Hidden Compliance: Self-Inflicted Compliance Requirements
By Mike Semel

Your client’s most-threatening cybersecurity requirements may be hidden in file drawers.
Contracts and insurance policies are self-inflicted compliance requirements you won’t see unless they show them to you. Which is why you need to ask.
‘Self-inflicted’ means they aren’t laws or regulations, but agreements your client voluntarily signs to generate revenue or reduce their risks.
Contracts represent revenue. Fail to comply and your client can lose their most profitable customers, to the point of business failure.
Insurance reduces risk. I know two organizations whose cyber insurance companies failed to renew their coverage because of weak cybersecurity. In both cases, the organizations had turned down their MSP’s cybersecurity quotes, thinking they were too expensive. They didn’t look at the cybersecurity costs as an investment in qualifying for a multi-million-dollar insurance policy. Instead, they saved a few thousand dollars and added millions of dollars in risks by making themselves uninsurable.
Get unlimited access to:
Enter your credentials below to log in. Not yet a member of MSPinsights? Subscribe today.