Cyberattacks have steadily increased in the past few years, impacting over 155.8 million individuals with data exposure in 2020 alone. It’s no surprise that managed service providers (MSPs) have become more aware of the risks they face. This post examines many of those exposures and the insurance coverage that helps MSPs manage the unique dangers. Let’s dive in.
What Is an MSP?
Managed service providers started in the 1990s, focusing mainly on remote monitoring and management of servers and networks. Since then, MSPs have set themselves apart by transforming and broadening their scope of services offered. MSPs currently handle much of the time-consuming and repetitive tasks of managing IT infrastructure or end-user systems.
Small businesses and mid-market companies often team with MSPs to help them fill a void in IT systems or roles. Naturally, each MSP contract varies based on a particular company’s needs. MSP involvement comes in a variety of ways, including:
- Technical support for employees
- Payroll services
- IT infrastructure management
- Ongoing IT support
- Compliance and risk management
- IT cybersecurity software
- User account administration
- Contract management
MSPs offer significant value to all-sized businesses by supporting their professional objectives. C-level executives frequently vouch for MSPs’ value, saying that security and compliance should be left to a trusted MSP partner. When an MSP handles IT issues, company leaders can focus on internal roles and overall expansion.
What Risks Do They Face?
As many companies do nowadays, MSPs face multiple vulnerabilities merely because they deal with online functions. But that’s not all the risks they face. Here are some of the exposures MSPs must navigate.
From ransomware to phishing attacks, cybersecurity is a current hot topic. And for a good reason, too. The average cost of a data breach is roughly $4 million, taking over 200 days to identify an attack. Not even major corporations — Nintendo, Microsoft, Zoom, Twitter, etc.— can sidestep these vicious attacks.
That said, it’s no surprise MSP clients depend on them more and more for cybersecurity protection. Not only protection, but they also turn to MSPs for employee training regarding security risks and best cybersecurity practices. One slip-up could ruin a professional relationship for years to come.
So, cybersecurity has been advanced to the top of most MSPs’ agenda and list of services offered. It’s an issue that can no longer be ignored. MSPs are called upon to build specialized cloud architectures, handle data backup, and provide mitigation tools, to name a few. Standing out in a crowd of other MSPs means having superior cybersecurity protection to meet the growing customer demand.
When all goes well with systems and networks, it makes for happy business owners. However, if you flip the script and part of the network fails, MSPs are immediately alerted. Additionally, business owners often expect MSPs to respond swiftly to fix the issue STAT. It’s a tall order to fulfill — sometimes a 24/7 job.
For MSPs with a hefty customer base, crunch time could only be a matter of minutes or hours to finish the job. After all, businesses that can’t operate successfully will lose potential income. Worse yet, they might lose customers. Sometimes, business owners point the finger at their MSP partner, and MSPs must have an answer for them. The business’s financial and reputational damage is at stake. A disaster recovery plan is critical to an MSP’s success.
Keeping up with the Joneses might seem like an easier task than maintaining regulatory compliance. For MSPs, it’s all part of the gig. The good news is that MSP who are up-to-date on regulatory knowledge are in high demand.
Keep in mind that data privacy, cybersecurity, and breach notification stipulations impact most MSPs in today’s world. For example, data handling laws affect MSPs and clients worldwide. Offering even the essential services means MSPs must be current on data privacy laws and security rules.
Similarly, MSPs offering specialized services must have vast regulatory knowledge to handle the extra load. Many MSP provide highly customized services, with varying service tiers and packages. So, specializing in services often means having additional knowledge.
What Type of Insurance Do MSPs Need?
While each MSP is slightly different from the next, the following are a handful of must-have policies all MSPs need to stay protected and move forward.
What it covers:
This policy covers the organization from some of the fundamental risks of running an organization, such as “slip-and-fall” claims, damage to a third party’s property, products liability claims, damage to rented space, and personal or advertising injury claims.
Why you need it:
It forms the foundation of a risk management program. On top of protecting the company from legal liability caused by bodily injury or property damage, this coverage is usually required in contracts like office leases and vendor agreements.
What it covers:
This coverage protects your organization from lawsuits, fines, and penalties arising from a hacking attack or data breach. It can also reimburse the company for its direct expenses, such as breach notification costs, credit monitoring, data restoration, and forensic analysis.
Why you need it:
If you collect any personal or organizational information, have a “login” feature on your site, integrate with another organization’s systems in any way, have employees who could fall for phishing scams, generate online content (i.e., blog posts), or rely heavily on email communications, you need cyber liability insurance.
What it covers:
Also referred to as “Errors & Omissions” or “malpractice” insurance. It covers financial services companies if an act, error, or omission committed in the course of the company’s performance of professional services is alleged to have caused a financial loss for a third party.
Why you need it:
Complex litigation is expensive, and there’s a lot to go wrong for financial services companies in particular. The policy responds to the threat of professional service disputes by paying legal fees and judgments or settlements resulting from a lawsuit for an alleged failure in providing professional services.
What Is Covered and What’s Not?
Naturally, different insurance policies cover various events. Many business owners confuse general liability (GL) with their E&O policy, for example. However, the two policies cover very different things. GL covers tangible risks, such as bodily injuries and property damage, whereas an E&O policy covers more putative risks, such as accusations of inferior work or service.
Additionally, MSPs and business owners must know where their insurance policy ends and the other party’s policy begins. Of course, this element will change based on the professional relationship and contract.
One thing to consider is whether the policy addresses first- or third-party coverage (or both). Also, what do the policy limits cover precisely, or are they sublimated? Also, is the policy adequate for the contract or partnership (i.e., per occurrence vs. per aggregate)? These are all questions and concerns for an experienced insurance specialist. Each partnership is different, so what’s covered and what’s not will vary from contract to contract.
Understanding the details of what coverage your company needs can be a confusing process. Founder Shield specializes in knowing the risks your industry faces to make sure you have adequate protection. Feel free to reach out to us, and we’ll walk you through the process of finding the right policy for you.
Want to know more about insurance for MSPs? Talk to us! You can contact us at firstname.lastname@example.org or create an account here to get started on a quote.