MSPs Need a Seat at the Cyber Insurance Table

Small and medium-sized businesses (SMBs) are increasingly targeted by cybercriminals using sophisticated methods in today's digital-first business world and rapidly evolving cyber-threat landscape.

The 2022 Verizon Data Breach Intelligence Report (registration required) found a surge in cyberattacks targeting small businesses. That year, 74% of known data breaches impacted small and midsize businesses (SMBs), an increase from 46% in 2021. The 2023 Verizon Data Breach Intelligence Report (registration required) had an even stronger warning for SMBs. It found virtually no difference between small businesses' threats and those aimed at larger organizations. Yet SMBs need more resources, leaving their IT teams overworked and understaffed.

Cost and Complexity Disproportionately Affect SMBs

In this new environment, protecting their businesses against cyber threats and keeping operations running with cash flow after a cyberattack is an increasing concern for SMBs. Cyber insurance is an option, but for most, the cost and complexity of cyber insurance make financial protection unaffordable and out of reach. Only 17% of small businesses carry cyber insurance, according to a 2023 survey from small business research firm Advisor Smith.

Cyber Insurance Isn't a Technology Problem

It's as essential for businesses to have cyber insurance as it is to have fire or flood insurance. Solving this problem starts with understanding the pain points faced by SMBs looking for financial protection from cyberattacks. For SMBs, the fundamental problem with cyber insurance is a misalignment of incentives between cyber insurers, SMBs, and their managed service provider (MSP) partners.

Small businesses often rely on MSPs to manage their IT and security needs. However, MSPs aren't cyber-insurance brokers, meaning they cannot benefit from the financial opportunities available in that industry. If MSPs cannot make money by selling a vendor's solution or don't believe that the vendor will help them create long-term value, they'll have little motivation to sell it. Instead, selling such a solution will distract and add another stakeholder to an already-crowded table.

Further, because cyber-risk is an evolving and unpredictable phenomenon that can lead to higher insurance premiums and reduced coverage, traditional underwriting processes may result in more claims being denied. Those denials put the MSPs who monitor a company's security posture in a difficult position.

Fixing Cyber Insurance Means Giving MSPs a Seat at the Table

Since MSPs are so critical to the IT and security operations of SMBs, it's important to give them a seat at the table in any effort to fix the broken cyber-insurance market. Unfortunately, many legacy players are uninterested in doing that. Some players cut MSPs out of the equation, selling directly to small businesses. This approach assumes that SMBs have the expertise and bandwidth to manage their security and warranty operations, which often is not the case.

Other legacy players offer financial protection solutions that don't directly integrate with a business or service provider's technology stack. This effectively cuts MSPs from the value chain and often adds headaches to the application and onboarding process for all parties involved.

Some cyber-insurance companies that work with MSPs offer challenging solutions or require additional investment. For example, they may need MSPs to have specific security solutions from a single vendor to qualify for coverage. This assumes the MSP will rip out and replace their clients' existing cybersecurity solutions with their own. This isn't always the case; the assumption can create tedious additional work for MSPs. Some providers don't offer direct financial protection but refer MSPs and small businesses to third-party platforms or brokers providing coverage.

Closing the Gap

Alternative ways to approach this problem offer better outcomes for SMBs and MSPs. While MSPs can't sell insurance themselves, they do not need to be registered insurance brokers to sell cyber warranty solutions. For MSPs, adding warranty solutions to their core services creates a business model that's easy for all parties to understand and utilize, similar to the way in which the Apple Care warranty is sold with iPhone purchases.

Further, MSPs can provide their customers with another layer of protection while creating a new recurring revenue stream. SMBs gain peace of mind and the knowledge that they're protected in the event of a business-disrupting cybersecurity event.