Cyber insurance is a relatively new type of corporate liability policy that provides coverage for the financial costs incurred by a security breach: forensics, data recovery, legal defense, reparations, and so on.
According to Cybersecurity Ventures, the costs of global cybercrime are expected to grow 15% per year over the next five years, reaching $10.5 trillion by 2025. As part of a general trend that was accelerated by the sudden growth in remote workforces during COVID-19, companies are deepening and broadening their digital transformation. Their growing web and mobile attack surfaces are an irresistible target for threat actors. Whether motivated by financial gain or sponsored by nation-states, these cybercriminals are relentless and sophisticated.
It is not surprising, therefore, that Standard & Poor predicts that the global cyber insurance market, which it currently values at $5 billion per annum, will grow 20-30% each year in the foreseeable future. Similarly Munich Re, an insurer active in the cybersecurity domain, expects the global cyber insurance market to be worth $20 billion by 2025.
The U.S. government and other significant players in the cybersecurity field have been warning for years that managed service providers (MSPs) are a prime target for cybercriminals. The leveraging potential is simply too compelling: When an MSP is successfully compromised, its customers’ networks and systems are exposed as well. This blog post examines why cyber insurance is particularly important for MSPs, what it covers and what it doesn’t cover, and how prevention and resilience are always the best risk mitigators.
Why MSPs Should Have Cyber Insurance
Even if an MSP does not explicitly offer a cybersecurity package, its customers expect them to secure their assets. Some key takeaways from Kaseya’s 2021 Global MSP Benchmark Survey Report are:
- MSPs have identified their customers’ biggest challenges in 2021 as securely managing work-from-home employees, IT security in general, and business continuity and disaster recovery.
- The most popular general managed services are security-oriented: antivirus and anti-malware, endpoint management, server backup, OS patching and updates, and email security.
- 63% reported that during 2020, most or all of their customers consulted with them about cybersecurity strategies and best practices. Indeed, 37% view cybersecurity as an important growth engine for their business.
Make no mistake about it: This involvement of MSPs in cybersecurity exposes them to liability. Customers are likely to hold MSPs accountable for cyber incidents and their damages, even if the MSP was not a direct party. In January 2020, for example, an Ohio manufacturing company sued its MSP for negligence after losing $1.7 million in a phishing scam, despite the fact that the MSP was not providing cybersecurity services per se. And SolarWinds is still struggling with the fallout from the hack of its fully managed IT service management systems. The exploit, which was active for a year before it was identified and publicized in December 2020, dangerously exposed SolarWinds’ customers, including prominent US government agencies.
Yet another example of MSP vulnerability is the Kaseya ransomware attack. On July 2, 2021, the ransomware gang REvil leveraged a vulnerability in the on-premises version of Kaseya’s popular remote monitoring and managing tool, compromising about 50 MSPs and their end customers.The attackers demanded $25,000-$150,000 each from MSP customers, $5 million from the MSPs themselves, and $70 million from Kaseya.
So despite the rising cost of cyber insurance premiums, today 60% of MSPs carry cyber insurance as part of their risk mitigation strategy, and that percentage is expected to grow. Part of this growth will be due to regulation. For example, in February 2020, the State of California passed a law making cyber insurance mandatory for all IT contractors hired by the state. MSPs are also encouraging their customers to take out first-party cyber insurance, and helping them pass the audits required to get coverage.
Cyber Insurance - What's Covered (And What Isn't): Don’t miss part two of the series as we dive into what is and is not covered by cybersecurity insurance and how the right technology partner can help migrate your risk.
Getting Started with Cybersecurity Services
Cybersecurity services represent a large growth opportunity for MSPs today and into the future. Whether you are just starting to think about it or you are actively managing security for your clients, Acronis is here to help. With Acronis Cyber Protect Cloud, you get the power of cybersecurity, data protection, and backups integrated into one solution, making it easy for teams of all sizes to deliver world-class cyber protection. Learn more about becoming an Acronis partner today.
Guest blog courtesy of Acronis. Read more guest blogs from Acronis here.
