Cyber Insurance Myths: Stand Alone vs. Riders 

Many businesses discover their insurance policies don't cover cybersecurity attacks after it's too late.

Cyber Insurance

Many SMBs assume their basic business insurance will cover them if anything goes sideways, from customer lawsuits alleging libel or slander to ransomware and other cybersecurity attacks. Unfortunately, many discover far too late that those beliefs are not based on fact. Many businesses get hit with ransomware or become the target of a malicious hacker before owners realize their insurance policies do not cover those issues.  

Those costly, if not organizationally fatal, mistakes are entirely preventable with the assistance of skilled IT professionals. MSPs with a foundational understanding of cyber insurance as well as deep expertise in building effective data and network defenses can connect the right dots for their clients. That type of consulting support is essential and, when done well, boosts providers’ revenue, client value and customer satisfaction and retention rates.  

The average data breach cost exceeds $148 per lost or stolen record or approximately $3.86 million per incident, according to the latest Ponemon Institute and IBM report. Those numbers illustrate the increasing value of cybersecurity and insurance knowledge. Business decision-makers need to understand their vulnerabilities, potential liabilities, and coverage basics like exclusions and policy options. The last piece is quite simple for MSPs already partnering with a reputable cyber insurance broker. Connecting all the financial and technology-related dots may seem like an impossible challenge but making it a collective effort between experts in each field reduces the complexity of those conversations and the stress for everyone.

MSPs Can Bring More to the Cyber Insurance Conversation

One of the biggest challenges for SMBs is obtaining unbiased and accurate information. Put yourself in a client’s shoes: most get bombarded daily with pitches to sell a new product or service or upgrade their existing plans or offerings. As small business owners, MSPs typically have the same experiences and often turn to peers or other trusted experts for advice before purchasing or signing a new contract. People are more suspect than ever because of bad personal experiences or lessons from friends and others. The more complex the problem or opportunity, the harder it is for many owners to make a decision.

Insurance is one of those areas. The myths around coverage needs, policy options and benefits can mystify even the savviest business professionals. Their uncertainty often translates to delays in the decision-making process or mistakes that can add substantial costs if the organization experiences a loss or pays an excessive amount for unnecessary policies. For example, cyber insurance premiums are based upon an analysis of a company’s security posture. Current threats and vulnerabilities and incidence response plans are just a few things that factor into those costs.  

MSPs are accustomed to helping businesses understand the technical aspects of cybersecurity. With the right measures and controls in place, you can minimize the risks. However, as conversations about escalating insurance costs and questions about the types and amounts of coverage increase, are you able to share accurate information to dispel the rumors and assist in the decision-making process?

Help Dispel Myth #1

One of the most common misunderstandings is that a general business insurance policy will cover cyberattacks. That myth can be a big hurdle to overcome for MSPs and agents/brokers, especially after the company gets hit with ransomware.

A proper cyber liability insurance policy will cover remediation costs and business losses. Those dedicated plans should protect your clients from a number of related expenses, including:

  • Creating and sending customer notifications
  • Legal fees and expenses
  • System restoration
  • Data recovery
  • Information monitoring services for those affected by the breach (may be optional)

The problem is some decision-makers confuse riders with dedicated cyber insurance policies.  The former is an add-on option to existing liability coverage, while the latter specifically addresses the costs associated with security compromises. While the differences may seem more like semantics, the best way to ensure your clients will be made whole following a breach or ransomware attack is to confirm they have separate cyber security policies to cover those types of incidents specifically.

Will all related legal and remediation costs be covered? A rider attached to a general business insurance plan may not include the same level of detail or shield the organization from some rather large potential expenses. Those differences may seem minor on paper − until that client actually files a claim. That’s usually when the principals clarify the error in their planning, and MSPs are often the first to hear about the problems – as everyone scrambles to assign blame.       

Proactive Management is Key

Like building reliable data and network defenses, IT services firms should take a more active role in ensuring their clients have the appropriate cyber insurance today. From educating decision-makers on the differences between riders and standalone coverage and promoting the value of working with knowledgeable agents and brokers, many IT services professionals are already offering this support.

MSPs also benefit from these engagements, working collaboratively to ensure their clients have the cybersecurity measures in place to attain the proper liability coverage. Insurability is not guaranteed.

Working with channel-centric firms like DataStream Cyber Insurance minimizes the anxiety for MSPs and their clients. With assessment programs and other simple tools, you can be an even more invaluable resource for businesses that rely on your insight and expertise. Ensuring those clients have effective technical and financial protection from ransomware or other cyberattacks is a beneficial and profitable proposition in the current threat environment.