The landscape for Managed Service Providers has changed. Before we jump into “Why Tech E&O and Cyber Insurance” for MSPs, let’s start with a simple game of True or False.
- True or False:
MSPs don’t need Tech E&O insurance if they already have a cyber insurance policy.
- True or False:
MSPs are considered “low-risk” by Tech E&O carriers.
- True or False:
Many carriers are steering away from providing Tech E&O coverage for MSPs.
The first two questions seem to exhibit an obvious answer of False! But if you answered false to #3, you would be wrong. Many carriers are indeed steering away from providing Tech E&O coverage, with MSPs either unable to get coverage, or costs increasing substantially. This is not the whole story, however, so let’s answer the four “W”s of Tech E&O.
What is Tech E&O?
Tech E&O (Technology Errors & Omissions) is a cyber insurance policy that has additional coverage for Tech Service type businesses, including:
- Contract software developers
- Software licensing
- IT consulting
- Website developers
- MSPs
Tech E&O covers data breaches that affect your business or a client’s operations. For example, it provides coverage if a client sues for negligent acts, errors, or omissions committed while you provide IT services that result in a financial loss.
What is the Difference Between Tech E&O and Cyber Insurance?
There are similarities between Tech E&O and cyber insurance. Cyber insurance focuses on security breaches that harm your company or your clients’ private information. Tech E&O covers everything within cyber insurance, plus offers liability protection from the services you provide to clients for IT and cybersecurity.
At the end of the day, both protect against cyber threats!
Why are Carriers Steering Away from Tech E&O?
Insurance carriers have been battered by significant losses in the MSP industry, especially around “systemic events” such as when an entire RMM system is breached. They are starting to require that MSPs and customers meet specific technical criteria to qualify for cyber insurance or Tech E&O policy. When either a client or MSP doesn’t seem to meet the requirements respectively, the risk simply is too significant.
What are Best Practices for Tech E&O Controls?
FifthWall works with several Tech E&O carriers and has put together a best practices list. The following items, in addition to core controls, will put your MSP in a position to get a solid Tech E&O policy.
- Solid contracts signed for ALL clients
- 24×7 monitoring of EDR/SIEM
- Minimize storage of sensitive data (PHI, PCI)
- Vendor due diligence – audit your vendors, including requiring insurance coverage
- Hardened baseline, including vulnerability scanning, patching
- Robust backups
- Security awareness training
- Private clouds/data centers are considered high risk – if you have one, have an annual professional (ex not “automated”) pen test and/or external certification such as SOC2.
FifthWall Solutions provides guidance on managing and reducing liability for MSPs. We have seven insurance carrier options for Tech E&O– the most access in the industry.
Contact us today to learn more about how we can assist with Tech E&O for your MSP, plus cyber insurance for your clients.
