Thanks to MSPs, most SMBs now realize their company’s size or lack of sensitive customer data won’t keep them safe or save them from cyberattacks. But thus far, they have been slow to buy cyber liability insurance.
As with other forms of insurance, cyber liability insurance can protect a business against business-threatening financial losses, if the right coverage is selected and the business is careful to understand and meet the requirements of its policy.
An Easier Sell
“For a long time, [cyber liability insurance] was considered ‘overkill.’ Then it became, or is becoming, a necessity to do business,” said Maria Scarmardo, CEO of Praxis Data Security. “MSPs have started to communicate that to their clients and explain why it is a necessity.”
At the same time, Scarmardo said cyber insurance is getting harder to acquire. Reasons include:
• Rising premiums, which makes it cost prohibitive for some businesses.
• The due diligence process involved with selecting the right insurance carrier and policy is increasingly cumbersome.
• It’s harder for businesses to prove they have addressed an ever-increasing number of vulnerabilities, so approvals and renewals are harder to get.
That might be why Justin Wilkes, sales director at Envision Technology Advisors LLC, said that mentioning cyber insurance to clients can often result in a sale for the MSP.
“It’s almost a one-to-one ratio: If the client is engaging with our cyber liability insurance partner, there will be things that they don’t have in place that we can help them with,” Wilkes said.
For example, to obtain coverage, one client requested employee posture trainings and a Microsoft Zero Trust implementation — netting about $40,000 for Envision.
When to Pitch
The question is not “if” but “how much? ” said Dawn Sizer, CEO of 3rd Element Consulting. MSPs need to understand how much coverage their clients need, and how much they could save on premiums with an improved security posture.
Scarmardo suggested MSPs bring up cyber insurance during regular quarterly reviews. It can start with a no-pressure conversation and some educational collateral left behind. It’s even more convincing if those materials come from the client’s own industry, so MSPs should plug into customers’ industry trade groups.
“It makes it about them, not you as a tech company saying they need this and that,” Scarmardo explained. “It shows you care when you say, ‘I have seen that your trade organization recommends this; how can I help you with that?’ ”
Cost in Translation
The biggest pain point in obtaining quality coverage is understanding and filling out the requisite forms. Businesspeople often get frustrated answering countless questions, many of which are technical in nature. But that’s where MSPs can shine.
Wilkes said confusion stems from questions such as:
• Do you have your backups deployed? Where are they? Clients may not know.
• Are they immutable? “Immutable” refers to anything that cannot be changed over time.
• Do you have a SIEM (security information and event monitoring) and/or EDR (endpoint detection and response) in place? Laypeople often are unfamiliar with acronyms for these and other technologies.
As a security-focused expert, Scarmardo frequently relies on MSPs to help with certain technical language. “A regular business owner … definitely needs help and support from both technical and security specialists to fill those [forms] out,” she said.
But don’t actually fill out the forms yourself, cautioned Sizer. She reminds clients that the insurance application is a legal document that her own company cannot attest to.
If It Ain’t Broker
One of the best ways to ensure you’re giving customers what they need is to choose a reputable broker. While cyber insurance is a given for her high-risk clientele, they still need guidance on where to buy it, Sizer said.
“That’s where we step in and say, ‘Maybe we shouldn’t look at this little policy from the company down the street. Let’s look at something more comprehensive, or a broker that carries a wider array of things that would make more sense for your particular business, or for the data that you have.’ ”
Her team helps evaluate brokers for red flags, such as outdated offerings or language, Sizer said. “Those are the ones that I worry about because they’re asking about technology that doesn’t exist anymore or doesn’t exist in the same context that it did previously. Or perhaps they’re recommending specific vendors that some of us wouldn’t touch with a 10-foot pole.”
Scarmardo and Wilkes both caution against selling yourself as a one-stop-shop. Instead, build relationships with a good broker or carrier. A good partner provides ongoing insights into what customers need to do to get the best coverage.
While it’s important for an MSP to make it clear it is not the insurance expert, shepherding the client through their cyber insurance journey is a major value add. Sizer said the key is to make it a business conversation.
“If you can, tie [cyber insurance] back to their business plan, or business continuity. Make sure to ask, ‘If you don’t have it and the worst-case scenario happens, what would that look like for your business?’ ”
Image: iStock