Cyber Insurance changes are driving adoption of several security technologies and pushing MSPs to do more, including helping their clients fill out the Cyber Insurance renewal forms.
Your MSP should educate you on filling out that cyber insurance renewal and providing a shared responsibility matrix, including any Personally Identifiable Information (PII), network access policies, and documentation, so if the worst happens, you have a clear understanding of who is responsible for what data.
The good – it is pushing utilization of:
- Phishing Testing and Remediation
- Multi-factor authentication
- Single sign on of cloud applications
- EDR and SIEM solutions
- Managed Detection and Response
- Immutable Off-Site Backups
- Cloud to Cloud backup of SaaS data
The bad – potential pitfalls:
- Customers resistant to following certain rules putting both them and the MSP at risk
- DR and Business Continuity plans that are just checking the box
- State specific security laws clouding clarity on requirements
- Customers may not understand the cost to the MSP on preparing the information for the insurance application or renewal
- Insurance company may not understand what they are actually asking
- Added cost to the client for no ‘visible’ benefit
Remember when asking your MSP for the information to fill out the Cyber Insurance questionnaire, that you may be putting them at risk, should your organization not fulfill its commitment to using the recommended technologies. Review your cyber liability policy for exclusions.
Common exclusions we’ve seen in our client’s policies include:
- Intentional acts – fraud, criminal conduct or knowingly wrongful acts done by you or your employees
- Prior acts or knowledge – claims you had knowledge of before your coverage started
- Subsidiary outside your control – any incident experienced by a subsidiary for which you don’t’ have a majority ownership or management control
- Criminal Proceedings – your policy may not cover claims brought in the form of criminal proceedings
- Business interruption from systems under the control of third parties – your policy may not cover business interruption costs from a computer system failure owned by a third party
LMJ offers compliance services for Healthcare and other industries with regulatory compliance needs. Reach out if you have questions!
