17 Oct Why Offer Cyber Risk Insurance in Your Security Services?
Companies are rightfully fearful of cyberattacks. Breaches, malware, bots, viruses and ransomware make regular appearances in the headlines and cost companies millions of dollars while damaging reputations and shaking consumer confidence.
Billions of accounts have been compromised in recent years, and the costs keep adding up. Companies lose customers and revenue with every attack. Each lost or stolen record costs $225 on average and each major breach means businesses lose millions (if not billions of dollars). By 2021, cybercrime-related damages could total $6 billion per year.
Well aware of the risks cyberattacks represent, many companies are investing more money than ever on their digital defenses. But just like any investment, they want a clear return on it as well. One way to protect themselves from unnecessary costs in the event of a breach despite their best efforts to prevent one is through cyber insurance.
What is cyber insurance?
Cyber insurance policies – just like any other insurance – are all about mitigating risk. In this case, it is providing some financial protection in the event of a cyberattack or other breach.
Cyber insurance policies usually cover post-incident investigation costs, business losses due to the breach (both direct revenue and long-term reputation damage), ransomware-driven extortion costs, customer notification and related costs, as well as protection from lawsuits that may arise as a result of the incident.
Cyber insurance has been around for nearly 15 years and premium are expected to reach $7.5 billion next year. These products are offered by mainstream insurers such as Travelers, Chubb, Progressive, Nationwide and Allianz.
Start with yourself
If your MSP doesn’t already have a cyber risk insurance policy for itself, then this is definitely where you should begin. Not only will it protect your own company in the event of a covered incident, but it will also help with your security engagements in several ways:
- Since you’ll be advocating for your clients to invest in a policy, it would be a poor starting position to not have one yourself. It’s that “eat your own dogfood” mindset all companies should embrace.
- Insurance companies don’t simply hand these policies out – they only offer them to companies with adequate security in place beforehand (as it would otherwise be a very risky venture for the insurance company itself). Having first-hand experience of going through the entire process and possessing a solid understanding of what the insurance companies will look for and review puts MSPs in a better position to help customers adequately prepare.
- As a company that has already done the research and gone through the purchase process, your MSP will possess a comprehensive understanding of varying products and coverage options. This lets you serve as a trusted advisor for the customer while they decide what’s best for them.
- Being insured is a seal of approval that your MSP meets the standards required by insurers. It also shows that you’re a mature and responsible organization that can be trusted with a company’s own security.
Why you want your customers to buy it?
Even though your MSP is insured, that policy doesn’t extend to your customers. They need to get their own insurance, and encouraging clients to purchase cyber insurance as part of their overall security strategy has multiple benefits for MSPs.
1. It’s the right thing to do
Cyber insurance may still be optional, but any company that utilizes digital technology whatsoever could benefit from cyber insurance. However, for companies with IT needs so significant they’re considering an MSP engagement, there is no question they need this level of protection.
Since it’s impossible to protect clients from 100% of the potential threats they face, having a cyber insurance policy in place will mitigate the impact if and when an incident occurs. It will also introduce a third party (the insurance company) into the mix when assigning blame and finger pointing ensues, which can help diffuse the understandably hot tempers of those involved.
2. It justifies your security services engagement
Some prospects and customers may be skeptical about just how much security they really need. As the party trying to sell them these services (and who will stand to profit when they purchase additional ones), an MSP’s suggestions and best practices may be taken with a grain of salt.
Introducing a cyber insurance company into the equation legitimizes your recommendations. Knowing that a service isn’t just “nice to have” but is actually a pre-requisite to getting insured makes it a much easier pill for clients to swallow.
And – given your MSP’s expertise in this domain – you can construct security packages aligned with specific types of cyber insurance. This pre-set package makes it an easy purchase decision for customers trying to protect themselves and have insurance to back it up.
3. It protects you as well
No one wins when there’s a security breach or other incident, but when your customers already have a cyber insurance policy in place, there’s a much better chance your MSP will come out of it unscathed.
The policy will provide the much-needed financial resources the company requires to recover from the event. And, although your MSP may not be directly liable, the cyber insurance policy will keep clients from getting litigious with you. The only way they could get their policy to begin with was by having all the required safety nets and security defenses in place.
Going the extra mile
MSPs making cyber security a core part of their value proposition can use cyber insurance as a key growth tool. Here are a couple ways to take it to the next level.
Offering cyber insurance risk assessments
This service is a specific, dedicated engagement to ascertain how well protected a company is against security threats. The MSP will run through a battery of tests and surveys to ascertain what is up to par and which areas still need improvement.
Based on the results, the company profile and scores are shared with insurance underwriters who will then determine if a company is adequately protected to qualify for coverage or make recommendations on what must be upgraded and improved to be eligible. Insurance companies can also use this data to finalize its rates and deductibles.
Partnering with cyber insurance companies
MSPs are often one-stop shops for many IT needs, and there’s no reason cyber insurance should be an exception. Building relationships with one or more cyber insurance companies and then offering their services to clients can be a time and aggravation saver for customers.
This saves them from having to do the research and investigate the insurance market themselves. Instead, your MSP can give them a limited set of choices that are the best fits for their particular needs and situation.