Although cyberattacks have been around for years, in the last year we have seen a new era of cyberattacks.  These attacks are more sophisticated and have cost companies billions in recovery expenses, fines and lost revenue.  As companies look to protect themselves with technology, employee training, and cyber insurance, they might not be as protected as they think.    Unlike traditional insurance cyber insurance does not have a standard template for insurance.  Each insurance policy is significantly different, and are currently becoming harder and harder to use.  Harry Brelsford of SMB Nation sits down with Bob Coppedge of Simplex-IT to discuss cybersecurity and what the future may hold.

 

Video Transcription

Harry Brelsford 

Hey, nation nation back with Bob Coppedge. Bob, how you doing?

Bob Coppedge 

Peachy, but we’re both getting ready for storms.

Harry Brelsford 

That’s true. And I’ll have you know, folks, we’re recording this on Groundhog’s Day. He saw his shadow. So we have six weeks of winter remaining. But, you know, with climate change, I don’t know how that is the best barometer not but hey, let’s get serious. Um, the topic of the day, the topic of the year is cybersecurity insurance. And you had a funny phrase is we’re talking off camera, the travelers dilemma. Oh,

Bob Coppedge 

yeah. Well, one of the things we’ve seen a lot of our companies and it’s it’s, there’s adjustments going on all over the place, where insurance providers found out they’re getting there, they’re losing their shirts by paying these things. And so they’re either increasing the requirements or increasing the fine print and traveler’s insurance was the poster child that we ran into at least, that they just came out with, we’re at renewal time to all of your existing clients, you have to have these methods of multi factor authentication in place, or else we’re dropping. And so we refer to this lovingly as the travelers dilemma. And, and so we had a box set of here’s that here’s our solution. And we we had travelers, bless it for us, so that we can go to each of our clients and basically say, both reactively and proactively, you if you’re using travelers, or in some cases, we knew they were, here’s what you’re going to have to have in place for them to the to renew you. And in some cases, they’re good practices anyway. Yeah. And it’s always easier, especially as a managed service provider, it’s always easier to sell a service, when you can blame it on somebody else. So if you basically go back, you know, I want you to be more secure. But more importantly, your insurance company won’t renew you, unless you have this in place. So it’s not me trying to sell you these extra, you know, these extra snake oil pieces. It’s critical pieces of your organizational structure are requiring it in order for you to continue to do business.

Harry Brelsford 

Yeah. What do you hear it? You know, you you circulate? A little bit? Are you hearing me MSPs going to exit the industry? Or had they been denied insurance? You have any any tales from the trenches?

Bob Coppedge 

Oh, absolutely. And it’s one where for every for every MSP that answers those types of conversations, there’s probably 30 that aren’t, and are really, really hoping they’re never asked. Yeah, I’m a big believer in sturgeons law, which is Theodore surgeon was a science fiction author in the 50s and 60s, and he had a simple rule 90% of everything is crap. And, and the fact of the matter is, is a majority of organizations are subpar. And I mean, no disrespect to any MSP or any business in general, it is tough is very, very tough. And there’s a lot of organizations that just aren’t MSPs. And otherwise, who, who really can’t address the security because they’re not at that level of, of maturity. Yeah, and, and if they’re not required to, and no one is calling them on it, they can kind of whistle pass the graveyard. But they’re, they’re basically one bad day with one client that goes that goes south, or a company that goes south in the case of the non MSP away from it being catastrophic, in terms of the damage to them or and or to their client.

Harry Brelsford 

And finally, let me make sure I understand the workflow. So you have the small medical clinic on a remote islands, okay. And they would probably have their own cyber insurance here on the left hand, and then you’re the MSP, that serves a bunch of SMB businesses. So you two are going to want to have cybersecurity insurance because the medical clinic may come after you. Right saying shame on you. It was your your gateway that the bad guy got through is that they both you got to be double insured

Bob Coppedge 

is only double. But let’s let’s extend that let’s have some fun. The patient goes to the clinic. The records are then stored and managed or monitored by the MSP. They’re being stored in the third party who’s actually outsourcing their their storage to a farm. So you’ve got the the clients, the employees of the clinic, the MSP the MSP, who was using a third party and the third party who was storing their resources. Everybody gets sued. It’s a free nation. So everybody gets sued. And one of the things is we all have to be able to basically prove that we did best practices. We Did reasonable care due diligence now? You brought up one that’s healthcare. So health care’s guide, guided by HIPAA. So there are specific requirements there. And those requirements go up and down the supply chain. Yeah, you could have the same thing for somebody who is doing DoD work that has cmmc requirements, which is really missed plus, or, you know, FIPS, or ITR, or any of these things. But then you also have the great wasteland of other companies who aren’t necessarily driven by any kind of of compliance requirements, but still have to show that they took reasonable precaution. Yeah. And one of the things from an MSP standpoint is you have to make sure that you’re not in your marketing materials that you’re not out there marketing, what a fantastic solution. You are cybersecurity, if you ain’t got nothing to back it up with. You know, it’s so it goes all the way up and down. It is a fascinating conversation to have.

Harry Brelsford 

Yeah, yeah, absolutely. Hey, finally, assuming that events return in 2022, that’s big assumption. Fingers crossed. Name one or two that we might see at

Bob Coppedge 

Datacom. Okay. I mean, I will absolutely be a Datacom those are one of the best shows. And I always like it nation, the one in the end, I can I cannot keep track of what they’re calling them now or whatever. But the it is the one that’s down in it all

Harry Brelsford 

know that yeah, Orlando Yeah. Yep. Yeah.

Bob Coppedge 

And I may actually be doing some CompTIA stuff. So who

Harry Brelsford 

knows? Yeah, yeah. No good on you. Well, sir, where you going? Yeah, I’m gonna I’m gonna hit all the above. I’m also going to one. And I’ll drop me a note. And Jenny, let’s put down in the blog. It Expo in Fort Lauderdale third week of June. I’m really familiar with this show 7500 attendees, from T m. C, a technology publisher. And Bob. What’s really cool about it is they’re best known for colocated shows. So it expos the Super Show is the headline. But they have 5g and big data and analytics. And I’m involved in the cannabis technology track. And so that’s what they’re known for is these co located shows. So you can really kind of bounce between rooms and do this and that. And the reason I say this, is it’s very different than going to say, the couple shows you mentioned, but I’ll pick on Cisco. The Cisco Partner Conference is about Cisco. Okay, that that’s what the show is. It Expo is an independent show with colocated shows. So that makes it really cool. So yeah, keep it on your radar screen, my friend.

Bob Coppedge 

I’ll look for more details. All right. Okay. Take

Harry Brelsford 

care. Thanks.

Bob Coppedge 

Bye.