One big lesson learned from three months on the cyber insurance frontline
Dammit Jim, I’m a cybersecurity nerd, not an insurance dork!
Yes, that’s a Star Trek inspired quote to prove my nerd credentials.
So, I’ll be the first to admit my first few months at an insurance company have been… let’s just say, a learning experience. I knew I had plenty to learn. But one thing has really stood out to me so far.
Cyber Insurance Really Does Have Teeth
I’ve spent the better part of a decade devoting my time to communicating cybersecurity’s value to decision-makers. I’d like to say I’ve also learned to become fairly good at it. It takes months, if not years, to convince the C-suite just how critical cybersecurity is to the business’s mission. It’s delicate, intricate, and time-consuming, to say the least.
That is until cyber insurance came along and said: “hold my bourbon, watch this.”
I’ve seen it with my own eyes. Time and again. A company is denied cyber insurance coverage due to a really bad questionnaire. No MFA. Zero vulnerability management. No clue what EDR even is. Instant denial.
But here’s where it gets interesting. Nearly every time I jump on these calls with clients, it falls on me to explain just how bad their security posture really is. And I think they’ll be angry. I just called their baby ugly.
But they aren’t mad. They’re apologetic.
“Wes, we’re really sorry this has happened. I want you to know as CEO, I’m going to make sure we correct these issues immediately. We never should have let this happen. It’s mission critical for us to fix this, no matter the cost.”
Meanwhile, the MSP, who was also on the call texts me and said, “THANK YOU! I’ve been trying to get these guys to spend the money and do the right things for a year. And you just jumped on one call, and now the CEO is ready to write a blank check to fix this. I hate you, and I love you, Wes.”
All I could think was, “I didn’t really do anything. That CEO losing coverage for a huge risk was apparently all the driving factor he needed.”
And that’s the truth. Cyber insurance has teeth.
I can spend months building trust. But cyber insurance is like a runaway Mack Truck that can’t be stopped. I’ve learned to embrace it, and so should you.
— Wes
If there’s one thing a business owner cares about, it’s risk. That’s what keeps them up at night. They will constantly ask themselves, “what things could end my business tomorrow? How do I control that risk?”
They know how important insurance is as a risk transfer. Fire, health, life, auto, and even cyber insurance. They’re all important for a business owner. And when they get denied cyber insurance, they feel naked. They understand that level of risk. And they fear it.
So, what’s the good news? Simply this: you have a new friend who is also the bad guy. It’s called cyber insurance. You can lean on it to help the client do the right thing. Insurance now requires baseline standards in cybersecurity.
Change Equals Cyber Insurance
As an MSP, it’s your job to help the client navigate those waters. And you need to be able to convey value in cybersecurity while you do so. But sometimes, you just need a big stick. And now you have it. Cyber insurance is changing the minimum standards. For your MSP, that can be the God send you need to push all clients into doing the right things to protect their business.
I encourage you to learn more about FifthWall Solutions Elite MSP Program today.
From the Desk of Wes
