The Cyber Insurance Crisis: Why MSPs and Their Clients Are Struggling
In the past few years, the cyber insurance landscape has transformed dramatically. Once, policies began with a relatively straightforward process of filling out a questionnaire and receiving affordable coverage. Now the process is complex, costly, and often frustrating for businesses of all sizes.
At the heart of this transformation lies a fundamental problem: the challenge of accurately quantifying cyber risk. This challenge affects everyone in the ecosystem and has created a perfect storm in the cyber insurance market.
The Cyber Risk Appraisal Dilemma
The cyber insurance industry faces a significant challenge: how to accurately measure the risk they're insuring. Unlike other insurance types where decades or centuries of actuary data exist, cyber risk remains notably difficult to quantify.
The Questionnaire Problem
Traditional approaches to cyber risk assessment rely heavily on questionnaires, creating challenges across the insurance ecosystem:
- Insurers struggle to accurately assess risk without visibility into actual security implementations
- MSPs face challenges aligning client security programs with complex policy requirements
- Businesses encounter substantial gaps between their expectations and policy realities when incidents occur
The Data Gap
The fundamental issue is a data gap—insurers have limited information about what they're actually insuring. This results in:
- Limited visibility into how organizations manage their security.
- Self-reported data that may not accurately reflect reality.
- No standardized validation of security claims made in questionnaires.
- Difficulty correlating specific security controls with actual risk reduction.
For MSPs and their clients, this cyber risk appraisal challenge has created a cascade of problems.
Several factors have converged to create today's challenging cyber insurance environment:
1. Surging Cyberattacks
The frequency and severity of cyberattacks have increased tremendously. Ransomware and business email compromise attacks continue to rise, targeting organizations of all sizes across every industry. This surge in attacks has led to record-breaking insurance payouts. As a result, carriers reassessed their risk models and tightened their application criteria.
2. Rising Premiums and Declining Coverage
As insurers struggle to turn profits, premiums have skyrocketed while coverage options have often diminished. Even organizations with strong security practices are facing significant premium increases during renewal cycles.
3. Tighter Underwriting Standards
Insurance carriers have dramatically tightened their underwriting requirements. Questionnaires that once took minutes to complete now stretch to dozens of pages. They come with detailed technical questions that many organizations struggle to answer correctly.
4. Coverage Limitations
Even as premiums rise, coverage is often becoming more limited. Insurers are introducing more exclusions, lower coverage limits, and higher deductibles to manage their risk exposure.
5. Coverage Denials
Perhaps most concerning, many businesses are being denied coverage altogether. If an organization can't demonstrate robust security controls, insurers increasingly decline to offer any coverage. These businesses then become exposed to potentially devastating financial losses if attacked.
The MSP Challenge: Caught in the Middle
For MSPs, the cyber risk appraisal problem creates significant challenges:
The Translation Problem: MSPs must translate their security implementations into the language of insurance questionnaires. For their clients, the process often fails to express the true value of the MSP's security services.
Validation Difficulties: There's no standardized way to validate that security implementations actually reduce risk in the eyes of insurers.
Client Expectations Gap: Clients expect their MSP to solve the problem of increasing premiums and coverage denials. despite security investments, they often expect their MSP to help solve the problem—creating potential relationship strain.
Security-Insurance Disconnect: Security best practices and insurance requirements often seem disconnected, making it difficult to align security implementations with insurance objectives.
The Path Forward: Solving the Cyber Risk Appraisal Challenge
Forward-thinking MSPs can use insurance to set their offering apart and provide greater value to clients. It requires a fundamental shift in how we measure cyber risk. Instead of relying on subjective questionnaire responses, MSPs must pull objective, validated data about security implementations.
Creating a standardized validation framework bridges the gap between security implementation and measuring risk. Doing so lets MSPs help clients overcome the insurance challenges while demonstrating the true value of their security services.
Of course, managing risk through security controls only covers half the picture. Read on to learn how cyber insurance and warranties work together in risk management, covering the residual risk that remains after security controls.
About Zach Dressander
Zach Dressander is the Senior Director of Marketing for Todyl, leading a team of innovative marketers focused on delivering insights and experiences to help IT professionals successfully navigate the cybersecurity landscape using the Todyl Platform. Prior to joining Todyl, he was helping drive marketing efforts for Deloitte Cyber & Strategic Risk, where he supported the launch of Deloitte's Cloud Cybersecurity Managed Services with AWS and the MXDR by Deloitte offerings. Previously, he was the lead marketer for Deloitte's Center for Regulatory Strategy, working with regulatory and compliance subject matter experts across industries to help enterprises successfully navigate evolving regulations.
See Todyl in Action
Learn how you can protect what you built.
Stay on the Cutting Edge of Security
Subscribe to our newsletter to get our latest insights.
