What is Cyber Insurance & What Does it Cover? Tips for MSPs

Businessman with umbrella standing in the rain

Cyber insurance is a product offered by most major insurance companies. What makes it different from typical insurance is that instead of covering your boat or your car, it protects businesses in the event of a data breach or cybersecurity threat.

Author: Jeff Zaba, ConnectWise
Author: Jeff Zaba, director of strategic partnerships, ConnectWise

Given today’s modern business landscape and our heavy reliance on cloud technology, data breaches and other cybersecurity threats are almost inevitable. Savvy MSPs know that it’s not really a matter of “if,” it’s a matter of “when,” and they plan accordingly. Cyber insurance coverages offer MSPs and their clients an additional layer of protection that could be a lifesaver in the event of a cybersecurity attack.

Let this blog serve as a cybersecurity insurance guide for you and your team. As you read along, you’ll learn what cyber insurance is, the liabilities it covers, as well as why you should consider it for your MSP business.

What is cyber insurance?

Cyber insurance is a coverage plan offered by most major insurance companies. These policies protect a business’s digital assets in case of a data breach or other cybersecurity threat.

In addition to the coverage policy itself, your insurance provider may offer additional tools and resources to best prepare your clients for a breach and minimize their cybersecurity risk. When coupled with powerful tools like antivirus and antimalware software, the right cybersecurity insurance policy can be an indispensable asset in bolstering your clients’ overall cybersecurity protection plan.

Our cybersecurity glossary contains detailed information on cybersecurity tools like antimalware and antivirus. Use this library of resources to discover how you can best use these platforms and how they can support cyber insurance, along with other digital security measures.

What is covered under cyber insurance?

A cyber insurance policy covers any business in the event of a data breach or cybersecurity threat. The coverage includes any costs linked to the digital attack, which can include charges for recovering data, loss of income, costs of notifying customers, and more.

Most insurance providers will offer coverage for the following:

  • Betterment – any costs incurred to improve a company’s digital assets (hardware or software) after a cybersecurity breach
  • Cyber extortion – any expenses related to ransom charged during a ransomware attack
  • Business interruption – income, expenses, or other financial loss related to the disruption of business operations as a result of the breach in question
  • Crisis management – costs associated with limiting a breach’s damage to a company’s reputation. This might include costs of notifying customers of the breach
  • Forensic investigations – covers the expenses of investigating the breach to determine its source, scope, and type
  • Legal costs – Attorney’s fees associated with legal proceedings resulting from a particular security breach
  • Regulatory defense expenses/fines - financial coverage for any regulatory or compliance fines/sanctions

Businesses can also purchase specific coverage that’s more appropriate for their particular type of business. Insurance providers offer more detailed coverage plans for public entities, small businesses, multiple businesses of different sizes, and cyber insurance tailored explicitly to IT companies.

What is not covered by cyber insurance?

Generally, cyber insurance policies will not cover:

  • Costs to improve your cybersecurity after an attack
  • Any loss of value due to the theft of intellectual property
  • Potential future profits
  • Any loss incurred from a breach conducted as an act of war

Although the typical cybersecurity insurance policy doesn’t cover these expenses, you’re still better off with cyber coverage than without. Operating without a policy can put your client’s digital assets and data at risk, as well as your own.

Why do MSPs need cyber insurance?

In the event of a hacking attempt or cybersecurity threat, an MSP’s cybersecurity center can act as a gateway to dozens – maybe hundreds – of their client’s data. Additionally, hackers could potentially gain access to the MSP’s data. The client data IT professionals hold are usually highly-coveted targets for digital threat actors and are constantly under attack.

Despite the regular threats against their clients’ and own data, many MSPs don’t see the need to invest in cyber insurance coverage. Considering that the average ransomware payment has skyrocketed from $4,000 to $178,000 over the past several years, operating without the safety net of cybersecurity coverage is an expensive and dangerous endeavor.

For more on how to protect your growing MSP business from cyber threats, download our free 2022 Cyber Threat Report for Managed Service Providers, or contact us anytime for the latest cybersecurity tips and tactics to help keep your clients’ businesses safe. Our Cyber Research Unit (CRU) is at the ready to support your team with threat hunting and threat intelligence.

Cyber liability insurance vs. data breach insurance

The main difference between cyber liability coverage and data breach coverage is the particular type of insurance they provide. Cyber liability insurance provides the most robust protection, offering both first-party and third-party coverages, while data breach coverage provides only first-party protection.

Third-party coverages supplement the costs of tangential expenses related to a cybersecurity event but not costs directly caused by the event itself. These charges might include legal fees, regulatory or compliance fines, and any other settlements or judgments related to the digital threat.

On the other hand, first-party coverages provide compensation for investigation costs, costs to repair equipment that is lost or damaged, lost revenue, and lost profits. Businesses will also receive coverage for data breach notification expenses since each state has its own legal requirements for notifying customers of a data breach.

MSPs should reach out to their insurance provider to gain a better understanding of their coverage. If you currently have errors & omissions coverage (E & O), you may already be protected in the event of a data breach.

How to find the best cyber insurance for you

Every business has its own unique data and cybersecurity protection needs. The size of your or your client’s business – and the industries they serve – will dictate the appropriate type of cyber insurance.

Ultimately, finding the right coverage will come down to having a conversation with a cybersecurity insurance professional. ConnectWise is happy to help and leverage our cybersecurity center and family of expert partners to find the coverage that’s right for you.

One important thing to consider here is that it is becoming more and more difficult for companies to get cyber insurance. ConnectWise is taking the complexity out of the process via our partnership with ControlCase and Fifthwall.

ControlCase has helped us put together a free plugin that provides an assessment on whether you are following best cybersecurity practices. After the assessment, you can then automatically fill an insurance questionnaire with insurance broker FifthWall.

This partnership can get you quotes from several underwriters in a quick, automated process. Interested in learning more about these partners? See the information below:



ControlCase is a global provider of certification, cybersecurity, and continuous compliance services. ControlCase is committed to empowering organizations to develop and deploy strategic information security and compliance programs that are simplified, cost-effective, and comprehensive in both on-premises and cloud environments. ControlCase offers certifications and a broad spectrum of cyber security services that meet the needs of companies required to certify to PCI DSS, HITRUST, SOC 2 Type II, ISO 27001, PCI PIN, PCI P2PE, PCI TSP , PA DSS, CSA STAR, HIPAA, GDPR, SWIFT, and FedRAMP. For more information, visit



FifthWall works with 35+ carriers to limit your clients’ cyber exposure and give peace of mind for businesses of any size. With our policies, MSPs and their clients are covered from business interruptions, cyber crimes, and several of the consequences that follow. With breach prevention and response tools, MSPs and their clients avoid risk and minimize impact in the event of a security incident. For more information, visit

This guest blog is courtesy of ConnectWise. Read more ConnectWise guest blogs here. Regularly contributed guest blogs are part of ChannelE2E’s sponsorship program.