Guest Column | June 9, 2022

Is Cyber Insurance A Part Of Your Business Continuity Plan?

By Andy Liverman Anderson, DataStream Cyber Insurance

Cyber Liability Insurance

One of an MSP’s principal roles today is ensuring clients’ resiliency. What types of plans and systems does each business need to remain in operation no matter what disaster may strike or how big of a disruption it might cause? Those responsibilities increasingly fall to the IT people, even when the potential failures have nothing to do with computers or networks. As trusted advisors and solutions providers, MSPs are a critical lifeline for organizational leaders when problems occur, and those obligations are getting more difficult to manage by the day.

Technological advances, adverse economic conditions, and evolving business practices complicate the management landscape for MSPs. Ensuring continuity amidst the chaos and complexities of a modern business can be an extreme challenge in the best of times. Unfortunately, the risks and vulnerabilities are rising as cybercriminals get bolder and more creative, leaving companies just one hack or employee slip away from a complete system shutdown. That exposure is concerning.

Infrastructure damage and data loss from a catastrophe could cripple most companies, and the revenue and profit implications from even a one-day outage can significantly impact the organization's financial health. Whether a business is hit by a fire or tornado or victimized by cybercriminals, the results are often the same: disruptions and monetary losses.

The good news for most business owners is that MSPs understand the cost of downtime. Preventing those situations is a core value proposition that providers take seriously. Designing, implementing, and supporting solutions that protect clients from those risks is job number one.

Insurance Is A Critical Element Of Disaster Recovery Plans  

According to a Federal Emergency Management Agency (FEMA) report, 40% of businesses never reopen following a disaster, and another 25% fail within one year. Whether the damage is from a fire or a phishing attack, restoring operations can be costly, and far too many companies have inadequate insurance coverage.

Access to financial resources is essential for disaster recovery. Companies need to consider what it would cost to replace their facilities and key business systems and hire remediation experts to repair infrastructure and their reputation (public relations).

Many business leaders don’t understand that cybersecurity failures can be more costly than a fire or other more localized disasters today. People tend to take note of corporate lapses in information protection, even if it doesn’t make the official news sources, and competitors might be eager to share the details with clients and prospects. Hiring response teams to mitigate the potential fallout of a phishing attack or other cybersecurity lapse can be very costly.

That’s why, in addition to general business insurance, stand-alone cyber coverage should be part of every continuity plan. Along with two- or three-deep data backup systems and step-by-step disaster recovery instructions, MSPs need to ensure their clients have effective protection from all types of incidents. Cyber insurance is as critical as firewalls, multi-factor authentication, and encryption in today’s high-risk business environment.

Restore Cash Flow

Part of getting back to business after any disaster is ensuring there is money available to pay employees and all the company’s other expenses. MSPs may be highly proficient in IT infrastructure and solutions consulting and specialized support, but relatively few provide accounting and lending services. That’s why businesses need comprehensive insurance, including separate cyber policies.

Rebuilding the financial stability of an organization after a catastrophe is as important, if not more critical, than restoring the networks and replacing computers. Everything is harder for cash-strapped businesses. When companies leverage credit to pay for the big items and services in the restoration process, it limits growth in other areas of their operations, including sales, marketing, and account management. The lost opportunity costs (and interest payments) can stifle development and cash flow.

An effective disaster recovery plan incorporates all of a client’s business processes and continuity needs. The risk analysis should include the financial costs and requirements of all potential situations, including cybersecurity events, and create clear paths to restoration success. A step-by-step guide on dealing with the most common disasters and a full inventory of business assets and services are other essential elements.     

MSPs can minimize their clients’ financial exposure by ensuring each company has a free-standing cyber insurance policy in place, as well as general business liability to protect against natural and people-caused disasters. Those plans are no longer an option but a must-have economic safety net for any business.  

Design Business Continuity Plans To Meet Today’s Needs

While MSPs’ continuity planning frameworks likely address the who, what, where, when, how, and why of disaster recovery, does it outline the role of clients’ cyber insurance policies? Many business owners believe that their standard coverage will address any type of disruption and the resulting liabilities, but the hard truth is that many policies have very restrictive guidelines. No one wants to find out that general policy doesn’t cover damages from phishing or ransomware attacks.

With rising cybersecurity threats, basic liability coverage is no longer enough. Decision-makers can easily get confused evaluating riders and stand-alone policies and sorting through other insurance details, so it helps to have someone able to explain all the differences and options.

MSPs can leverage the expertise of companies like DataStream Cyber Insurance to carry that load. Having people with a knowledge of IT infrastructure and security solutions at their disposal who can readily explain the benefits of different coverage levels is valuable. With all the potential technology potholes that can limit — or deny — clients’ claims, IT providers should partner with cyber liability experts to ensure the success of their clients’ business continuity plans.

About The Author

Andy Liverman Anderson is CEO and Co-Founder of DataStream Cyber Insurance.