their cyber insurance provider.
A great way to initiate these conversations is during your quarterly business review (QBR) or your technology business review (TBR)
Every MSP Needs Insurance
In a new wave of cyberattacks, MSPs have been targeted more frequently. As they manage entire infrastructures of dozens of businesses. This allows the hackers to launch waves of cyberattacks into a central point causing more harm in one blow.
From a hacker’s point of view, an MSP is a perfect target. I have a higher chance of stealing money, accounts, personal information, and data from a single source.
In today’s age, not only clients but MSPs themselves need to get insured. Because if none of the parties are insured, the businesses associated with the MSP might collapse. Resulting in long legal battles, bankruptcy, and the perfect doomsday scenario.
To Conclude
Before your customers buy an insurance plan, you can make internal changes to reduce how much they pay in cyber insurance premiums. Insurers want to see every tool in your arsenal, like firewalls, antiviruses, secure backups, etc.
Beef up your security, show due diligence on your end, and get secure. We hope that this article was able to convince you. If you have any questions for us, send us an email at info@narmada.com