Managed Service Providers (MSPs) Insurance Guide

Generic placeholder image
Rachel Jenkins

Cyberattacks have steadily increased in the past few years, impacting over 155.8 million individuals with data exposure in 2020 alone. It’s no surprise that managed service providers (MSPs) have become more aware of the risks they face. This post examines many of those exposures and the insurance coverage that helps MSPs manage the unique dangers. Let’s dive in.

What Is an MSP?

Managed service providers started in the 1990s, focusing mainly on remote monitoring and management of servers and networks. Since then, MSPs have set themselves apart by transforming and broadening their scope of services offered. MSPs currently handle much of the time-consuming and repetitive tasks of managing IT infrastructure or end-user systems. 

Small businesses and mid-market companies often team with MSPs to help them fill a void in IT systems or roles. Naturally, each MSP contract varies based on a particular company’s needs. MSP involvement comes in a variety of ways, including:

  • Technical support for employees
  • Payroll services
  • Application
  • IT infrastructure management
  • Ongoing IT support
  • Network
  • Compliance and risk management
  • IT cybersecurity software
  • User account administration
  • Contract management

MSPs offer significant value to all-sized businesses by supporting their professional objectives. C-level executives frequently vouch for MSPs’ value, saying that security and compliance should be left to a trusted MSP partner. When an MSP handles IT issues, company leaders can focus on internal roles and overall expansion. 

What Risks Do They Face?

As many companies do nowadays, MSPs face multiple vulnerabilities merely because they deal with online functions. But that’s not all the risks they face. Here are some of the exposures MSPs must navigate. 

Cybersecurity

From ransomware to phishing attacks, cybersecurity is a current hot topic. And for a good reason, too. The average cost of a data breach is roughly $4 million, taking over 200 days to identify an attack. Not even major corporations — Nintendo, Microsoft, Zoom, Twitter, etc.— can sidestep these vicious attacks.

That said, it’s no surprise MSP clients depend on them more and more for cybersecurity protection. Not only protection, but they also turn to MSPs for employee training regarding security risks and best cybersecurity practices. One slip-up could ruin a professional relationship for years to come.  

So, cybersecurity has been advanced to the top of most MSPs’ agenda and list of services offered. It’s an issue that can no longer be ignored. MSPs are called upon to build specialized cloud architectures, handle data backup, and provide mitigation tools, to name a few. Standing out in a crowd of other MSPs means having superior cybersecurity protection to meet the growing customer demand.

Downtime

When all goes well with systems and networks, it makes for happy business owners. However, if you flip the script and part of the network fails, MSPs are immediately alerted. Additionally, business owners often expect MSPs to respond swiftly to fix the issue STAT. It’s a tall order to fulfill — sometimes a 24/7 job.

For MSPs with a hefty customer base, crunch time could only be a matter of minutes or hours to finish the job. After all, businesses that can’t operate successfully will lose potential income. Worse yet, they might lose customers. Sometimes, business owners point the finger at their MSP partner, and MSPs must have an answer for them. The business’s financial and reputational damage is at stake. A disaster recovery plan is critical to an MSP’s success. 

Regulatory Compliance

Keeping up with the Joneses might seem like an easier task than maintaining regulatory compliance. For MSPs, it’s all part of the gig. The good news is that MSP who are up-to-date on regulatory knowledge are in high demand. 

Keep in mind that data privacy, cybersecurity, and breach notification stipulations impact most MSPs in today’s world. For example, data handling laws affect MSPs and clients worldwide. Offering even the essential services means MSPs must be current on data privacy laws and security rules. 

Similarly, MSPs offering specialized services must have vast regulatory knowledge to handle the extra load. Many MSP provide highly customized services, with varying service tiers and packages. So, specializing in services often means having additional knowledge.

What Type of Insurance Do MSPs Need? 

While each MSP is slightly different from the next, the following are a handful of must-have policies all MSPs need to stay protected and move forward. 

General Liability Insurance 

What it covers:

This policy covers the organization from some of the fundamental risks of running an organization, such as “slip-and-fall” claims, damage to a third party’s property, products liability claims, damage to rented space, and personal or advertising injury claims. 

