Think You and Your Clients Don’t Need Cyber Liability Insurance? Think Again

Back to Blog

Think You and Your Clients Don’t Need Cyber Liability Insurance? Think Again

Firewalls. Anti-virus software. Risk assessments. Network monitoring. Multi-factor authentications. As an MSP, you probably have everything you need to protect you and your clients against cyber attacks. But heed the story of the Titanic and keep in mind that no ship is unsinkable. Despite all your safeguards, hackers can get the better of any IT security setup and sometimes, internal accidents can occur as well. And when they do, the recovery costs can be crippling. However, cyber liability insurance could be your lifeboat if and when a breach does threaten your “ship.”

Dispelling Misconceptions

Despite all the safeguards cyber insurance offers, many MSPs and small-to-medium businesses (SMBs) are still reluctant to sign up–only 21 percent of SMBs have a standalone cyber risk policy. Instead, they rely on an inadequate umbrella of general liability policies for coverage. MSPs may think cyber insurance diminishes their worth, but getting a policy and helping clients stay in compliance with its terms can add value and increase client trust simultaneously. Knowing you have covered your own risks as an MSP, and your clients’ breach recovery costs as well, instills confidence in your clients and shows you have their best interest in mind.

Some clients may feel that buying their own cyber insurance is overkill since they don’t possess a trove of data that’s enticing to cyber criminals. But breaches aren’t always instigated by outsiders. They can befall organizations of every size. In fact, 47 percent of all malware attacks in 2019 targeted SMBs, who often have smaller IT budgets than their global peers. Tim Burker, a cyber risk director for an insurance brokerage, said that “managing the potential risks and costs of a cyberattack that disrupts operations should be a priority for all organizations, no matter how much sensitive data they store.” And this is exactly where cyber insurance can step in to mitigate risks and costs.

Climbing Costs

In 2020, more employees are working from home than ever before, usually on their own devices, which in turn has weakened cybersecurity postures and increased risks. Ransomware attacks alone have rocketed 72 percent in the first half of 2020.

According to Cybersecurity in the Remote Work Era: A Global Risk Report, 60 percent of businesses surveyed experienced cyber attacks during the early part of 2020 and 51 percent claimed that “malware or exploits” got past their defenses. Those incidents tallied an average of $2.4 million to remedy.

Typical cyber breach costs can include:

  • Incident investigation, including forensics
  • Client and business associate notification
  • Data restoration
  • Client identity monitoring and recovery
  • Restoration of business operations
  • Legal fees
  • Regulatory penalties and fines
  • Payment Card Industry assessments
  • Equipment damage
  • Public relation expenses
  • Revenue loss due to downtime

More Than “Bad Guy” Protection

Cyber insurance can certainly help with these losses, of which downtime is a big one. Progress and revenue loss from downtime can often be more costly than ransomware payments or damaged servers. The 2017 NotPetya incident demonstrated the havoc a breach can inflict on business continuity. The attack left in its wake $3 billion in net financial losses due to shipping, logistics and production cycle interruptions.

Cyber insurance is far more than just “bad guy” protection. It can help mitigate the damage of organizational interruptions and protect what Kirsten Bay, CEO of Cysurance, calls your “digital operational footprint.” She encourages businesses to “think broadly, not only about things like ransomware, which are so financially impactful, but also about other elements that could be very disruptive to digital operations.” A good cyber risk policy will also cover losses from system downtime due to power outage, human error, preventive shutdowns and other non-criminal causes.

A lesser-known benefit of cyber insurance is that MSPs and their clients won’t be left to manage recovery on their own. When a data breach hits, a policy with broad coverage will often put a knowledgeable incident response team at a company’s disposal. This can help preserve business continuity by expediting legal and forensic investigations and public relations efforts, resulting in less downtime and customer attrition.

An Extra Level of Protection to Stay Afloat

More employees than ever before are working from home, significantly increasing cybersecurity risks. With every new security measure developed, criminals evolve their methods to get past them and with every additional internal network defense added, there’s every chance an employee may wreck it with a negligent or malicious act. Although no ship is unsinkable and no cybersecurity measure impenetrable, cyber liability insurance can help MSPs and their clients stay financially afloat when a breach does hit.

For a deeper look into how you can offer cyber liability insurance services to your clients, download our e-book: The Next Big Growth Opportunity: Compliance for Cyber Liability Insurance.



  1. 2020 Vulnerability and Threat Trends Reports, Skybox Security, 2020
  2. Data Breaches and Security: Five Steps SMBs Cane Take to Protect Their Data, Forbes, 2020
  3. Cyber Insurance for Business Continuity, Bank Info Security, 2016
  4. How Many Cyber Attacks Happen Per Day in 2020?, techjury, 2020
  5. Small Business Cyber Risk Report, HISCOX, 2018