When the time comes to renew your tech E&O and cyber insurance, be sure to be sitting down when you receive your renewal terms. When it comes to insuring Managed Service Providers, carriers are taking their gloves off. Over the past 18 months, events like Solar Winds, Kaseya, and Microsoft Exchange, have heightened the concern MSPs represent to insurance carriers and the aggregate risk they pose. Many insurance carriers are withdrawing from the MSP market altogether and those carriers that are still providing coverage may require premiums three to seven times what your renewal premiums were.
MSPs can prepare themselves to be in the best position when it comes to renewal by making sure their security policies are in order. You should have written security procedures and policies in place, that are regularly tested and reviewed, so carriers can accurately assess your risk. Your security controls should be on par with or even more diligent than what you are asking and expecting of your clients.
Here are crucial security controls to include and remember to base security controls on an established risk framework.
- Multi Factor Authentication (MFA)
- Endpoint Detection and Response (EDR) solutions
- Backups- including an offsite backup. Backups should be tested regularly.
- Double down on access controls especially those for your RMM. That includes MFA (can’t say that enough) and mechanisms to remove dormant accounts or users. Make sure keys are in a secure repository. In short, apply the concept of least privilege to your access controls
- Automated application patching- especially for RMM but also any other applications being used by your organization.
- Maintain audit logs and tools to identify and respond to alerts, or preferably have those performed by a SOC and/or MDR solution.
- Have a solid Incident Response plan in place and be sure to be conducting table-top simulations on an annual basis.
This may be a lot for any organization to focus on. However, it has become critical that MSPs be as vigilant in their security controls as what they ask of their clients, or even more so. Because of the aggregation risk an MSP represents, putting these controls in place may be the only way for MSPs to get tech E&O and cyber insurance at all, let alone at an affordable price.
About the Author:
Doug Kreitzberg– Founder & CEO of SeedPod Cyber
As CEO of USI Affinity and Programs (2004-2018), Doug led affinity business development, marketing and program businesses, including professional liability, commercial property & casualty, personal lines and life and disability Programs. In 2018, Doug founded a cybersecurity and data privacy risk consulting firm. It was through his consulting practice that he learned the value that Managed Service Providers bring to small and medium sized businesses. That insight formed the basis for SeedPod Cyber, a cyber insurance managing general agency Kreitzberg founded in 2021 which partners with Managed Service Providers to provide cyber insurance to their clients.