Cyber insurance has become a must for businesses. However, the rise in premiums and application hurdles has prompted the emergence of cyber warranties, a crucial financial protection for MSPs and their customers.
Cyber insurance has become a critical form of protection for companies as the number of cyberattacks (and their complexity and effectiveness) increases. While this type of liability insurance can help companies recover from an attack – particularly if customers were affected and are also seeking compensation – MSPs and end users may want to consider other types of financial protection in addition to cyber insurance.
One emerging offering is a cyber warranty. Much like the warranty on your car or a new refrigerator, a cyber warranty is issued by a technology provider to guarantee the security posture of their product for a specific period. These warranties will be important for cybersecurity vendors and customers moving forward as cyber insurance policies become more stringent in their limitations and requirements.
The length of time on cyber insurance payouts is often a challenge for SMBs that must address short term financial commitments to recover from a cyber incident. Cyber warranties provide faster payouts, enabling customers to recover faster, making this a critical differentiator. Some smaller businesses may even opt to use the cyber warranty as their only form of protection.
As successful cyberattacks become more frequent and expensive, cyber insurance providers have also narrowed the scope of their coverage and placed more limits on what they will pay for. For example, covered companies may need to meet specific security guidelines (and prove this via an audit). If they don’t, the insurer may not cover any potential breaches. Additionally, the insurance may not cover losses accrued during a disruption, damaged hardware, or breaches arising from third-party applications or service providers.
A cyber warranty, however, will generally compensate for cyberattacks that emerge via their covered system (or systems). In addition to paying faster, they may provide coverage for gaps in the company’s insurance policy.
An incremental recurring revenue stream for MSPs
For example, Barracuda Networks has partnered with warranty company Cork to provide warranty coverage for MSPs’ small to midsize (SMB) clients. The warranty is embedded with the Barracuda managed services offering so that customers can be financially protected from some of the costs of targeted cyberattacks.
This type of warranty adds an extra layer of financial protection for clients. For MSPs, it provides a product explicitly designed for cybersecurity purposes, along with a potential recurring revenue stream. Cork also provides a monitoring and analytics engine to identify and close security gaps, integrated with the Barracuda XDR monitoring and response capabilities.
While integrated monitoring and warranty capabilities can give clients peace of mind, most companies should also invest in a robust cyber insurance policy. The key is having a full understanding of what is covered and what the company needs to do to meet the terms of the coverage.
Fortunately, products like the combined Barracuda/Cork offering can help SMBs achieve those types of security requirements by providing robust security and monitoring, as well as easily auditable reporting. This will be more important as cyber insurance policies become more complicated and expensive.
Cyber insurance premiums are on the rise
According to ratings firm AM Best, cyber insurance premiums rose by 50 percent in 2022 as ransomware attacks increased. Insurers collected $7.2 billion in premiums last year, triple what they were three years ago. At the same time, insurer loss ratios dropped significantly because of rate increases and tighter underwriting processes.
“Underwriters have used every item in the proverbial toolbox to manage exposures,” said Christopher Graham, senior industry analyst at AM Best in this Insurance Business article. “In addition to the rate increases, underwriters have cut limits, increased insureds’ own retention, and improved risk selection.”
Rising costs and more restrictive underwriting put cyber insurance out of reach for some firms. Some carriers are also limiting coverage in certain industry sectors.
In a CNBC article last year, Dan Garcia-Diaz, managing director of the U.S. Government Accounting Office (GAO), noted that “One insurer reported it opted not to insure the energy sector because of its vulnerability to attacks and because of concerns that energy operators do not follow robust cyber security protocols. Another insurer stated that its appetite to provide coverage to certain industries — including electric grid operators and airlines – is limited.”
Cyber warranties give small businesses and the MSPs that serve them a more workable option to help reduce the damage from a cyberattack, even as insurance providers reduce their reimbursements.
Photo: NONGASIMO / Shutterstock