Lifecycle managerProduct backup radarLifecycle insights for navigation links visualizationCognition360Control Map

Cyber Liability Insurance: What MSPs Need To Know

Published September 26, 2022
Avatar photo
Evan Pappas

When faced with the need to protect clients, MSPs aim to reduce risks and create a safe environment for clients to work in. But despite the hard work and effort that goes into MSP security measures, it’s not always possible to be 100% protected. 

‍Now more than ever, MSPs need to know about cyber liability insurance. With recent studies reporting that cyber threats have increased by 81% since the global pandemic and that ransomware payments are increasing rapidly, MSPs are looking to refine their security and recovery plans for clients. 

‍We’ve detailed below what you need to know about cyber liability insurance, how it affects both MSPs and their clients, common ways to qualify for insurance, and how other MSPs have recovered from cyber attacks. 

What is Cyber Liability Insurance?

‍MSPs around the world are now working even harder to protect themselves and their clients against lasting damage or monetary losses created by ransomware, data corruption, backup destruction, and other malicious attacks. 

‍Insurance helps businesses by compensating them for losses to assist with the recovery process and provides access to beneficial services like security audits and investigation expenses. MSPs have been able to prevent extended downtime for clients, recover money and data, and prevent clients’ reputations from damage. 

‍Protecting clients also protects your MSP. A cyber attack is a high stakes situation that can often make or break an MSP’s reputation and relationship with clients. A business could be looking at extended periods of downtime where normal operations are not possible, sensitive information could be leaked, sold or stolen, and important data can be destroyed or encrypted. These situations could cause irreparable damage to an MSP’s reputation. 

‍A fast and effective recovery process will help you maintain good relationships with your clients, potentially attracting other businesses to hire your MSP for its security services. 

Qualifying for Cyber Insurance

‍MSPs have been working with clients to make sure they are taking the steps necessary as an organization to qualify. Insurance providers request that the applying businesses can demonstrate that they already implement cyber security best practices before being eligible to receive coverage. 

‍It’s also important to determine if the insurance provider is the right fit for their client by evaluating their coverage policies and costs. What types of coverage does a client want and what would be most effective to have in place? MSPs need to work with their clients to find the right fit in coverage and cost.

‍The common best practices insurance providers look for when approving applications include:

  • Multi-factor authentication 
  • Endpoint threat detection and response
  • Secure and encrypted backups
  • Privileged access management
  • Email/web filtering. 

Making sure your clients are able to qualify through standardized security metrics like these can be time consuming. Tools like Lifecycle Manager and Backup Radar are used by MSPs to show clients where the vulnerabilities are in their tech environment. By automating data collection and showing clients an analysis of their tech, MSPs can work with clients to take any steps to modernize and secure their workplace to qualify for cyber insurance. 

‍Implementing these policies will never make a business 100% secure, but by improving their internal practices, creating a disaster response and recovery plan, and getting insured, your client will be running a much safer business. 

‍Jeff Fulton, fractional CIO of SafetyNet, has assisted clients with reviewing insurance options, helped them file for it, and work through any audit process. Fulton said he needs to know if there are other kinds of compliance that a client requires based on the laws or industry the business operates in. For example, government agencies often require a more strict set of requirements that MSPs can work with their clients to achieve. 

‍A comprehensive report on the tech stack is an extremely useful tool for MSPs to provide to auditors evaluating the client’s application. ScalePad Lifecycle Manager has been a key method for MSPs like SafetyNet to easily provide that information. 

‍“The Lifecycle Manager report is an artifact we send to the auditors in most cases. A question that a banking auditor is going to ask is ‘I need a copy of everything in your fleet, age and OS,’ because they are going to look at it and [see which assets still are on Windows 7]. We are providing them that level of documentation,” Fulton said.  

‍With tools like Lifecycle Manager to monitor hardware and software as well as Backup Radar managing a client’s Backup environment and health, MSPs can leverage this information in the insurance application process to help secure coverage.

Recovering from an attack

For Luis Alvarez, CEO of Alvarez Technology Group (ATG), cyber liability coverage was able to help his clients when struck with ransomware. The recovery processes can take a few weeks, he said, as the insurance provider needs to do a forensic analysis and work through their internal analysis and evaluation process. 

Alvarez was able to help speed up that process using asset lifecycle reports from Lifecycle Manager. ATG was able to provide the comprehensive report of the client’s tech stack for the insurance company’s forensic review. With the report in hand, the insurance provider was able to get the client working again as soon as possible. Lifecycle Manager’s detailed scope of work proved to be an important part of working through the recovery process. 

“It made it really easy for them to get approval from the insurance company to move forward, it didn’t take [more than] 24 hours. We included all the information they normally would have to extract from another provider,” Alvarez said.

Every client will have different needs in the insurance and recovery process, and understanding those needs is going to be one of the most important goals for the MSP. Working with clients to determine how they can become operational after an attack is vital. 

The next era of security

Security measures are constantly evolving and MSPs need to stay up-to-date to protect themselves and their clients. For Alvarez, he sees the next phase of security as one of compliance with new standards. With a growing number of laws being passed by governments around the world regarding digital security regulations, it is vital for MSPs to stay at the forefront of compliance.

‍“We are used to our banks, financial institutions, doctor’s offices, and hospitals having regulations to comply with and to protect private information. The rest of us don’t think it impacts us and what we are learning is, yes, it does impact us,” he said. “So it’s up to us in the MSP space to get smart about those things and start providing advice and the kinds of tools and services our clients need.”

Get started on modernizing your clients’ tech stack to qualify for cyber liability insurance with Lifecycle Manager. Use our best-in-class asset monitoring and warranty renewal services to help reduce hardware and software vulnerabilities. Keeping clients as safe as possible during normal business operations can make working with insurance providers easy. Book a demo or start with the free edition today.