We are seeing a major shift in cyber insurance as  premiums have increased between 30% and 110%.  One school district even reported a 334% increase in their cybersecurity policy.  As more and more big names are breached or hit with nasty ransomware strains, many are realizing the consequences and financial stresses this can have on their company.  Most experts agree its not if your company will get hit its when.  As cyber-attacks ramp up threatening data and privacy, cyber insurance companies have had to raise their rates partially due to claim frequency, the severity of claims and the uncertainty of what’s to comeHarry Brelsford of SMB Nation sits down with Dave Sobel to discuss cyber threats and the rise in insurance. 

Video Transcription

Harry Brelsford 

A nation nation back with Dave Sobel. Hey, Dave, may I be the last to say Happy New Year that occurred some time ago,

Dave Sobel 

we can all still have a Happy New Year, the whole year, we can celebrate it. I’m all for it.

Harry Brelsford 

Well, hey, you cover a lot of topics over in your podcast. And so I just have to believe you’ve covered cybersecurity insurance for MSPs. What’s the hubbub? What’s going on?

Dave Sobel 

While prices are going up, if you can even get it, seeing price increases between 30 and 110%, one school district even reported 334% increases in their cybersecurity policy. This is a market where the insurers are realizing they didn’t think hard enough about it are paying out massive amounts of money. And that’s not a viable business for them. So they’re they’re jacking up rates or even starting to just not issue policies at all, or not allow providers to get them.

Harry Brelsford 

And what would that look like if you’re an MSP serving some SMB customers, and you don’t have cybersecurity insurance yourself? I mean, I said, did you have to have it?

Dave Sobel 

So the answer is, of course, no, there’s no legal requirement currently to hold that insurance. You know, and so thus, it is just an exposure of risk, if you don’t have it. Now, I would be remiss if I didn’t give general business advice of I am not a lawyer, and I am also not an insurance broker. So I would I would tell you to do that risk analysis with with your teams on that or your counsel, or if you don’t have one, get one. But but understanding that my understanding right now is it’s not a legal requirement, as in a broad sense, you, of course, have to have business insurance for most businesses. And you’ll dive into the practicality of that, and what’s covered and what’s not. And thus, anything that isn’t covered in your policy. Well, that’s just risk you shoulder.

Harry Brelsford 

Yeah. Yeah. And then what about the client? So I clearly I get it. But what about the small medical practice that one of the MSPs is serving? Would they also have a cyber insurance policy?

Dave Sobel 

Well, the answer there is, is that again, you should speak to a particular broker with expertise in that to understand what’s covered and what’s not as portions of a general business liability plan, what errors and omissions would be covered for and then whether or not a specific cyber writer is required. On top of that, again, I’m not a broker on this. But my understanding is that you want to look at it from the perspective of doing the analysis of your entire risk profile in insurance, see what’s covered in what categories and what you need going forward. Now, personally, I think this is an area where I my advice is, understand and look into it and do the risk analysis. And by the way, that’s a great service, you should be working with your clients to make sure that they understand the needs, but you’re going to have to do it for yourself to what

Harry Brelsford 

have you heard? Or can you predict that some MSPs may just hang up, hang up the shingle and get out of this business because of cybersecurity insurance? And I mean, the game has changed.

Dave Sobel 

Yeah, absolutely. I mean, I did a video, you know, almost a year ago. Now this was was cleverly called don’t start an MSP. It’s not that I don’t believe in this space, it’s that I think people need to understand the challenges before hanging up their shingle. By the way, remember that you can do different kinds of service. One of the areas where I think may become much more in vogue this year, is the idea of being a consultant, someone that provides advice, rather than necessarily all service, that’s a different level of engagement. It’s a different responsibility level. And by the way, we’ve oftentimes devalue consultants too much valuable advice is worthwhile. You don’t necessarily have to take on all of the responsibility, if you’re providing advice and guidance to customers, for them to make their own decisions. I think the models may change, I definitely do think some people are going to get out of this game, because it’s much much harder. And they’re not comfortable with the risks that are out there on or they’ll reform their business to look at different kinds of services. So for example, you might decide that you’re going to move from an infrastructure play just to consulting services around cloud delivery, right and helping people be more effective with the cloud tools they do, and work with someone else who takes on the risk of those cybersecurity elements.

Harry Brelsford 

Yeah, yeah, I can tell you because I’m doing more consulting the industry. And you know, I’m not getting any younger and I can tell you the the motion looks like this. They’re really comfortable bringing me in for maybe 10 hours a week or 10 hours in total or, you know, very discreet Consulting. projects versus, you know, once you start talking about becoming a W two employee, that’s a very different conversation. Right? Right. Whoa, whoa, whoa, I’ve got an employee. And so I’m able to arbitrage that because, you know, I enjoy consulting the industry. So I’m very upfront, hey, I’m not looking for a job, and I’m not looking for your job. Okay?

Dave Sobel 

Right. And we as an industry have also all talked about this, you know, people have obsessed with the idea of must be everything on monthly recurring revenue must be an element of, of service delivery. I’m not saying that’s bad. I love monthly recurring revenue. But I also have to understand the risk profile of the services that I’m delivering and make sure that I’m willing to take that on. And you may not be willing to take that on for all services. And thus, it’s okay to deliver some on MRR and some perhaps just as an advisory role.

Harry Brelsford 

Yeah. Yeah. Well, thank you. As always, sir. We’ll catch you next time. And hey, before we go, the East Coast has been hit with a couple storms. So did you get hit out there and

Dave Sobel 

I was lucky to be remotely working from from Central America during the worst of the storms here and manage to miss that one. And then the most recent one, just brushed DC and we got really lucky so I managed to avoid both of them. Alright, take care. Thanks, Eric. Talk to you next

Harry Brelsford 

Alright, take care.

Dave Sobel 

Thanks, Harry. Talk to you next