The Ultimate Guide to Cyber Insurance for MSPs
In this guide...
- What is cyber insurance
- Tips for cyber insurance buyers
- Why and how to recommend cyber insurance to your clients
- Choosing the right insurance agent
- Incident response best practices
When it comes to cyber insurance, many MSPs avoid the conversation with their clients. This leaves everyone with massive financial and data privacy risks.
Cyber insurance can seem intimidating but it’s necessary for MSPs to protect themselves and their clients all while increasing their monthly recurring revenue (MRR).
Without a full understanding of cyber insurance, your clients could be unqualified to purchase insurance and they could miss out on preferred treatment from their cyber insurance underwriters. This guide will help you gain a full understanding of cyber insurance, why it’s important, and how to get your MSP and your clients the right coverage at the right time.
According to IBM’s 2023 Cost of a Data Breach Report:
The avg total cost of a data breach has hit an all time high 4.45M USD.
Businesses who didn’t involve law enforcement in a ransomware attack paid 9.6% more than those who did, and the breach lifecycle was ~33 days longer.
What is Cyber Insurance?
Your business has sensitive data to protect.
You also have to protect sensitive data entrusted between you and anyone you do business with.
That’s why it’s crucial to have a comprehensive policy to cover you on both fronts.
There are 3 types of cyber coverage:
Main coverages include:
- Expenses associated with investigating a data breach and notifying affected individuals.
- Financial losses from disruptions in computer systems managed by the insured or a relevant third party.
- Costs related to cyber damage and ransom payments.
- Restoration or replacement of damaged electronic data and hardware belonging to the insured.
- Access to a 24/7 breach hotline for immediate support and guidance.
Main coverages include third-party claims for:
- Unauthorized disclosure of private information.
- Copyright infringement, digital content misuse, defamation, and other multimedia liabilities.
- Transmission of viruses, data breaches, or malicious content to third parties.
Main coverages include:
- Theft of property or funds due to a cyber incident.
- Deception leading to the transfer of funds from a bank or institution.
- Deception prompting your business to transfer funds voluntarily.
Why MSPs are recommending cyber insurance to their clients
More MSPs than ever are implementing cyber insurance as part of their cybersecurity strategy.
Why? A good cybersecurity strategy includes insurance for when, not if, protections fail.
3 Reasons MSPs are recommending cyber insurance:
1
Differentiation among competitors
When you use cyber insurance to safeguard your client’s resources and develop client maturity, you’ll stand out and prove to your clients and prospects that you’re an experienced and trustworthy cybersecurity advisor.
2
Protection
When you use cyber insurance to safeguard your client’s resources and develop client maturity, you’ll stand out and prove to your clients and prospects that you’re an experienced and trustworthy cybersecurity advisor.
3
Increased Revenue
When you use cyber insurance to safeguard your client’s resources and develop client maturity, you’ll stand out and prove to your clients and prospects that you’re an experienced and trustworthy cybersecurity advisor.
Cyber criminals stole an estimated $28B+ through email fraud from 2016 – 2020, with $150K+ avg loss per incident.
The average dwell time of a data breach is 2.24 months (~9 weeks).
Industries with the most cyber insurance claims:
- Healthcare
- IT and Communications
- Retail
Helping clients understand the importance of cyber insurance is a great start.
But how will you encourage your clients to actually get coverage?
Here are three ways MSPs may approach cyber insurance with their clients:
BAD | Casually suggest it or avoid the topic altogether
Whatever you know about cybersecurity, your clients know less. If you don’t emphasize the importance of insurance, then they won’t see the need. Without an expert advisor leading the way, they’ll likely choose the cheapest option that doesn’t cover their needs or they won’t meet qualifications necessary to make a claim (if they get insurance at all).
BETTER | Strongly Recommend
This is great for emphasizing the importance of insurance to your clients and even better if you make recommendations of exactly what coverage they should get. However, it doesn’t ensure your client will go with your recommendations. Without mandating it, it can still be seen as a nice-to-have vs a must-have so they may opt for the cheapest option or none at all.
BEST | Mandate via Master Service Agreement (MSA)
By mandating cyber insurance, you’re showing your clients that not only do you care about their data, but you have a firm grasp on the importance of cybersecurity. It will increase their trust in your expertise and you and your client will be protected by the right insurance, not something they picked on a whim.
Tips for Cyber Insurance Buyers
Your clients understand the importance of cyber insurance. Now what?
Perform a cyber risk assessment. To make informed and relevant insurance recommendations, get a full understanding of your clients’ existing vulnerabilities, security controls, policies, and procedure currently in place.
Choose a good insurance agent. Ensure your licensed agent is qualified to help you through this important process. More on this in the next section.
Invest in security controls, processes, and procedures. Core security controls are required under cyber insurance policies. This list continues to evolve. Even where they aren’t required, procedures like security awareness training and pen tests will help you identify and reduce cyber risks.
Applications need honesty and detail. It’s crucial to be thorough during the application process to ensure claims don’t get denied when the time comes. This includes using an addendum to explain “no” answers and outlining any updates that have or will be performed.
If MFA is attested as “enabled” but not in place during an incident, claims could be denied, coverage could be lost, or the applicant could face litigation from the carrier.
Choosing the Right Cyber Insurance Agent
When deciding what agent to work with, do your research ahead of time to ensure they are licensed for property and casualty insurance. Here are some preliminary questions to get the conversation started.
First Questions to Ask:
- Can you break down the coverages of a comprehensive cyber policy for me?
- What would make a company like mine a good cyber risk?
- Do you have a dedicated cyber producer at your agency? If not, how are your agents staying up to date on cyber insurance trends?
Incident Response Best Practices
An incident occurs, but you’ve worked hard to ensure your client has the right coverage. What’s next for your client?
Treat it like a crime scene.
Don’t wait to call your insurance carrier. Delays just cause more problems. Give them a call immediately by referencing the number on the policy.
Don’t interfere with the carrier’s IR efforts. Allow the carrier to move forward with their preferred vendors to avoid liability.
Don’t destroy logs. If the evidence is destroyed, the case becomes much harder to solve.
Keep calm and carry on with the plan. Refer to your Incident Response Plan, and keep it up to date
Now that we’ve addressed the whale in the room, it’s important to ensure you and your clients are protected.
Meet insurance requirements with
Written in partnership with:
FifthWall Solutions is a top-rated cyber insurance partner that works with over 1,000 MSPs and IT professionals. With access to more than 45 carriers, FifthWall offers the best rates and coverage options available to your clients through free policy reviews.
FifthWall also educates and equips security-focused MSPs to navigate the cyber insurance process for clients and leverage their stack along the way.
To get started with FifthWall, and learn more about the benefits of partnership, including access to an easy, singular insurance application, visit fifthwallsolutions.com/msp today.
