cyber-insurance-costsThe evolving threats of cyber-attacks are not going away. And even though my mission is to help MSPs protect a million people in the next three years, I certainly realize that simply reducing their risk by providing them a top-notch cyber stack isn’t going to eliminate the risk of an attack.

There is always going to be a need to transfer some of the risk to a cyber insurance provider.

Businesses can’t look at cyber risk the same as risks like floods and fire—we know how some of these other risks play out. With cyber, risks are always evolving. If you continue to use a dated assessment tool, you might not have up-to-date understanding of how hackers would perform when they hit your network.

And with that, the ‘what-if’ analysis prescribed by a financial modeling from an insurance provider, might not be completely covered if you aren’t keeping up on what they are looking for.

One of the keys to get organizations engaged in protecting themselves is communicating why they need to invest. And to my perspective, one of the easiest ways to win your clients over—to trust your recommendations—is by working with them on their cyber liability insurance policy to save them some money (however modest) on their premiums.

Here are 3 simple ways you can help reduce your and your clients’ cyber insurance premiums:

Conduct a regular penetration test—by conducting a pen test at least once a year, you’re bound to uncover vulnerabilities. From the perspective of your provider, you are significantly lowering your risks this way.

Make sure you work with a trusted third-party provider such as Galactic Scan to assess your vulnerabilities with a path toward remediation. Our partners typically report that penetration tests enable them to increase their clients’ MRR and project spend with them. Pen tests are a win-win for you and your clients.

Implement a strong password policy—some insurance providers won’t write a policy unless you enforce a password policy that adheres to their standards. What we’ve seen is that strong passwords from their perspective tends to comprise of 8 characters or longer, do not contain dictionary words, and contain a combination of lowercase, uppercase letters, numbers and symbols. They also will expect no password reuse within the environment.

Encrypt sensitive data—insurers will expect that all sensitive data is encrypted at rest and in transit. One of the easiest ways to show your clients their risks here is to perform a pen test on their environment to show what hackers will look at.

Controlling the number of accessible records—one key to determine the cost of cyber insurance is the number of accessible records—those stored and transferred. On easy way to help your clients keep their premium spend down is to control the amount of records they deal with. If they have information no longer needed, they should consider removing that information from the network.

Lowering insurance premiums is just a start, but every conversation about cybersecurity helps in keeping folks safe. It’s a great first stab at getting those that point to their insurance as a complete displacement of their risks to start taking a harder look at how to protect themselves.