BlastWave and Cysurance Roundtable: More Fender Benders, Fewer Totals, and a Smog Test
Click here to watch the roundtable and learn about the future of cyber insurance from leading experts.
In partnership with Cysurance, BlastWave hosted a roundtable entitled “The Future of Cyber Insurance and MSP Insurability. The roundtable featured a broad range of experts in cybersecurity, cyber insurance, and Managed Service Providers (MSPs). These experts included our own Tom Sego, Vince Zappula, and Keao Caindec. Other attendees included Kirsten Bay from Cysurance, Scott Williams with Cloud Security Alliance, Jeff Ewing of 5Q Partners, Austin Morris Jr. of Morris Risk Management, John Franzino of Grid Security Inc., Jeff Dotzler of Elevity, and James Kim from CTN Solutions.
The expert panelists held an honest discussion about insurability difficulties for MSPs. There are no actuary tables in cyber insurance, so pricing is fluid and can vary greatly based on numerous factors. Additionally, the IT environments of MSP clients are becoming increasingly complex, making them difficult to manage and protect. In the face of these challenges, what can MSPs do to improve their insurability? Read further for perspectives from each viewpoint and key takeaways.
Cyber Insurance: Gold Rush to Wild West
Cyber insurance premiums increased 80% in 2021, making them an unsustainable expense for many companies. Cyber insurance was once a soft market where insurance carriers were covering virtually anyone. Now, insurers have a better understanding of the threat landscape, with cyber-attacks resulting in higher insurance payouts each year. Cyber insurance became a hard market with draconian forms totaling hundreds of questions that different departments must answer. Due to a lack of standardization and the increasing complexity of IT and OT environments, what was once a gold rush is now the Wild West.
MSPs experienced rising liability due to dynamic risk as they became the gateway for supply chain attacks over the past few years. These providers spend extensive time filling out forms only to be denied coverage. Even worse, the initial ransomware attack isn’t the only problem. After an attack, insurers must keep claims open due to the potential for litigation and exfiltration, leaving MSPs susceptible to subsequent attacks. Technology, risk management, and insurance are intertwining, but the challenge for insurers is that MSPs want zero risk. Bay elaborated, “Zero isn’t realistic. But effective security posturing can help companies get closer to zero by reducing the severity, impact, and frequency of attacks. It’s about ensuring more fender benders and fewer ‘totals’ to improve your insurability.”
MSPs: Dynamic Risk Management Difficulties
MSPs feel that the arduous questionnaire process is wasteful because it doesn’t accurately quantify dynamic risk. You can check boxes and legally claim you have a product, but the actual risk reduction and implementation can vary. Furthermore, forms don’t align with how underwriters view risk – purely in dollars and cents.
BlastWave CEO Tom Sego posited the need for a standardized cyber risk “smog test” to replace the current process. Attack vectors represent a dynamic risk that has no historical precedent in the insurance industry. This lack of standardization increases the volatility of the market, complicated by the fact that many of MSPs’ clients don’t prioritize cybersecurity until an attack happens. This amounts to an operational difficulty instead of a technological one, necessitating a consistent way to measure insurability. In this market, MSPs must be pickier with their client choices, as there is not only a reputational risk but a financial risk if their client’s network is breached and lawsuits ensue.
Surmounting Insurability Hurdles
Across attendees, there was an emphasis on a preventative cybersecurity approach to replace the prevailing reactive approach. For all the digitalization on the side of the “good guys,” cyber criminals are implementing automation as well, and even creating ransomware help desks. MSPs can address three key factors to improve their insurability.
The human element is the underlying cause of 82% of cyber breaches. By minimizing the human element involved in authentication through the passwordless methods of phishing-resistant MFA, MSPs can reduce human error and improve their insurability. The second factor is reducing unauthenticated attack surfaces. MSPs can implement device cloaking to keep connected users, applications, and machines invisible to internal and external attackers, thereby reducing the exploitation of exposed web services via CVEs, bugs, and zero-day viruses. Lastly, microsegmentation can reduce lateral movement, helping MSPs implement granular access controls across their clients’ assets and resources. These three security controls can improve MSPs’ security posture by preventing compromised access, unauthorized system and network discovery, and lateral movement, thereby killing the kill chain before it starts and reducing the cost of coverage.
BlastShield™, our Zero-Trust Network Access solution, creates a software-defined perimeter (SDP) that includes phishing-resistant MFA, simple-to-manage microsegmentation, on-prem and cloud orchestration, granular access controls, full-mesh peer-to-peer architecture, tunnel encryption, and device cloaking in a single solution. BlastShield simplifies the security stack, drives profitability, reduces downtime, and enables your company’s digital transformation roadmap.
We hope this webinar provides insight on the cyber insurance market. Tell us about your cyber insurance difficulties and follow us on Twitter and LinkedIn. If you’re an MSP looking for assistance, contact us here.
*** This is a Security Bloggers Network syndicated blog from blastwave.com | RSS authored by blastwave.com | RSS. Read the original post at: https://www.blastwave.com/blog/blastwave-and-cysurance-roundtable-more-fender-benders-fewer-totals-and-a-smog-test