Why you need it:

It forms the foundation of a risk management program. On top of protecting the company from legal liability caused by bodily injury or property damage, this coverage is usually required in contracts like office leases and vendor agreements. 

Cyber Liability Insurance 

What it covers:

This coverage protects your organization from lawsuits, fines, and penalties arising from a hacking attack or data breach. It can also reimburse the company for its direct expenses, such as breach notification costs, credit monitoring, data restoration, and forensic analysis. 

Why you need it:

If you collect any personal or organizational information, have a “login” feature on your site, integrate with another organization’s systems in any way, have employees who could fall for phishing scams, generate online content (i.e., blog posts), or rely heavily on email communications, you need cyber liability insurance. 

Professional Liability Insurance

What it covers:

Also referred to as “Errors & Omissions” or “malpractice” insurance. It covers financial services companies if an act, error, or omission committed in the course of the company’s performance of professional services is alleged to have caused a financial loss for a third party.

Why you need it:

Complex litigation is expensive, and there’s a lot to go wrong for financial services companies in particular. The policy responds to the threat of professional service disputes by paying legal fees and judgments or settlements resulting from a lawsuit for an alleged failure in providing professional services.

What Is Covered and What’s Not?

Naturally, different insurance policies cover various events. Many business owners confuse general liability (GL) with their E&O policy, for example. However, the two policies cover very different things. GL covers tangible risks, such as bodily injuries and property damage, whereas an E&O policy covers more putative risks, such as accusations of inferior work or service.

Additionally, MSPs and business owners must know where their insurance policy ends and the other party’s policy begins. Of course, this element will change based on the professional relationship and contract. 

One thing to consider is whether the policy addresses first- or third-party coverage (or both). Also, what do the policy limits cover precisely, or are they sublimated? Also, is the policy adequate for the contract or partnership (i.e., per occurrence vs. per aggregate)? These are all questions and concerns for an experienced insurance specialist. Each partnership is different, so what’s covered and what’s not will vary from contract to contract. 

Understanding the details of what coverage your company needs can be a confusing process. Founder Shield specializes in knowing the risks your industry faces to make sure you have adequate protection. Feel free to reach out to us, and we’ll walk you through the process of finding the right policy for you. 


Want to know more about insurance for MSPs? Talk to us! You can contact us at ​info@foundershield.com​ or create an account ​here​ to get started on a quote.

Related Articles

post-pandemic-hiring-trends
September 7 • EPLIRisk Management Tips

How to Navigate Post-Pandemic Hiring Trends

Post-pandemic trends can quickly complicate hiring and recruiting practices. Let’s review some of these “new norms” and how companies can embrace the talent war.

digital-health-companies-funding-trends
September 1 • Risk Management TipsSeries ASeries B

Funding Trends Digital Health Companies Should Know

Digital health companies catapulted to the forefront of the US healthcare system during the COVID-19 pandemic. Here are the funding trends keeping the momentum going and what you should know to prep for the future.

cyber-liability-premiums
August 29 • Cyber Liability

To Understand Cyber Liability Premiums, Let’s Talk About Hurricanes

Cyber liability insurance premiums are rising, and company leaders struggle to keep up with the increase — but why is this happening? Let’s talk about the “hurricane effect” and what to expect in the future.

cyber-liability-policies
August 23 • Cyber LiabilityGuest Post

How IT Can Improve Your Cybersecurity Policies as You Scale

High-growth companies face unique risks, and today’s shaky cybersecurity landscape only compounds those challenges. Our friends at Electric share how IT can improve your cyber policies as you scale. Let’s dive in!

grant-resources-tech-startups
August 11 • Risk Management Tips

Top 4 Grant Resources for Tech Startups

Tech startups have plenty of funding available if leaders look in the right places. This post uncovers the top grant resources and where to apply for them. Let’s go!

sequoia-memo-takeaways
June 29 • NewsRisk Management Tips

5 Key Takeaways from the Sequoia Memo — Y Combinator & LightSpeed Chime In

The “leaked” Sequoia memo, Adapting to Endure, highlights several concepts for startups and businesses backed by venture capital. Here’s our key takeaways.