companies started taking a bath on cyber policies. Rising premiums are therefore a sign of insurance companies trying to match their cost to the risk. As long as the risk of cyber attacks remains high, cyber insurance will continue to get more expensive. But there are positive signs that we’ll hit a leveling off point in the next couple of years. “The carriers are pushing more maturity onto clients and forcing them to do more,” said Spencer. As companies get their cyber security protocols tuned up, the risk of becoming a victim to cyber attacks goes down. That means fewer insurance claims, which brings loss ratios down for the insurance carriers. Spencer estimates that if the industry can get cyber loss ratios down to 35 or 40 percent, the cost of insurance might stabilize. Wilkerson also sees the industry trending toward stability. “Once we normalize, we [will] probably have a couple of years of stability,” he predicted. “At some point, we’ll see pricing trend down. I’m confident in that.” Stricter requirements an advantage Those increasingly stringent requirements to qualify for a cyber insurance policy will help bring costs down for the MSP and its end users. In the meantime, they’re also a tremendous sales tool for your MSP business. Spencer points out that the security controls the insurance companies are looking for boil down to five things: • Managed endpoint detection and response; • Segregated and immutable backups; • Multifactor authentication everywhere; • Vulnerability management, including scanning and updates; and • Cybersecurity awareness training and phish testing. These five controls are something you almost certainly have in your MSP toolkit and can offer clients – and now you’ve got a compelling reason for your clients to buy them. “Insurance gets to be the bad guy that comes in and says, ‘If you want coverage, you’ve got to do more things than you ever had to do before. You may not have wanted to do them. You may not have thought you had to do them. But if you want insurance coverage, you have to.’ Period, end of story,” Spencer said. Blackpoint Cyber is also taking the approach of using security controls – in this case, the company’s suite of cyber security products – to manage the cost of premiums. Traditionally a SaaS vendor, Blackpoint recently started an insurance division offering policies to MSPs that use their tools. Of the cyber policies the company currently holds, data suggests the group “should be producing about $25 million a year in losses, and we’re at zero over the last two and a half years,” noted Wilkerson. That’s a hefty bargaining chip with carriers that have been happy to offer lower premiums for the lower risk policies. “We’ve collectively as buyers put ourselves in a position to approach the market with what is to the insurer a profitable portfolio,” Wilkerson said. “In doing so, we want to recognize some of that value back, and that’s the mousetrap that we’ve built to get there.” As a final tip on handling premiums, it’s important to shop your policy to a wide variety of carriers. “The carriers don’t all operate in lockstep,” Spencer said. He has seen carriers quote radically different prices for identical policies – as much as a $15,000 difference in one case. Don’t be afraid to ask your insurance agent how many quotes they’re getting and to request more. Or, try a broker that has direct access to a wider variety of carriers. o Jennifer Tribe is host of the ‘Workflow for MSPs’ podcast. She serves as director of content at Syncro, an all-in-one RMM, PSA and remote access tool that helps managed service providers run more profitable businesses. Source: Global What is the Source: TeleGeograph Change In Source: TeleGeo Productivity Applications Driving the Most Critical Alerts in 2022 Which factors are having an impact on rising premiums? Source: Panaseer, 2022 Increasing sophistication of cyber threat actors Increasing cost of ransomeware attacks (e.g. higher ransoms) Inability to accurately understand a customer’s security posture What are the most important factors when assessing security posture? Little/no impact 26% Little/no impact 22% Little/no impact 26% Somewhat of an impact 36% Somewhat of an impact 42% Somewhat of an impact 39% Significant impact 38% Significant impact 36% Significant impact 35% How do insurers assess cyber risk? Source: Panaseer, 2022 40% 36% 32% 31% 31% 30% 26% 25% Cloud scurity Security awareness Application security Vulnerability management PAM Patch management IAM EDR Source: CB Insight Q1 Q2 Q3 2022 2022 Q4 Q1 10,922 $151.0B $117.7B $81.6B $67.3B 9,485 8,798 7,830 Projected Deals 5,792 Projected Funding $56.3B LOGGED EVENTS: 3,098,946 % THAT ARE CRITICAL ALERTS: 8.43% LOGGED EVENTS: 2,405,363 % THAT ARE CRITICAL ALERTS: 3.77% LOGGED EVENTS: 84,077,748 80% 70% 60% 50% 40% 30% 20% 10% 0% Average Percentage of Sites 10% 5% -0% -5% -10% -15% -20% Difference in Average Percentage of Sites (2018-22) Sou SER W Sou What public cloud providers does your organization use? Source: Flexera, 2023 Azure AWS Google Cloud Platform Oracle Cloud Infrastructure IBM Cloud Al baba Clo d Other 41% 30% 13% 6% 47% 27% 10% 4% 17% 26% 19% 9% 8% 18% 16% 12% 5% 8% 5% 4% 5% 11% 10% 8% 12% 16% 9% Running significant workloads Running some workloads Experimenting Plan to use Which factors are aving an impact on rising premiums? Source: Panaseer, 2022 Increasing sophistication of cyber threat actors Increasing cost of ransomeware attacks (e.g. higher ransoms) Inability to accurately understand a customer’s security posture What are the most important factors when assessing security posture? Little/no impact 26% Little/no impact 22% Little/no impact 26% Somewhat of an impact 36% Somewhat of an impact 42% Somewhat of an impact 39% Significant impact 38% Significant impact 36% Significant impact 35% How do insurers assess cyber risk? Source: Panaseer, 2022 40% 36% 32% 31% 31% 30% 26% 25% Cloud scurity Security awareness Application security Vulnerability management PAM Patch management IAM EDR Average Percentage of Sites CYBER PATROL 44 CHANNELV ISION | MARCH - APRIL 2023
RkJQdWJsaXNoZXIy NTg4Njc=