By Michael Brown 1

Despite your best efforts – and despite the advanced levels of security in your cloud-based file sharing solution – MSPs may eventually find themselves on the wrong end of a data breach. The key question isn’t how to prevent such an incident from happening; even the world’s most security-conscious organizations suffer breaches. Rather, the key question is how much will this inevitable data breach cost you?

Today, the cost is relatively limited and abstract for MSPs. While a data breach can certainly result in a lost customer, or time spent trying to resolve the issue, the real financial costs tend to fall on the client. They are the ones who will pay the compliance violations and lose revenue. After all, it is their data.

But as data breaches increase in both frequency and severity – and as clients rely on you for more of their critical IT functions – it’s only a matter of time before someone decides that the MSP should be held responsible when things go wrong. After all, it is your solution they are using to share data. 

And when that happens, you’ll want to be prepared…with cyber security insurance?

Yes, cyber-security insurance. It’s a concept that’s still very much in its infancy, but one that could explode in popularity as early as next year according to this recent story in The Sydney Morning Herald. Before we examine the likelihood of this being a future cost to MSPs, take a look at these two key extracts:

A 2013 survey from insurance industry data company Advisen and insurer Zurich found 52 per cent of companies say they purchase at least some cyber liability coverage. However, a Fortune 1000 survey that same year from insurance broker Willis found a far lower number, at only 6 per cent, though Willis noted cyber coverage is likely under-reported.

Part of the problem with figuring out who's protected against a breach is the same as figuring out how to protect them in the first place: No one wants to talk about having been hacked. It's unlike, say, with typhoons, for which there is readily available data stretching back decades. There is no such record for cyber-attacks, and data is the lifeblood of modelling.

In other words:

Although your current contracts (and SLAs) likely establish clear boundaries in terms of legal and financial liabilities, it’s worth noting that the cyber security landscape is changing at a rapid pace, which could affect your future agreements.

In theory, purchasing cyber security insurance seems to make sense both for businesses and their managed service providers. In practice, well, that has yet to be determined.

What do you think about the concept of cyber security insurance?