When a business purchases cyber insurance, they typically assume they’re now covered in the event of a cyber attack, data breach or other incident. However, insurance companies are paying out only a fraction of the time.
MSPs are uniquely positioned to both educate customers and prospects on the reality of this situation and help them do something about it. With the right combination of preventative measures and documentation, companies can vastly improve their chances of receiving renumeration after an incident.
What’s so different about cyber liability insurance?
With most insurance policies, coverage is pretty cut-and-dry. You buy the policy, and if something goes wrong you’re covered up to a certain amount after paying the deductible.
Filing a claim might be annoying and there will probably be a visit from an insurance adjustor, but you’re generally going to make out OK. But cyber insurance is more like healthcare coverage — insurers are constantly denying coverage for a variety of unexpected reasons.
These companies are out to make a profit and are looking for every possible reason to not pay out. And because cyber liability insurance is a new product offering, there’s plenty of wiggle room built into the policies that customers aren’t yet savvy enough to sniff out.
Know thy enemy
Keeping in mind that the primary goal of insurance companies is to NOT pay anything to customers and just keep raking in premiums, it’s good practice to make sure businesses are covering the bases and addressing the most common causes cyber insurance claims are denied.
1. Poor prevention practices
Cyber liability insurance companies won’t pay out on a claim if the incident could have been easily prevented. Just like your auto insurance won’t cover a stolen car if you left the doors unlocked, these policies will shoot down a claim if proper data protections weren’t in place at the time of the event.
MSPs can play a critical role in ensuring clients are meeting insurance policy requirements. They can review the fine print and then create and execute a plan to put in place the necessary preventative protections to meet all compliance criteria.
2. Failure to document preventative measures
Remember, insurance companies don’t want to pay out on claims, so they’re definitely not going to just take a company’s word that they were doing the right things at the time an incident occurred. They’re going to request evidence that backs up a policyholder’s assertions that they did everything in their power to comply.
Once again, MSPs have an opportunity to add value. As a third-party vendor, they can both document all of the preventative steps that were taken and attest to their validity. Leveraging products like RapidFire Tool’s Compliance Manager, MSPs can automate and streamline this often tedious process, collecting all the required screenshots, data and documents required.
3. Someone else is at fault
Another common cause for denied claims is putting the blame on third parties or contractors. This means the company has to go after that vendor instead of simply filing a claim with their insurance company and getting paid what they deserve.
Ongoing assessments can identify potential problems before there’s an incident, giving those third parties an opportunity to proactively fix things. MSPs can perform those on their client’s behalf and even chase those vendors down to make sure things are buttoned up.
4. Errors and omissions
Even when companies have done everything correctly, an administrative mistake can still torpedo a potential claim. All the defensive preparation in the world won’t matter if the documentation is incorrect or incomplete.
MSPs can leverage compliance software tools and solutions to capture every detail in advance of an event. This comprehensive detailing of every step that was taken and defensive mechanism in place can plug any potential holes in a client’s case for restitution.
5. Extended timelines
Most cyber insurance plans try to limit their exposure by curtailing the time period covered for any interruption in service. Not understanding this nuance can lead to millions of dollars in uncovered losses.
Drawing attention to this window is another service MSPs can provide. They can advise clients on what makes for realistic recovery timespans for various incidents and ensure they’re getting adequate coverage.
Insurance for their insurance
Purchasing cyber liability insurance is a responsible and proactive step that many businesses should consider. MSPs should applaud their clients that have done so and encourage holdouts to consider it as well.
But without engaging a trusted and knowledgeable partner to guide them through this process, companies could end up spending a bundle on premiums only to have that coverage do little for them when they need it most. This presents both a challenge and opportunity for MSPs.
To help customers maximize their cyber insurance benefits, MSPs should do the following:
- Educate – Explain the nuances of cyber liability policies, pointing out what to look for when considering purchasing coverage. Don’t forget to mention that customers will likely have to spend time and money to meet the requirements demanded by their new insurer.
- Make Recommendations – Proactively suggest reputable firms and the types of policies that are most favorable to the customer’s profile.
- Review – If a customer has a policy (or is considering one), review the fine print and make sure your company can adequately provide the required safeguards and documentation required. They create a plan and pricing to deliver the services the customer will need to meet the necessary thresholds of preventative measures.
- Protect & Document – Put the proper preventative services in place and document every step of the way. This is your insurance policy that the customer won’t blame you if the insurance company disputes the claim.
- Stay Current – Policies can change without customers even realizing it, so review every seemingly harmless update in terms and conditions. Likewise, perform routine audits of the customer’s IT environment to ensure they’re maintaining things on their end.
- Invest in Scalable Technology – To ramp up your cyber insurance compliance business without increasing headcount, leverage tools such as RapidFire’s Compliance Manager to simplify and automate as many compliance tasks as possible.