Guest Column | April 3, 2023

Cyber Insurance – What MSPs Need To Know About Policies

By Mat Kordell, CyberStreams


Managed service providers (MSPs) play a crucial role in providing technology solutions and support to their clients. With the increasing dependence on technology and the internet, the threat of cyberattacks has become a significant concern for businesses of all sizes. To mitigate the financial impact of a cyberattack, MSPs need to be aware of the benefits and considerations of cyber insurance policies.

One of the main benefits of cyber insurance is that it can protect a business from the financial losses caused by a cyber breach. This can include costs associated with notifying affected individuals, restoring lost data, legal fees, and other expenses. For MSPs, cyber insurance can provide a safety net in the event of a data breach - ensuring that they can continue operating without the added stress and financial burden of a cyberattack.

This is especially important for smaller companies, which may not have the financial resources to handle the cost of a major cyberattack. By having a cyber insurance policy in place, MSPs can have peace of mind knowing that they are financially protected, even in the event of a catastrophic cyber event.

In addition to financial protection, cyber insurance policies also provide MSPs with access to a range of services that help mitigate the impact of a cyberattack. These services can include incident response support, risk assessment, and management, as well as legal assistance. This support can be invaluable to MSPs in helping them recover from a cyberattack and restore their clients' trust.

However, MSPs must also understand that a cyber insurance policy is not a substitute for proper cybersecurity measures. In fact, many cyber insurance providers require companies to demonstrate that they have taken adequate steps to protect against cyber threats before they will issue a policy. This includes measures such as implementing data protection technologies, conducting security training, and routine security auditing. Failure to meet these responsibilities can result in a policy being denied or revoked, leaving the MSP without financial protection in the event of a cyberattack.

Another consideration for MSPs is the possibility of reputational damage resulting from a cyberattack. A data breach or cyberattack can result in the loss of client trust and negative media coverage, which can have a lasting impact on a company's reputation. Many cyber insurance policies offer reputation management and crisis communication services, which can help mitigate the impact of a cyberattack on a company's reputation.

In addition to these considerations, MSPs should be aware of cyber insurance's legal and regulatory requirements. For example, some states have laws requiring businesses to notify individuals in case of a data breach. Therefore, MSPs should ensure that their cyber insurance policy complies with these laws and regulations.

Another important consideration is the exclusions and limitations of the policy. For example, many cyber insurance policies exclude certain types of cyberattacks, such as those that result from human error or a failure to secure data properly. MSPs should carefully review the policy exclusions and limitations to ensure they understand what is and is not covered by the policy.

When purchasing a cyber insurance policy, MSPs need to be mindful of the different types of coverage available. For example, some policies only cover data breaches, while others cover a more comprehensive range of cyber threats, such as malware attacks and network security failures. The type of coverage that an MSP requires will depend on the specific needs of the business and the kind of data they handle. Therefore, MSPs should work closely with their insurance provider to ensure they have a policy that provides the necessary coverage.

Another critical factor to consider when purchasing a cyber insurance policy is the cost of the policy. The cost of a policy will depend on several factors, including the type of coverage, the size of the IT service company, and the level of risk they face. Therefore, MSPs need to balance the cost of the policy with the level of protection it provides. For example, a company that handles large amounts of sensitive data may require a more comprehensive policy to protect them fully against potential cyber threats.

MSPs should regularly review and update their cyber insurance policy to ensure that it continues to meet their needs. This includes conducting regular risk assessments, updating security software and procedures, and monitoring new and evolving cyber threats. By taking these steps, MSPs can help ensure that their cyber insurance policy provides the protection they need and that they are prepared to respond to a cyberattack if it occurs.

In addition to purchasing a cyber insurance policy, MSPs should also consider participating in cybersecurity training programs and industry groups (such as ASCII) to stay informed about the latest cyber threats and best practices for protecting against them. These organizations also can provide valuable resources and support to help MSPs manage a cyberattack if it occurs.

About The Author

Mat Kordell is Chief Operating Officer at CyberStreams.

About The ASCII Group, Inc.

The ASCII Group is the premier community of North American MSPs, MSSPs, and Solution Providers. The Group has members located throughout the U.S. and Canada, and membership encompasses everyone from credentialed MSPs serving the SMB community to multi-location solutions providers with a national and international reach. Founded in 1984, ASCII provides services to members including leveraged purchasing programs, education and training, marketing assistance, extensive peer interaction, and more. ASCII works with a vibrant ecosystem of leading and major technology vendors that complement the ASCII community and support the mission of helping MSPs to grow their businesses. For more information, please visit