From business interruptions to rising incident response costs to Russian cyberthreats looming as the war in Ukraine continues, cyber insurance companies aren’t taking any more risks. With a 300% increase in cyberattacks since the onset of the pandemic, cyber insurers are adjusting their policies and weighing customer liability based on the preventative measures managed service providers (MSPs) are taking, including a robust password management system.
It is now more important than ever for MSPs to evaluate their own cybersecurity coverage to ensure they are protected in the event of an attack.
Cyber insurance mitigates losses from cyber incidents like data destruction and/or theft, extortion demands, hacking, denial-of-service attacks, crisis management activity related to data breaches, and legal claims for defamation, fraud, and privacy violations. Cyber insurance policies also cover the costs of data recovery, system forensics, legal defense, customer reparations, and more. This type of coverage benefits MSPs as it would any of their customers; however, many times MSPs have more data at risk given the nature of their business.
When a cyber attacker successfully gains access to a MSP’s data, it’s also gaining access to clients’ secured data, which is the crème de la crème of breaches for a cybercriminal. This is also one of the biggest concerns for an MSP—how to keep client data safe.
The sad truth is that many MSPs still do not see the benefit in making this investment in cyber insurance. In fact, a recent survey found that 35% of MSPs who were a victim of a cyberattack did not have cyber insurance, which not only resulted in major losses in funds, but the loss of customers and overall brand trust.
Ways to Protect MSPs
A lingering question remains: Does cyber insurance protect an MSP against breaches? Just as car insurance doesn’t prevent a car accident from happening, cyber insurance doesn’t prevent a cyberattack from occurring. However, it does support MSPs in the aftermath of an attack.
With cyberattacks increasing and insurance policy pricing on the rise, there are a few steps MSPs can take to assure their customers that they are investing in keeping their data safe while also potentially lowering their own policy premiums. Sticking with the car insurance scenario, just as drivers can give an insurer proof of safe driving practices to keep those around them safe, MSPs can similarly show a cyber insurance provider that they are taking steps to keep customers’ data safe through additional resources. As a result, this can increase trust in MSPs and potentially lower premiums.
Additional steps that can be taken to gain trust from insurance providers and customers include:
- Limit the access to administrative data to the fewest number of employees as possible. While this seems simple even with a small number of employees at a company, it’s often easy for information to slip through the cracks over time.
- Implement enterprise password management (EPM) software. An EPM solution tracks password security across all MSP employees, and many cyber insurance companies are now requiring MSPs and their customers to implement EPM software with multifactor authentication to keep premiums lower. Features like a built-in password generator, secure credential storage, and automatic credential filling help MSPs use strong, unique passwords to protect both their own systems and their clients’ systems.
While MSPs needn’t scream from the mountaintops that they have cyber security insurance policies, adopting policies can be a great way to maintain customers’ trust and show them they are invested in keeping them secure.
It’s good way to lead by example too. A recent LastPass survey revealed that only 54% of businesses currently have cyber insurance. As we move forward, it’s going to become increasingly important for MSPs to help customers evaluate long-term data protection plans and discuss why cyber insurance should be a priority.
PATRICK MCCUE is the global vice president of global partners at LastPass, where he leads the company’s high-growth sales strategy for resellers, managed service providers, and technology and distribution partners, and fosters relationships with these key partners. Before joining LastPass, McCue served as the global vice president of channel sales at GoTo. Prior to GoTo, McCue was Senior Vice President of worldwide partnerships at Okta, where he was responsible for forging new partnerships for Okta in a broad array of verticals and geographies while expanding and empowering existing partners.