After an incredibly damaging and costly run of high-profile cybercrime, many businesses may be relieved to learn they can purchase some protection in the form of Cyber Risk Insurance. With so many companies having their data held hostage, who wouldn’t be a little scared that they might be next?
But like every product category that emerges to meet a market need, it’s still a bit of the Wild West out there. There is a massive amount of variation and inconsistency among policies. Even an industry professional could have a hard time keeping it straight, much less a small business owner who doesn’t spend their days consumed with IT issues.
The landscape of technology adoption is always evolving, as is the nature of the threats cybercriminals pose to businesses. This all only adds to the complexity and confusion around this topic.
Not all cyber insurance is created equal
Unlike more established insurance markets, there is lots of diversity in the cyber insurance market. Policies vary widely when it comes to premiums, extent of coverage, and deductibles.
But the most concerning disparities between underwriters and policies are the baseline compliance requirements that policy holders must meet to be eligible for receiving a payout on a claim.
Much like home insurance policies require homeowners to cover bases, such as having a sufficient amount of amperage for their circuit breakers or their swimming pools fenced off, cyber insurance policy holders are obliged to have certain precautions in place.
However, the nascent cyber insurance industry has yet to agree on any sort of standard, forcing each underwriter to come up with their own. On top of that, without decades of historical data to inform current policies and premiums, these underwriters are overly cautious in many cases. They don’t want to overextend themselves and end up on the hook for far larger payments than they’ve bargained for.
So, what’s covered and for how much is uncertain until digging into the details of each policy. Likewise, the firewalls, password protocols, backup processes, and the like that businesses must have in place – and well documented – fluctuates wildly from one policy to the next.
Why SMBs need MSPs before and after they purchase cyber insurance
MSPs are an invaluable resource for SMBs making the responsible investment in cyber insurance. They can play a key role in making sure SMBs get a good policy at a reasonable rate and ensuring they won’t be denied a payout on any subsequent claims.
When underwriters evaluate a potential client, they’re trying to assess the risks. They want to make sure the odds are low they’ll have to pay out on a claim and will calculate a more expensive premium for the same amount of coverage to mitigate the dangers posed by riskier clients.
Therefore, the safer a company’s IT infrastructure appears during this process, the better the chance they’ll be eligible for the coverage they seek and get a reasonable and fair rate.
If an assessor deems an opportunity too risky, they might not offer coverage at all. But if the customer seems responsible, they’re more likely to charge a lower premium and offer a policy with lower deductibles and higher payout caps.
MSPs can add value at this stage by performing their own assessment and spotting the problem areas underwriters will likely flag as risks. They can then provide services and support to close weak spots in the company’s IT defenses and put in place the necessary preventative measures before they even apply.
Additionally, MSPs can confer with customers during the cyber insurance process to help them evaluate their coverage options, making recommendations and steering them toward reputable providers and favorable policies.
Once a business has signed on the dotted line and purchased a cyber insurance policy, they’re expecting claims to be paid out in the event of an applicable incident. But if they’re not maintaining the “due care” expected by the insurance company, a claim could be rejected.
MSPs can once again be incredibly helpful by implementing any required improvements or updates on their client’s behalf. Equally essential, MSPs can also perform the painstakingly critical work of documenting and reporting on these efforts. Because even if a company has done everything right, without proof an insurance company can still deny a payout.
By bringing customers into compliance and chronicling every step along the way, MSPs provide “insurance for the insurance.” And in the event of a dispute between the underwriter and the client, MSPs can serve as a mediator with plenty of evidence to prove the validity of their client’s claim.
For MSPs that recognize the importance and value of supporting clients when it comes to cyber insurance, the learning curve and administrative complexity may seem daunting. But leveraging the cyber insurance features of RapidFire Tools’ Compliance Manager GRC can dramatically simplify this undertaking.
By reviewing application forms from the top carriers in the industry, Compliance Manager GRC has aggregated all the potential technical requirements a customer may face. For each client, MSPs can select which apply to each engagement and then rely on the platform to indicate the steps to be taken to maintain compliance.
With everything recorded within Compliance Manager GRC, MSPs can generate reports for their clients and their carriers including Cyber Risk Analysis, Management Plans and Vulnerability Scan Details. MSPs will know which vulnerabilities must be addressed going forward and have clear documentation of those actions and improvements.
Compliance is a complex and exhaustive area for MSPs and their clients, but Compliance Manager GRC lets MSPs turn it into a key recurring revenue opportunity while cementing their relationship with customers.
Request a demo today to learn how your MSP can get into the cyber insurance compliance game and help customers get the most out of their insurance policies and protection.