What MSPs Need to Know About Cyber Insurance Policies

From business interruptions to rising incident response costs and cyber threats looming as the war in Ukraine continues, cyber insurance companies aren’t taking any more risks. 

Cyber threats have increased by 59%, to one in 64 companies being affected in 2022. With remote working becoming more popular, cyber insurers are adjusting their policies and weighing customer liability based on the preventative measures Managed Service Providers (MSPs) are taking, including a robust password management system. It is now more important than ever that MSPs evaluate their cybersecurity coverage to ensure they are protected in the event of an attack.

What is Cyber Insurance and How Does it Benefit MSPs?

Cyber insurance mitigates losses from cyber incidents like data destruction and/or theft, extortion demands, hacking, denial of service attacks, crisis management activity related to data breaches, and legal claims for defamation, fraud, and privacy violations. Cyber insurance policies also cover the costs of data recovery, system forensics, legal defense, customer reparations, and more. This type of coverage benefits MSPs as it would any customers; however, many MSPs have more data at risk given the nature of their business. So, while the answer to how it would benefit an MSP may seem obvious, let’s now dive into the “why?”.

Why Should MSPs Invest in Cyber Insurance?

You may be asking yourself why a cyber-criminal would target an MSP. When a cyber attacker successfully gains access to an MSP’s data, it’s also gaining access to clients’ secured data, which is the crème de la crème of breaches for a cybercriminal. This is also one of the biggest concerns for an MSP – how to keep client data safe. The sad truth is that many MSPs still do not see the benefit in making investments in cyber insurance. In fact, a recent survey shared that 35% of MSPs did not have cyber insurance when they were a victim of a cyber-attack, which resulted in not only major loss in funds, but the loss of customers and overall brand trust.

Ways to Protect MSPs  

A lingering question remains: does cyber insurance protect an MSP against breaches? Just as car insurance doesn’t prevent a car accident from happening, cyber insurance doesn’t prevent a cyber-attack from occurring. However, it does support MSPs in the aftermath if an attack does take place.

With cyber-attacks increasing and insurance policy pricing on the rise, there are a few steps an MSP can take to ensure their customers know that they are keeping their data safe.

Sticking with car insurance scenario, just as you would give your insurer proof of safe driving practices to keep those around you safe, you can similarly show a cyber insurance provider that you are taking steps to keep customer data safe through additional resources. As a result, this can increase trust in MSPs and potentially lower premiums.

Additional steps that can be taken to gain trust from insurance providers and customers include:

Withholding administrative data until it’s absolutely necessary. While this seems simple even with a small number of employees at a company, it’s often easy for information to slip through the cracks over time.

Ensure you are implementing enterprise password management software (EPM). An EPM solution tracks password security across all MSP employees, and many cyber insurance companies are now requiring MSPs and customers to implement EPM software with multi-factor authentication (MFA) to keep premiums lower. Features like a built-in password generator, secure credential storage, and automatic credential filling help the MSP use strong, unique passwords to protect both the MSP’s systems and their clients’ systems.

While MSPs needn’t scream from the mountain tops that they have cyber security insurance policies, adopting policies can be a great way to show customers that they are invested in keeping them secure and want to maintain their trust. As a best practice, MSPs and all businesses should take a step back and evaluate long-term data protection plans and how it will affect their business as a whole.

About the Author

Mike Hines is Vice President, North America Channel Sales at LastPass. LastPass provides password and identity management solutions that are convenient, easy to manage and effortless to use, helping more than 33 million users organize and protect their online lives. From enterprise password management and single sign-on to adaptive multi-factor authentication, LastPass Business gives superior control to IT and frictionless access to 100,000 businesses.

Featured image: ©Gorodenkoff