Big I Virginia E-News
December 2023
 

Navigating Cybersecurity Allies in the Insurance Realm: MSPs, Third-Party Tools and Cyber Insurers

Print this Article | Send to Colleague

By Mark Viglione, Founder of eCompli.net (Seriously Simple Security)

In an era where cyber threats loom large, the insurance industry finds itself at the forefront of safeguarding sensitive data and preserving client trust. As insurance agencies become increasingly digital, the need for robust cybersecurity measures has never been more critical. In this article, we delve into the dynamic landscape of cybersecurity allies for agencies and clients, exploring the distinctive roles of Managed IT Service Providers (MSPs), Third-Party Tools, and Cyber-Insurers.

Each of these entities contributes uniquely to the protection of insurance agencies from the ever-evolving threat landscape. From proactive defense measures to financial fortification in the aftermath of an attack, understanding the differences and synergies between MSPs, third-party tools, and cyber insurers is paramount for crafting a comprehensive and resilient cybersecurity strategy. Join us as we navigate through the nuances of these crucial partnerships, shedding light on the ways they collectively fortify the insurance industry against cyber adversaries.

Managed service providers (MSPs) offer all kinds of general IT services (some of which may include some cybersecurity capabilities) to small and medium-sized businesses. Such services include outsourced help desk, IT system/tool implementation and maintenance, hosting support. MSPs can also help support insurance agencies in case of a cyber-attack by responding to events when they occur. This can include acting as a first line of communication between the insurance agency and a cyber insurance provider. That said, when it comes to cybersecurity, MSPs are not all the same. Some have expert resources and capabilities for cybersecurity, while others are not equipped as well for the complexity and constantly evolving nature of cyber threats. The cost on average for MSP services range from $1k-$10k per month with annual or multi-year commitments and vary widely in when it comes to cyber security protections and compliance.   

Another key player in the cyber world is cyber insurance providers. Your agency may even offer this type of coverage to clients or partner with organizations who provide such policies. These policies provide support to insurance agencies in case of a cyber-attack by providing financial coverage, offering access to incident response and forensic services, assisting with legal challenges, supporting reputation management efforts, and helping agencies assess and mitigate cyber risks. Collaborating with a cyber insurer is a crucial component of a comprehensive cybersecurity strategy for insurance agencies, providing a safety net in the event of a catastrophic security incident. As you have certainly observed over the past few years, cyber insurance policies are increasing in costs and becoming more stringent in terms of what is, and is not, covered with increasing limitations and exclusions. The average cost of such coverage can be $5k-$10k or more per year with the likelihood that significant increases will continue.

Third-party cybersecurity tools can help to bridge the gap in exposure and problems that MSPs and cyber insurers struggle to address. Such third-part tools are specifically produced in alignment with the needs of insurance agencies that are now regulated in many states and also a high-value target for hackers due to the sensitivity of the client data that must be protected. These third-party cybersecurity tools include external or Cloud software, applications, or services that are developed and provided by entities separate from the insurance agency or its Managed Service Provider (MSP). These tools play a crucial role in fortifying an agency's defenses against cyber threats and help your agency to be more insurable when it comes to coverage. The other major gap that these tools often fill is the increasing regulatory burden of regulators compliance. There are now state laws in 24 states that govern insurance agencies that involve cyber security programs, plans, protective measures, regular monitoring & reporting, and on-going employee training & testing. Failure to implement these required measures can result in fines and penalties in addition to the losses caused by a cyber-attack. Third-party tools are designed to address these requirements, to help prevent attacks, and to reduce or eliminate the administrative hassles of regulatory compliance. Some of these tools are very affordable with monthly subscriptions and no long-term commitments.

As an example, eCompl(i) by Enigma Networkz, is a 3rd party tool offering a comprehensive cybersecurity platform composed of all the timely resources, documentation, and training material required for your agency to become compliant and secure. These tools are being used by agencies within IIAV and Virginia to provide a simple “one-stop” cost-effective solution.

Since cybersecurity now involves managing risk, responding to problems, and regulatory compliance, a good strategy includes a combination of the right 3rd party tools, right-sized services from MSPs who employ highly-skilled and certified cybersecurity experts, and cybersecurity coverage that is proportionate to your exposure and risk factors.

Contributed by Mark Viglione, Founder of eCompli.net (Seriously Simple Security)

 
Goodville Mutual