YOU CAN’T FINANCE a car or get a home mortgage without insurance, but you can start a business without cyber insurance—but you probably shouldn’t. For SMBs evaluating the need for coverage, cyber insurance can seem complicated. That’s where MSPs come in. You can act as an adviser to help your customers find the right coverage, and qualify for it, while lessening your own business’s liability at the same time.
Unlike other business insurance policies with decades of claims to base premiums on, cyber insurance dates back only a few years. A common question is whether you can buy a “standard policy.”
“Absolutely not,” says Catherine Lyle, head of claims at Coalition Insurance, an “active insurance” company based in San Francisco. (Coalition describes “active insurance” as coverage designed to prevent digital risk before it strikes, combining technology and insurance.) “‘Cyber insurance’ is a broad term. It should cover an insured for cyber breaches, security failures, and the liabilities that arise from both.”
Charles Henson, CEO of Nashville Computer in Brentwood, Tenn., agrees. “Cyber insurance policies can vary widely in terms of what they cover, how much coverage they provide, and how much they cost. Some cyber insurance policies may cover things like data breaches, network outages, or cyber extortion, while others may not.”
The State of Rates
Although no two cyber insurance policies are the same, the consensus is that rates are stabilizing to some extent. Mat Kordell, COO of Cyberstreams, an MSP in Seattle, says the market is maturing. “Insurers have gained a better understanding of the risks involved and have been able to price policies more accurately.” As more companies purchase coverage, the insurers spread their risks across a larger pool of customers, which also helps stabilize rates.
“Cyber rate increases have definitely moderated for most of Coalition’s clients in recent quarters,” says Lyle. However, some carriers can price policies based on the security posture of a specific client, while others can’t. “Insurers will have notable different views of the appropriate price for the same risk,” continues Lyle.
Set the Example for Clients
MSPs, of course, will want to demonstrate to their customers the value of cyber insurance by being covered themselves. Shop around for your own policy, advises Kordell, who recommends “finding three brokers and having them all shop you with all their carriers.”
The proven way to negotiate the best rate for your MSP’s cyber insurance, says Lyle, is to demonstrate your network is well protected and can stop any malware from crossing over to your clients. She recommends regular attack surface monitoring, robust vulnerability patch management, and use of reputable EDR tools, preferably monitored continuously.
Mistakes to Avoid When Policy Shopping for Your MSP
“One of the biggest mistakes that businesses make when choosing a cyber insurance policy is failing to understand what's covered,” says Kordell. “Take the time to understand the policy's coverage limits, exclusions, deductibles, and other terms.” After the policy is in place, review the terms regularly since cyberthreats are constantly evolving. Update your policies as necessary.
“Choosing the wrong coverage amount would be one mistake MSPs may make when working alone,” says Henson. “Another would be not having the right type of coverage, including Errors and Omissions along with cyber liability coverage.”
Know the risk and cost of even a simple event, suggests Lyle. “Some entities will try to dip their toe into cyber insurance and get an endorsement or very low-limit coverage.”