THE QUICK MOVE to remote work forced by the COVID-19 pandemic has multiplied cyberthreats significantly. As a result, organizations face not only major changes in security management but tighter requirements from cyber-insurance providers. Channel pros have an opportunity to help their customers demonstrate to cyber-insurance providers, however, that they understand how high the cyber risk has become and have policies and procedures in place to tackle the challenge, according to Tamara Bruno, partner at Houston-based law firm Pillsbury Winthrop Shaw Pittman LLP.
In response to the increased risk, Bruno says, the cyber-insurance market is hardening, which means increased premiums and decreased capacity, both of which impact pricing, retentions, and deductibles—areas that are already reflecting “the immediate changes,” she notes.
Other observed changes include stricter interpretation of policy wording by insurers. Ben Filippelli, IT director at Level5 Management, a managed service provider in Boca Raton, Fla., has seen a “tightening of the screws in the kind of leeway they are giving companies [that file claims]. We’ve seen it become more stringent in enforcing what’s in existing policies.”
For example, when a breach occurs, businesses with existing policies are being subject to increased pushback from providers already prone to denying claims, Filippelli says. Meanwhile, new customers may not even be able to get a cyber-insurance policy.
“If people are trying to get those policies now, they're struggling,” he says. “I think [insurance providers] feel, ‘We're in the middle of something, I can't start to insure you now.’ You could start the process, but … it might be a few months before they start writing policies.”
Channel pros can offer support and advice to customers on managing the potential impact of these policy changes, such as how best to present themselves to cyber-insurance providers, says Jack Kudale, CEO at Cowbell Cyber, a cyber-insurance provider in Pleasanton, Calif. “Go beyond cybersecurity and incorporate cyber-insurance strategies in your recommendations,” he advises MSPs.
Bruno adds that MSPs can “give customers the tools and language to [show insurers] why the system they’re using is less of a security risk than others, and demonstrate new or enhanced policies when it comes to things like social-engineering hacking.”
MSPs looking to be part of this journey with their customers, she stresses, can “offer the information they need to make the best case to their insurance company as to why they're not such a significant risk.”