35% of MSPs who have experienced a ransomware event cited financial damages in excess of $1 million. 40% of MSPs indicated they could not endure more than $500,000 in damages, and 23% could not withstand even $50,000. As the number and severity of cyberattacks continue to increase, MSPs are turning to cyber insurance as a way to protect against catastrophic losses associated with a security breach.
Just as someone who is young and healthy can get life insurance at a better rate than someone with serious health issues, cyber insurers will examine an organization’s security policies and procedures prior to setting rates. Getting a lower rate based on having sound security measures in place is important. According to Marsh, a global insurance broker and risk advisor, cyber insurance pricing in the U.S. increased an average of 96% year-over-year in the third quarter of 2021. That was a 40% percent rise over the prior quarter and the largest since 2015.
But simply buying cyber insurance should not create a false sense of security. Cyber insurance should be used to strengthen an MSP’s security posture, not be the core of their security efforts. Even if you are covered financially, your business and brand could still suffer by not implementing appropriate security policies and protocols. MSPs need to constantly assess risk, identify vulnerabilities, and bolster their security posture so a breach doesn’t happen in the first place.
Cyber Insurance to Build Value with Clients
Cyber insurance policies are a key component of any MSP-client relationship. Even if their clients have cyber insurance, MSPs still need to carry it too. 57% of MSPs reported an 11-20% churn rate following a ransomware event. Very few estimated that they avoided attrition altogether, and 13% reported aggressive churning rates of 50% or higher. Additionally, increased technical requirements to qualify for a cyber insurance policy, such as MFA and incorporating web intelligence solutions, is an opportunity for MSPs to open more doors and have additional conversations with customers.
Types of cyber insurance policies
Cyber insurance policies include different types of coverages that span first-party loss, first-party expenses, and third-party liability.
- First-party loss: Just as it sounds, first-party loss applies to the organization that takes out the policy. A first-party loss would typically include loss of revenue due to business interruption.
- First-party expenses: This would include services and resources needed to recover from an attack, such as incident response and remediation.
- Third-party liability: This covers expenses and legal fees related to damage to third parties, such as partners, customers, or even employees whose sensitive information has been compromised.
What do cyber insurance policies cover?
Cyber insurance policies cover specific scenarios that might or might not be relevant to your business.
- Privacy Liability: This covers companies from liabilities associated with violations of contractual obligations to protect employee and customer data, as well as violations of privacy laws, such as GDPR. It can protect against unfortunate events that arise out of a breach, such as a class-action suit filed by customers.
- Network Security Coverage: This covers against network security failures, including business email compromises, ransomware, malware infections, and data breaches. First-party costs covered in this scenario could include breach notifications to customers, data restoration, legal expenses, credit monitoring, public relations, IT forensics, payment of a ransom.
- Errors and omissions: Sometimes an interruption of service can be caused by a misconfiguration, a botched software update, or some other internal mistake. This coverage protects against claims related to failures to fulfill contractual obligations due to errors and omissions.
- Network Business Interruption Coverage: This covers the organization for the cost of lost business in the event that an attack brings down your network, or brings down the network of a cloud service provider who might be hosting your Web site, or other mission-critical parts of your business.
How Media Sonar can help
To continue with the life insurance analogy, insurers might require that you get a physical with the insurance company’s doctor prior to determining whether to even offer you a policy. Similarly, cyber insurers are tightening underwriting requirements and making sure that organizations have the proper security and risk management controls in place. Most MSPs with a security portfolio are likely already offering endpoint and network monitoring services. Insurers are looking for companies that have automated tools to provide brand protection, information protection, executive protection, as well as third-party intelligence.
Augmenting existing services to defend clients’ digital risk profiles moves an MSP up the value chain. The penalties are harsh for MSPs who do not take security seriously. In fact, data breaches are the number one reason an MSP loses a client. Not only does expanding service offerings with platforms like Media Sonar enable MSPs to be more confident about their strategies and establish repeatable revenue streams, it instantly boosts compliance and helps validate security controls in order to obtain cyber insurance at a reasonable cost.