Five Questions MSPs Should Ask about Cyber Insurance

With 42% of SMBs reported that they had experienced a cybersecurity breach in 2022 – and 83% reported that they had experienced more than one data breach during the same period. Given the statistics, cybersecurity remains a top concern, especially for small businesses. In the past, major insurance carriers had difficulty assessing and underwriting small business risks. So, in 2022, they went ahead and updated their qualification policies to ensure that these businesses accurately reflect their cyber posture. 

Emerging trends reveal that 87% of MSPs are seeing an increase in demand for cyber insurance from clients. Consequently, 75% of MSPs report that cybersecurity is becoming a major growth driver for their businesses. In this continuously evolving cybersecurity landscape dominated by escalating cyber threats, it becomes pivotal for MSPs to offer a unified cybersecurity solution. This is not just crucial for robust security but also a significant factor for these businesses to qualify for cyber insurance.

The Benefits of Cyber Insurance 

Cyber insurance is a policy that goes beyond general liability insurance to include protection against various cyberattacks. Not only does cyber insurance help you cover costs related to a cybersecurity incident, but it also assists your business in the event of a lawsuit, recovers from data loss, investigates the source of the attack, and helps your business recover and respond to the incident. Given that 60% of businesses that experience a cyberattack shut down their operations within six months, having a financial safety net becomes crucial. Not only does it ensure business continuity, but significantly mitigates the cyber risks as well.

Looking to boost your MSP revenue? Guardz got your back!

5 Cyber Insurance Questions All MSPs Should Ask 

Each cyber insurance provider has different terms and requirements. When selecting a provider, it’s vital to understand the difference between each cyber insurance policy, what it covers, what it excludes, and if there are any critical actions your business needs to take to get covered. 

1. What does the policy incorporate?

There are three main types of cyber insurance: 

• First-party coverage: This handles direct damages that your company suffers, such as business disruption, fines, or data recovery costs. 
• Third-party coverage. This type of coverage includes the financial damage of lawsuits and customer claims arising from a data breach. 
• Cybercrime risks. Depending on the policy, this may include cybercriminal behavior such as business email compromise (BEC), ransomware attacks, DDoS attacks, social engineering attacks, data breaches, and network and service damage, among others. 

Most types of cyber insurance are limited to first-party and third-party damages. You should make sure your legal department understands which type of coverage your cyber insurance includes so that you aren’t surprised in the event of an attack. Additionally, it is important to note that some coverages are optional and are only added as an endorsement. Therefore, it is best to know what options exist and what is needed for your specific situation.

2. What is excluded? 

It’s equally important to understand what your policy may not cover. Here are some common exclusions:

• Geographic Limitations: Some policies may exclude certain regions viewed as higher risk or compliance challenge zones.
• Avoidable Risks: Policies may disclude incidents occurring due to known, avoidable risks like weak passwords or improper data encryption.
• Pre-Existing Conditions: Many insurance providers exclude coverage for previously known vulnerabilities within your systems.
• System Upgrades and Infrastructure: Some policies will not cover the cost of needed upgrades for your existing systems or infrastructure following a cyber attack.
• Intellectual Property and Company Value Loss: A decrease in your company’s value due to intellectual property theft might not be covered under some policies. 
• Property Loss and Insider Attacks: Many policies also exclude coverage for property loss or damages resulting from insider and social engineering attacks.
• Physical Injuries to Staff: Though such injuries are typically covered under general liability insurance rather than cyber insurance, some businesses might expect it as part of their cyber coverage. Double-check your chosen policy to make sure you understand exactly what is included.

3. What are the requirements my business must meet to obtain cyber insurance? 

Many cyber insurance policies only cover businesses that conduct regular audits or compliance reviews. Consider employing a third party auditor to conduct the audit to ensure maximum transparency. In addition, many cyber insurance policies only offer cyber coverage to businesses with proper cybersecurity protection. This is where MSPs that utilize a unified cybersecurity solution, like Guardz, which also offers cyber insurance, become highly valuable. 

This requirement could significantly explain why 78% of businesses  would be more willing to hire an MSP if it includes both cyber protection and insurance. Check that you meet the cyber insurance provider’s requirements before applying for coverage.

4. Is there a limitation on how long it takes before reporting a data breach? 

According to IBM, the average time to identify and contain a data breach in 2023 was 277 days. This delay could make it difficult for your business to report a data breach in the specified timeline required by your cyber insurance provider without losing coverage. For this reason, many policies also have an extended coverage option that includes data breaches reported after the initial time frame.         

5. What response time should I expect after a cyberattack? 

Once a data breach or security incident is identified, prompt action is crucial. Take DDoS attacks, for example, disrupt business operations, so it’s critical you react to minimize revenue loss. A quick response also helps to preserve any evidence your business can use to understand the source of the incident and remediate it accordingly. Therefore, as an MSP looking to provide cyber insurance to their clients, you’ll want to find a cyber insurance provider that delivers service in the first 24 hours after the incident for maximum damage control.  

How Guardz Helps MSPs, and Their Clients Stay Protected

As the gatekeepers of digital assets, MSPs are responsible for ensuring the security of their clients against advanced cyber threats. With access to real-world data about claims and security incidents, Guardz has identified four main threats that impact businesses: phishing, ransomware attacks, data loss, and user risks. After providing a comprehensive security score based on the coverage and effectiveness of all implemented protections, we identify and address any potential weaknesses. By integrating secure and insure tools right into the MSP’s workflow, Guardz streamlines their job while also closing possible security gaps. This expert combination of cybersecurity knowledge with an understanding of insurance readiness forms a singular, optimized package. It facilitates business monitoring, management, and readiness for insurance, guaranteeing the security of your MSP clients. Most importantly, it delivers peace of mind to your customers and their employees.