One of the most interesting people I spoke with at Ingram Micro ONE in Washington, D.C., this year was Edouard von Herberstein. He’s the CEO of SPECTRA, a cyber risk management platform and up-and-coming channel vendor.
Founded in 2022, the organization took off in June 2024 after inking a partnership agreement with Ingram Micro. Along with that, SPECTRA launched new certifications and cyber resilience warranties valued up to $1 million per customer.
Below is a lightly edited transcript of a very dynamic conversation with von Herberstein.
It’s a pleasure to speak with you, Edouard. Why is your company headquartered in Bermuda?
“Bermuda may seem like an unusual location for a cyber risk platform, but 70% of global cyber insurance premiums end up in Bermuda. It’s a hub for handling systemic risks, like natural disasters, due to its strong balance sheets and history with these types of risks. This makes it an ideal location for managing cyber insurance risks as well.”
Can you give us the 30-second elevator pitch if an MSP hasn’t heard of SPECTRA?
“From an insurance standpoint — which is my background — we’re seeing a growing emphasis on ensuring strong, managed security practices are in place before insurers offer a cyber policy. Many claims result from poor backup designs or weak incident response plans.
“With SPECTRA, we aim to cooperate with insurers, not compete. We’re an exclusive partner with Ingram Micro, working closely with TrustX and other partners to bridge the gap between MSPs and insurers.”
Edouard von Herberstein
Who are your ideal partners?
“We work with MSPs that deliver what we call foundational security solutions. Insurers typically want to work with companies that are diligent about managed backups, endpoint protection, email security, MFA. Sometimes DDoS protection and disaster recovery services a well. MSPs providing some or all of these services are our target clients.”
How closely do you work with MSPs when they’re talking to prospective clients?
“We help build a ‘trust bridge’ with insurers, but trust goes both ways. Insurers often want telemetry to monitor client environments. We focus on building trust through certification rather than constant monitoring. We certify MSPs’ internal controls and their foundational security offerings, so insurers recognize them as qualified. Insurers we work with offer better insurance options for certified MSPs and their clients.”
How does your certification process help MSPs?
“MSPs tell us that our certification process helps them improve their internal controls. For example, we help them identify gaps — like missing encryption on backups — that can be addressed quickly. The certification process is lighter and less expensive than SOC audits. It’s a practical way to strengthen security and reduce cyber risk.”
Does the certification process involve a cost?
“There is a cost, but once certified, MSPs can offer warranties to clients. For instance, if a certified MSP’s backup service fails, we provide a refund of 12 months’ fees. It’s not insurance; it’s simply a warranty on the service, helping build client confidence without the complexity of insurance.”
Is this warranty unique in the industry?
“Yes, this service warranty is distinct from insurance. Many vendor warranties focus on the end customer following best practices, but we focus on MSPs. If the MSP meets our certification standards, we stand behind their services with a simple refund guarantee if something goes wrong.”
How do you respond to emerging cyber threats driven by AI? Does it impact policies?
“AI is both a tool and a challenge. For example, a CEO from a top AI company remarked that its future lies not in AI but in security. Businesses can only enjoy AI’s benefits in a secure environment. Insurers are increasingly cautious. Some are even considering excluding AI-related claims. Insurers and MSPs need to work together to secure AI environments to manage this risk effectively.”
What’s the value of events like this one and the partnership with Ingram?
“Ingram exposes us to hundreds of MSPs, and we’re about to announce a program with TrustX. Our goal is to work cooperatively, not competitively, with insurers. We make insurance more accessible to MSPs without insurers overstepping into security roles. It’s about ensuring both sides respect each other’s strengths.”
Do you think it’s beneficial for insurers to try selling security solutions?
“Honestly, no. Reselling security through insurance brokers doesn’t work. Brokers have limited engagement time with clients, and they’re not equipped to discuss security in detail. This is precisely why MSPs are essential. They provide the day-to-day management and expertise that brokers lack.”
What’s your advice to MSPs that are trying to grow in 2025?
“My advice is to differentiate by shifting the conversation from tech to risk. Today, we’re seeing more CFOs and chief risk officers in these discussions asking about outcomes rather than just technology. By offering foundational managed services, MSPs can position themselves as strategic partners in reducing cyber risk. That opens doors for better insurance coverage and deeper client relationships.”
Any final insights for our audience?
“Liability is a growing issue as companies seek clarity on who’s responsible when incidents occur. This is an opportunity for MSPs to add value by discussing risk, not just technology. It’s a chance to strengthen client relationships and add stickiness by positioning themselves as risk partners, not just tech providers.”
Featured image: iStock
