Insurance is a must-have for most organizations in this age of ample risk and even more ample litigation. Every entity who uses technology — from global corporations to small businesses — face cyber risk, specifically. Every business needs to be prepared with cyber liability insurance along with a comprehensive strategy to manage and mitigate actual cyber risk.
This applies even more to managed service providers, as they are typically the first line of cyber defense and are expected to protect their clients. As such it falls upon MSPs to gain a deep understanding of cyber liability insurance, including how it works and which situations demand it.
What is Cyber Liability Insurance?
Cyber liability insurance (sometimes called cybersecurity insurance) is a specialized insurance policy with coverage options to help protect businesses from data breaches, productivity loss, and other cybersecurity-related issues. Because cyberthreats are on the rise and more businesses are becoming aware of the risks, cyber insurance has become a trending topic among IT service providers.
Why Do MSPs Need Cyber Liability Insurance?
The primary reason why an MSP needs cybersecurity insurance is pretty straightforward: to transfer risk from your business to the underwriter. MSPs bear a lot of risk from malware, data loss, insider threats, and productivity loss — risks that are easier to bear when the financial recourse is offloaded onto an insurance provider.
Cyber liability insurance usually covers the expensive costs associated with data breaches and cyberattacks. Without insurance, you might be held liable for things like lost income due to a cyber incident, the costs of notifying customers affected by a breach, and the costs for recovery.
Policies vary, but many offer coverage for:
- Court costs and litigation
- Regulatory fines
- Crisis management and recovery
- Downtime and interruptions
- Extortion and ransoms
Cyber liability policies tend to be unique in their requirements and coverage. We recommend seeking help from an insurance expert to ensure that you meet all requirements and choose the best policies for your clients. Additionally, you may be able to form an “affinity marketing” relationship with cyber insurance reps, passing quality MSP leads back and forth depending on what the end user is looking for.
What Other Types of Insurance Does an MSP Need?
Cyber insurance isn’t the only policy that an MSP needs, of course. The following insurance policies should be considered by managed IT providers who wish to reduce their overall risk:
- General Insurance
General policies include coverage for your company vehicles, office buildings, employee healthcare, and other internal necessities. Chances are you’ve already squared away these essential insurance policies for your business.
- Professional Liability Insurance
Professional liability coverage helps to indemnify you in cases where loss or damages result from negligence. While it’s nice to think that your MSP will never be negligent, it often happens that insurance adjusters or other entities will determine that you’re at fault. It could be from a mistake or oversight — or actual gross negligence — but professional liability coverage will make sure the client filing the claim is taken care of regardless.
- First-Party Cyber Liability Insurance
MSPs should build a first-party cyber insurance requirement right into their agreements. As you know all too well, you can’t control all aspects of a client’s cybersecurity, especially when it comes to their staff. You don’t want to be held accountable for damages related to an insider threat or a hapless clicking of a phishing email.
Important MSP Cyber Insurance Inclusions
Because all policies are different, you’ll want to make sure a few critical coverage options are available. You don’t want to experience a cyber incident only to find out your coverage isn’t sufficient to cover the damages!
Ensure there’s a provision for covering lost client data. We also recommend adding a clause to your client service agreement that requires clients to keep secure local backups in addition to any backup services you’re providing. This provides extra legal insurance against catastrophic data loss should it ever occur.
Insider Threat Coverage
Insider threats come in many forms. Look for protection from mistakes or intentional harm caused by agents of the client. You typically have very little control over who’s clicking around emails or who might turn rogue and steal data within a client’s organization.
Third-Party Coverage for IT Channel Vendors
The tools you use are yet another threat vector for your MSP. As you know, tools like PSA and RMM are hot targets for hackers, and you will want to know how coverage is handled if one of your tools is compromised.
IT managed service providers should actively seek out insurance firms to learn more about protecting their businesses. Cyber liability insurance is all but essential in 2022 as a means to transfer risk and potentially save thousands of dollars in losses or damages.
Choosing a cyber insurance provider and policy requires careful thought and planning. You must be aware of exclusions that may affect your claims. Coverage should include all of the most likely scenarios, including data loss, insider threats, vendor breaches, and ransomware. It’s also recommended that MSPs require first-party cybersecurity insurance be obtained and maintained by each of their clients.
Gaining a trustworthy reputation is key for IT managed service providers. You can’t grow your business and stay profitable if you’re constantly putting out security fires — or worse, dealing with a major cyber incident. A proactive approach to security and risk management can become part of your MSP’s brand identity, another critical aspect of the modern IT provider who seeks to generate leads and grow their client list.
If you want to learn more about building a brand around security and growing your position as a cybersecurity leader, we invite you to contact the MSP branding experts at YSE.