ACI Leadership Series: Cybersecurity Insurance and MSPs Webinar Notes

Cybersecurity Insurance for MSPs: A discussion with Wes Spencer – Webinar notes

Hosted by Daniel Lowrie, ACI Learning edutainer. Guest and subject matter expert, Wes Spencer

Introduction:

The purpose of this guide is to serve as a complementary aide to help you follow along in our recent Leadership Series webinar episode, “Cybersecurity insurance for MSPs.” In this interview, our friend Wes Spencer - a nationally recognized technology innovator and cybersecurity expert - discusses what MSPs should know about cybersecurity insurance. Have these notes ready, then watch our full interview.

Cybersecurity insurance has become a significant task for Managed Service Providers (MSPs). The need for it grew quickly, and many businesses were caught unprepared. Today, MSPs are finding that both older and new clients are requesting solutions due to compliance mandates.

Key Takeaways:

1. The Significance of Cybersecurity Insurance:

• MSPs should recognize the importance of cybersecurity insurance in protecting their business from significant financial losses in the event of a cyber incident.
• It is not only about protecting your MSP but also about helping clients navigate cybersecurity insurance.

2. Actionable Steps for MSPs:

• Talk to your lawyer to understand the legal implications and risks associated with cyber events.
• Consult with a licensed insurance professional to initiate discussions about cybersecurity insurance.

3. Benefits of Cybersecurity Insurance for MSPs:

• Viewing cybersecurity insurance as an opportunity can be beneficial. It not only safeguards your business but also allows you to help your clients in this regard.
• Clients might be resistant to costly cybersecurity changes, but the discussion of cyber insurance can shift their perspective.

4. Real-World Example:

• Toyota requires its dealerships to have $5 million in cyber insurance coverage. This requirement has led dealerships to seek guidance from MSPs to meet the eligibility criteria.
• MSPs can assist clients in understanding and fulfilling insurance requirements.

5. Understanding Insurance Requirements:

• MSPs should thoroughly understand the specific insurance requirements for their business and clients.
• These requirements should be integrated into the MSP's operations.

6. Exclusions and Coverage Options:

• Clients and MSPs need to work closely with insurance providers to determine coverage options, including exclusions and inclusions.
• Exclusions may pertain to issues such as truthfulness during the claims process.

7. Assessments and Premium Reduction:

• The insurance industry traditionally operates on good faith, but cyber insurance seeks more insight.
• Carriers may conduct assessments, such as third-party vulnerability scans, before providing quotes.
• MSPs should be aware that the effectiveness of vulnerability scanning may vary.
• Continuous underwriting is the future, where carriers can constantly monitor cybersecurity risks and work with insured parties to ensure coverage adequacy.
• This future development can provide insights into MSPs doing cybersecurity correctly and may result in lower premiums for all parties involved.

Conclusion:

MSPs must proactively address cybersecurity insurance to protect their businesses and assist their clients. The evolving insurance landscape is moving toward continuous underwriting, providing opportunities for improved risk management and cost savings.