It’s an increasingly critical question these days: Does the responsibility lie with MSPs or with its clients when it comes to obtaining, managing, and optimizing cyber insurance coverage?
Even though increasingly frequent data breaches have made cyber coverage extremely expensive and sometimes impossible to acquire, the even more fundamental issue challenging many MSPs is who, exactly, must prevent this vital aspect of IT security from slipping through the cracks?
We think the answer can be found where the majority of cyber crimes are taking place these days: through vulnerabilities associated with SaaS and cloud applications. In other words, in the very areas where today’s forward-looking MSPs should specialize.
“For many small to medium-sized businesses, SAAS applications are now major components of the business value chain,” says Doug Kreitzberg, CEO of SeedPod Cyber, a cyber insurance agent that partners with MSPs to improve their clients’ coverage.
“MSPs have to adapt and create secure protocols that extend to the cloud to fully protect their clients’ digital assets.” Kreitzberg makes it sound pretty straightforward, but is it? It all depends of the effectiveness of the MSP, really.
Carriers like SeedPod look very carefully at a given company’s cloud security posture when deciding how to price premiums or whether to offer coverage at all. An MSP’s ability to show leadership and proactively structure a security program based on industry best-practices can make or break the client’s ability to find affordable coverage.
The harsh truth is that too many MSP are less adept at securing cloud IT compared to traditional on-premises applications and systems.
“It’s hard enough to assess and manage cyber risk even for on-premise systems and applications,” added Kreitzberg, “but the reality is that today’s IT security can’t end at the office door. It has to extend through all applications, internal or external, on-prem or cloud.”
With the right tools combined with a proactive orientation, MSPs can also play a vital role in helping organizations clear up the dangerous ambiguities in how insurance coverage may or may not lead to viable claims in certain situations.
With so many third parties and vendors involved in modern cloud IT, clarity of responsibility and exposure is absolutely vital. For instance, a great many cyber policies that are auto-renewed annually may not be keeping up with the changing security threat landscape.
Now that carrier requirements are becoming more strict and detailed for policy qualification, MSPs must guide their customers toward recognized security standards and adhere to them through the inevitable industry change ahead.
This kind of guidance should begin with an inventory of the SAAS-based technology that exist within a clients’ environment, using a tool such as Augmentt Discover. This will provide the insight needed to both remove rogue applications and limit access to approved applications based on business need.
Of course the most critical step of all is to enforce multi-factor authentication (MFA) on mainstay platforms such as Microsoft Office 365. According to Microsoft itself, more than 1.2 million Microsoft accounts are breached every month and 99% of the hacked accounts did not have MFA enabled.
So, now that companies are paying more for increasingly scarce cyber insurance protection, MSPs must become proactive and holistic in their cloud security approach. It’s the only way that customers (and their insurers) can feel confident that MSPs are taking responsibility for installing the highest levels of protection.