THANKS TO RAPIDLY GROWING CYBERCRIME, SMBs (along with the rest of the business world) are finding cyber insurance coverage for losses resulting from malware, ransomware, phishing, and other types of attacks more necessary than ever before—and increasingly harder to get.
In fact, according to Forrester, demand for cyber insurance currently outstrips supply, and losses due to cybercrime are at an all-time high. “Fitch Ratings [a credit rating company] estimates that 2020 US cyber direct loss ratios were at 73 percent, the highest recorded level in six years, highlighting the extent of increased cyber damages and claims,” states Forrester’s 2021 report, The Cyber Insurance Roller Coaster: As Demand Speeds Up, Some Insurers Disembark.
The result? Forrester finds “a hardening market where premiums for standalone cyber policies are expected to increase by 30 percent in 2021—if they can be bought—and insurers tightening up their underwriting standards and exclusions.”
“It’s a mess out there,” says Joseph Brunsman, president of The Brunsman Advisory Group, an Annapolis, Md.-based professional liability and cyber insurance broker, whose client base includes MSPs, and co-author of Damage Control: Cyber Insurance and Compliance.
Companies selling cyber insurance are “losing serious money,” he notes. At the same time, he says, “We are seeing entire classes of businesses where it’s becoming near impossible to even get a quote.”
New and/or renewal quotes from major cyber insurers are now often accompanied by strict conditions too.
“We are seeing mature, established players demanding that companies implement specific controls, along the lines of, ‘You have to have cloud-based backups of critical data—and if you don’t, we are going to limit you to a $25,000 ransomware sublimit,’ which is way below what most companies need,” Brunsman reports.
This situation is driving a fast-growing emphasis on adoption of cybersecurity controls, he notes, which in turn presents opportunities for channel pros.
“For a lot of business owners, cybersecurity is a massive, overwhelming topic that they know nothing about,” Brunsman says. MSPs can help these businesses implement the cybersecurity controls required for a cyber insurance policy, he says, most of which are recommended best practices anyway.
MSPs need to take steps to protect themselves as well, according to Brunsman.
“The more businesses we see getting hit [by cyberattacks], the more likely it is that MSPs will eventually have clients that wind up bringing lawsuits or claims against them,” he explains.
To help head this off, Brunsman says, “I tell all of my MSP clients to consider contractually requiring all of their clients to carry cyber insurance themselves.”