Cybercrimes occur every hour of every day, and there is no guarantee that the security measures we put in place will be effective 100% of the time. Attacks like data breaches cost enterprises millions each year in recovery costs and often result in hefty fines and legal fees. Of course, a successful cyberattack can be equally as devastating for your SMB clients as well as for your MSP business. Hackers do not discriminate.
The reputational damage and loss of customer and employee data can be just as detrimental as the monetary consequences of these attacks, which helps explain why cyber liability insurance is gaining traction so quickly. Allied Market Research predicts that specific segment of the indemnity market will grow at a CAGR of 24.9% through 2026.
Unfortunately, this field can be very confusing for MSPs and their clients (and pretty much everyone else), with insurers offering a host of different options to cover a wide variety of risk factors. Who in the industry knows what a business should spend, which activities are covered or excluded, and the processes to follow if something terrible were to happen?
There must be an easier way. Here are a few simple suggestions to get MSPs started down the right path:
1. Define Cyber Liability Insurance
These policies generally cover the cyberattack recovery costs. When a business experiences a data breach or gets hit with ransomware, MSPs can easily spend hours remediating the problem and restoring systems. They may also need to bring in outside specialists to address specific issues. A good cyber liability policy will cover those expenses.
Corresponding legal claims should also be included. Cyber insurance typically protects from three types of risk: privacy, information, and operational. These plans are designed to provide small businesses with resources to respond to a breach and resume operations as quickly as possible. Financial compensation is just one of the deliverables.
Some general business liability insurance policies already include basic cyber coverage. However, these are usually very low-level offerings that will not provide the comprehensive protection your business and your clients need.
2. What Does it Cover?
There is no one-size-fits-all policy, and many insurers offer a variety of options for MSPs and their clients. Truthfully, there is no industry or business standard for cybersecurity liability insurance, though there are a few fundamentals. For example, there are two types of coverage: first-party and third-party.
First-party coverage refers to the immediate costs incurred by a cyberattack. Those are the expenses businesses incur from notifying shareholders of a breach, restoring affected technology systems and data, and paying employees for lost time due to the attack.
Third-party coverage helps with legal claims and lawsuits. For example, compromised companies can be hit with fines from compliance bodies and face numerous lawsuits relating to unauthorized access of customer and employee data. Some insurers will also provide risk mitigation services on top of first-party and third-party coverage.
3. What Is Not Covered?
Exclusions may be the most important part of cyber liability insurance. Do you know what the policy does not cover in the event of an attack? Examples of exclusions include property damages or personal injury, loss of property, and criminal activity such as fraud or employee theft. While cyber liability insurance probably will not cover those things, you may be able to file a claim on general liability policies, commercial property insurance, or commercial crime insurance.
Social engineering attacks may also be a problem. While insurers might offer that coverage as an add-on or with smaller coverage limits, cyber liability policies commonly exclude those compromises.
4. How to Choose the Right Insurer
MSPs must understand how to vet potential insurers. When it comes to finding the right cyber liability policy, you start by asking the right questions.
What types of companies does the insurer support with their policies? What can providers and clients expect from the application, assessment, and claims process? What specific things are covered, and what do they exclude?
Don’t be afraid to get into the nitty-gritty details and exhaust all your questions. That due diligence can save you and your clients a substantial amount of money and headaches if hit with a ransomware attack. Ask if the policy covers employee-assisted cybercrime and specific reasons why the insurer would deny a claim. With so much at stake, one can never know too much or ask too many questions.
Connect the “Dots”
Cyber liability insurance is relatively new. Like any liability concern, this topic can be challenging for anyone to understand, including IT professionals.
As an MSP, you should spend time getting up to speed on cyber insurance. This area of expertise may not seem tech-related, but in many cases, business owners will look to you for answers or suggestions.
The good news is you need not take on that burden alone. With a growing number of brokers and insurers working in the cyber liability field, it is easier than ever to partner with people who have extensive experience protecting IT services firms and their clients. Look for professionals who can guide you through the process and answer the most difficult questions.
Every organization should take cybersecurity seriously today, and a well-crafted liability insurance policy helps ensure you and your clients get the final layer of protection.