WITH JOSEPH BRUNSMAN
You’re probably already familiar with cybersecurity practices. As leaders in the complex world of Healthcare and Finance, you know ensuring a robust cybersecurity plan with a strong MSP is well worth the investment. Your clients trust you, and that is why you’re in business to begin with.
But as the world of tech advances with its feet slammed down on the gas, MSPs are requiring their clients to acquire cybersecurity insurance before they’re willing to take them on.
Do I really need an MSP?
Joseph Brunsman, former IT, founder and president of Brunsman Advisory Group LLC, firmly suggests getting one if you don’t have one already.
“As a former IT professional, myself, having one sure makes life easier. Could I set up an area network for my office, run all the patches, and respond 24/7 to every potential threat? Yes, but it’s not an efficient use of my time.
You’re not necessarily paying an MSP to do a specific task; you’re paying them to cover your bases and better protect your data. Maybe you could do it on your own, in theory, but you have to consider how much time that would take the upfront costs, and more. Even thinking about it now, the time investment necessary just to ‘get up to speed’ would be enormous.”
There’s a projected 33% increase in demand for cybersecurity staff over the next decade for one reason. To avoid wasting your billable hours on wrestling with wires and learning a bunch of new technology, invest in the experts, sleep better at night, and work on growing your business.
The experts are insisting businesses need cyber insurance.
Why are MSPS requiring me to have cyberinsurance?
To put it simply, it protects you AND your MSP’s rear-ends.
Your MSP is there to minimize those risks, cover your bases, and come up with an actionable roadmap to improve the security and quality of your business technology. If a cybercriminal manages to break into your system despite your defenses, that’s where cyber insurance comes in: to insure the financial losses resulting from cybercrime.
However, threats are always evolving and changing. Sometimes those threats are unknown until disaster strikes. In other instances, a staff member distracted with other tasks could bring about a six to seven figure loss with a few clicks of their mouse.
Cyber insurance reduces the financial damage from the many risks your business is prone to just by existing online, while you and your MSP work together to evolve and strengthen your business against those threats.
What does cyberinsurance cover?
There are over 200 different cybersecurity policies, each with their own complexities and areas of coverage. It’s not a legal term or an officially recognized term in the insurance industry. It’s a general idea of monetary coverage for cyberevents.
Joseph simplifies the way we look at cyberinsurance by dividing policies into two sides, and four buckets:
3rd PARTY COVERAGE
- If another party that was affected by a cyberevent comes after your business, cyberinsurance covers it.
• This can include state attorney generals, past clients, regulators, etc.
• These instances are rare because plaintiffs must first prove legal standing before the court of law, Due to the complexity and novelty of this process, this can be exceedingly difficult and time consuming.
1st PARTY COVERAGE
- Data Breach/malware/cyber-event
• The definition of Data Breach can vary depending on regulatory requirements.
• A Data Breach is generally defined as both access and acquisition of PHI (Personal Health Info), PCI (Payment Card Industry Compliance), PII (Personally Identifiable Info)
• A cyber event that locks out all employees and users from a system unless a specified amount of money is paid
• It can be illegal to pay ransomware depending on federal law, so don’t assume cyber insurance can come to the rescue here
- Loss of funds
• Covers instances of situations like wire fraud, push payments, social engineering fraud, and invoice manipulation.
- Miscellaneous, but situationally appropriate
• Covers other issues like system failure, utility fraud, bricking, dependent business interruption, and dependent system failure
Joseph Brunsman expands in further detail on what each side and bucket cover in his video, How to Understand and Intelligently Explain Cyber Insurance.
How do I find the cyberinsurance policy right for me?
Joseph recommends considering the four 1st party buckets and asking yourself and your staff: What are we worried about losing? Money? Clients? Data?
For example, if you’re worried about losing funds, what is the mechanism of loss?
My CFO got tricked into wiring money where it shouldn’t go.
This example of social engineering would fall under the Loss of Funds bucket, so you’d need to have an insurance policy in place that could cover that issue.
I’m afraid of getting locked out of our systems and client data by criminals demanding payment.
This would go in the Ransomware bucket.
ALL specific coverage options could fall into the two side/four bucket system, penned by Joseph, to help clients better understand their policies. However, sometimes you might not even know what policies to ask about or what risks are more prominent in your industry. You’ll need to have the right questions ready for your insurance broker, but where do you begin?
With data breaches costing businesses an average of $4.24 million in 2021, according to IBM’s 2021 Cost of a Data Breach Report, the time to protect your business is now.
You need an advisor to advocate for you while you shop for cybersecurity insurance, and the Brunsman Advisory Group can help. Joseph has a Master’s Degree in Cybersecurity Law and, using his past expertise in systems engineering with the US. Navy, can go between the big brains and the regular folks to help you make the most educated decision for your cybersecurity insurance policy. He knows exactly what to look for in a policy for your industry and can help you learn more about what’s going on behind the intimidating layers of technology.
Want to learn more about picking a cybersecurity insurance policy?
We’re ready to help you work smarter and more securely.
For more information on cybersecurity, call Todd Sheppard at (865) 524-1124 or use this contact form.