We all have seen the aftermath of ransomware attacks and data breaches over the past few years. Whether directly with a client or prospect (I get calls from MSPs needing help nearly every single day at this point) or third-party organizations that had major data breaches, the inevitable this year and for the foreseeable future is cybercrime.
Cyber attacks are NOT going away. We might want to dig our head into the sand and wake up when it’s all fixed. All gone. But that isn’t a reality you—as a leader in the IT industry—can do.
And to add fuel to the fire, cyber liability insurance providers are starting to cut their losses in this whole game, too. Providers have seen the $18.7 Billion (yes, with a capital ‘B’) losses from businesses over the past 5 years. And many of them are starting to change how insurance is done because of it.
The insurance industry is now making their clients reduce their risks OR face steep price increases to their premiums to stay insured. Many businesses—including those managed by MSP—are facing cancellations from not fixing issues with their cyber stacks. NOTE: one of the easiest tests to see if your cyber stack can stack up to a current incident is to conduct a free cyber stack evaluation. We offer these to the MSP community to help them understand what is going on in our industry and how to best focus their efforts going forward.
What we reveal in the cyber stack sessions are ways that businesses—and maybe even your team—unknowingly leave openings for attackers. Nearly 85% of the attacks—according to the latest Verizon report—are from accidental clicks or mistakes on a network.
These are the things that insurance providers are now focusing on and making sure you and your clients have addressed. They are even asking that you have proof that the network has been assessed by a third party in order to show due diligence (something Galactic MSP partners now actively are doing).
I know I’m preaching to the choir here. You know your clients cannot afford to operate without cyber liability insurance. And you know the statistics. The ones like 60% of SMBs fold within 6 months of a cyberattack. You know having a cyber stack and continually improving that stack is important for every single one of your clients.
Now is the time to get them to start taking action.
With insurance providers adding exclusions—the likes of excluding attacks by nation states (think Russia, China, or even North Korea)—your clients are even more vulnerable to attacks than they might have been in 2021.
These insurance companies are businesses. They are not in it just to help you out. They are in the insurance game to make hefty profits. Right now, cyber insurance is a losing game. And they are changing the rules in their favor. They are making claims harder to get. Putting more of the work on you—as the IT provider—to prove you have been doing everything right.
The insurance providers initially were offering cyber insurance thinking they would never see a claim. But that time has come and gone. Now they are trying to find a way to make cyber insurance work for them.
As a managed services provider, now is your time to communicate urgency of your clients’ needs to reinvest in cybersecurity. It not only adds sales to your book of business, it’s critical for you to supporting them effectively.
I want you to be their protector and I think you have the skills, mindset and qualifications to do so. Here are the 3 things you need to do right now to ensure your clients don’t fall into the cyber insurance trap that will lead to a major business-shuttering attack if they don’t take action now:
1. Communicate their current risks in a way they can understand them—this is the most fundamental problem most MSPs are facing today. Yes, you can show them reports of vulnerabilities—and link them back to stories of major attacks. But you will see their eyes glaze over. They simply don’t care about this detail (most C-level folks at least).
I want you to offer them a pen test. Get them interested in seeing what would happen to their personal data if someone clicked a link? Is their HR person making it really easy for a huge data breach? What about accounting? Sales? Get them worried about the problem. I suggest you do this by first having a conversation around risks and then offering the solution of a security assessment (pen test) to really address their concerns. Keeping security personal—focused on their business- will be critical to getting them to take action.
2. Get them thinking about upping their cyber stack—if you want them to be more secure, you’ve got to be pushing your advanced security stack. I recommend you keep this separate from your basic managed services offering to highlight how important it is and to now have them assume you ‘do everything’ out of the gate- this is something I had to struggle with and I think this solution will really help you get your clients to realize that you don’t cover everything security in your basic managed services offerings.
3. Get them onto getting recurring third-party security analyses—one of the growing requirements in the security industry is to prove your networks are being addressed. By having a third-party assess your client’s network can (1) address lingering issues and (2) more importantly shows that you are and have been addressing issues. This requirements may be extremely necessary today to ensure your clients don’t go find third-party audits on their own and will most certainly address the insurance requirement. Galactic partners have been using ClientWatch as a way to sell third-party audits to their clients to both satisfy regulatory pressures, including these cyber insurance requirements.
Whatever you do, I hope you have the take home that getting your clients engaged on the security front is critical to their long-term security. You are their trusted advisor for everything security. Now is your time to act.