MSPs: Becoming the Trusted Cyber Insurance Advisor

Guest blog courtesy of Cisco Duo and authored by Katherine Yang.

With the rate at which new threats emerge, it may come as no surprise that cyber liability insurance can be traced back to 1997.

In its modern iteration, cyber liability insurance mitigates the losses and business costs associated with cyber incidents and resulting downtime. CyberCube, a company specializing in quantifying cyber risk, estimates that the U.S. standalone cyber insurance market could reach $45 billion in premiums by 2034.

It remains a challenge for smaller organizations to know exactly what insurers are looking for and avoid being priced out of policies. These smaller companies won’t have the resources to implement the holistic security strategy expected by insurers. At least not alone.

Today, many now turn to MSPs to provide technical support and help advise on an insurance policy (along with their digital infrastructure). But what do they need to know?

What would an insurer do?

Supporting SMB cyber insurance requirements means MSPs need to think like an insurer; what’s their customer’s data backup plan? Are endpoints protected? Are network ports closed?

The reality is that cyber insurance isn’t too dissimilar to traditional liability insurance. Home insurance is void if you leave your door unlocked, so why should cyber work any differently? Just like home insurers will recommend access control, cyber liability insurance has its own requirements:

1. Authentication is ‘key’ and a core requirement

Considered by insurers as one of the most important security controls, multi-factor authentication (MFA) protects against stolen credentials by using two or more factors to identify the user (beyond the traditional username and password). It is the best defense against identity-based breaches, preventing over 99% of account compromise attacks. In an insurer’s eyes, this represents the foundations of a zero-trust posture, i.e., the ‘locked door’ of your digital environment.

MSPs can support this MFA requirement, ensuring important nuances like integrating advanced protection for admins (with access to sensitive information), as well as covering all applications and edge cases. It’s also important to support two-factor authentication for Remote Desktop Protocol (RDP), which allows users to remotely access and control a computer. This is typically an easy way for threat actors to enter a system – Sophos found that RDP is abused in 90% of cyber-attacks!

2. Healthy devices reduce risk and keep premiums low

Hybrid work and increasingly diverse IT ecosystems have complicated the access conundrum, with many SMBs relying on a BYOD policy today. Insurers will expect stringent policies around devices accessing an organization’s systems – managed or unmanaged, with the full range of operating systems. MSPs can offer client value by managing and reporting on device health indicators such as firewall status, disk encryption status, presence of endpoint detection and response agents, and software vulnerability updates. Help SMB customers keep device hygiene risks low by setting device health-based access policies and enable users to self-remediate without having to open a ticket.

What can Duo do?

Using the right tools is crucial to help SMBs meet cyber insurance requirements and reduce premium costs by putting security best practices in place. With Duo, MSPs can:

Duo MSP makes it easy for partners to buy, manage, and grow. Learn more about the Duo MSP program and its benefits on our partnership page.