Why Cyber Insurance? Because SMBs Are A ‘Priority For The Bad Guys’
“I had a client ask me the other day, ‘Why do we need cybersecurity insurance? We have you.’ And it’s like, no, no, you don’t have me. This is totally different,” one MSP told CRN about the importance of cyber insurance during XChange NexGen 2022.
Cyber insurance is a must-have for businesses, but even more so for smaller, more vulnerable companies, according to MSP-focused software vendor N-Able.
“I personally believe that insurance is super important, especially in small businesses because you don’t have all the resources … small and medium businesses—they are a priority for the bad guys,” Peter Capelluto, N-Able’s director of security, architecture and engineering, told an audience of MSPs at CRN parent The Channel Company’s XChange NexGen 2022 conference in Orlando.
It’s a sentiment with which Ascent Data, a Pittsburgh, Pa.-based MSP that caters to SMBs as its customer base, wholeheartedly agrees.
“Absolutely [SMBs] are a target because they don’t have the budget to fight ransomware attacks,” said Georges Jabra, director of managed services for Ascent Data. “I had a client ask me the other day, ‘Why do we need cybersecurity insurance? We have you.’ And it’s like, no, no, you don’t have me. This is totally different,” he said.
[Related: IT By Design Partners With N-able, Vijilan, To Expand Security Services]
Ascent Data serves an array of SMBs, from two-person shops all the way to customers with 800 employees. The firm partners with N-Able, among other security vendors, and cyber insurance is one of the purchases it’s been encouraging its customers to make.
“We bring to every client’s attention that they need cybersecurity insurance. Three years ago, clients were like, ‘We don’t need it, we’re too small.’ Now they’re seeing that everybody’s getting hacked, so they understand,” Jabra said.
And the cyber insurance industry is changing. Two years ago, multi-factor authentication was a suggestion. This year, cyber insurance firms are dropping companies that don’t have basic security features in place, including multi-factor authentication, Jabra said.
“If they’re willing to take the risk not to have it, that’s on them. But if they are willing to pay for it, we help them achieve it,” he said.
Burlington, Mass.-based N-able just finished its own cyber insurance renewal questionnaire, a process that is “more in-depth than it’s ever been,” Capelluto said. It’s an important process, however, because cyber insurance protects companies and also acts as another team to lean on as opposed to pulling the IT department away from its daily work to solve a crisis, he said.
“Even though we have a security team, we also have an outside [security operations center] that supports us, so it’s not all in-house,” he said. “And sometimes, when things are going a little bit sideways, you need somebody to help you figure it out because you’re still trying to keep your business running.”
Cyber insurance also gives businesses access to outside counsel to help companies recover lost revenue and public relations professionals to send the right message after a breech has happened, Capelluto said.
“That’s really important for all businesses and ourselves. How do you make your customers and your partners feel secure that, yes, something happened, but we have it under control and we’re moving forward.”