Cyber underwriting essentials: 3 factors to consider when selecting a cyber data partner
Why proactive cyber risk management is a must-have tool in the MSP arsenal for businesses
By KYND
As an MSP, one of the most important things you can do is provide peace of mind to your clients. Particularly when it comes to protecting their businesses against the ever-expanding cyber threat landscape. Curious to find out how to do that most effectively and efficiently? Read on.
The need for cyber risk management is unmatched at the moment, with modern businesses facing what seems like the insurmountable task of keeping both them and their customers safe from a wide range of digital perils. It’s estimated that a cyber-attack occurs every 39 seconds, suggesting that businesses worldwide should rank cyber threats among their biggest concerns. However the reality is that many underestimate the value of effective cyber risk management. According to a recent report by Keeper Security, the average UK business experiences 44 cyber-attacks per year – more than 3 every month – and almost one in five (17%) are subjected to over 501 attacks in a single year. Each successful attack has the potential to harm businesses both internally through the loss of data and externally with public opinion and reputation sometimes deeply bruised. Luckily, it's not all doom and gloom thanks to you – a managed service provider (MSP) – the ultimate ally for these SMBs who leverage technology along with knowledge and experience to help your clients always stay a step ahead of cyber risk. The portfolio of services that you offer can act as a backbone for businesses of all shapes and sizes. For that to continue, as a trusted MSP, you must also adapt to this ever-changing landscape and provide your clients with the right tools to effectively address their evolving cyber risk management needs. But the question is where do you even start?
Both David and Goliath are at risk of data breaches
It’s not just SMBs that are at risk: even large household names can be compromised. Just this past month alone, Uber and Rockstar Games have had serious data breaches that have made the headlines, it is also being reported that both hacks are from the same individual, a 16 year old boy. Uber hardly requires introduction, Rockstar Games is one of the largest creative studios in the video game space. Their parent company Take-Two Interactive are the minds behind some of the most profitable intellectual properties (IP) to ever see the shelves. Their flagship IP Grand Theft Auto’s most recent instalment is reported to have surpassed $6 billion in total earnings making it one of the most profitable IPs in any medium ever. That being said, even a company as large as this did not have the cyber security it needed when a 16-year-old hacked the company’s developer accounts, gaining access to over 90 videos of pre-production work on their highly anticipated new release, Grand Theft Auto 6. Business Insider reported that Take-Two’s stock fell by 3% immediately after the data breach, as the incident could impact the game’s release date. While Rockstar have issued a statement saying that this will have no impact on development, it is hard to believe that having the source code of your most profitable IP leaked along with a plethora of video content for the media and public to dissect, is not damaging to that company’s ecosystem. This highlights why offering both accessible and effective cyber risk management services for businesses of all shapes and sizes, along with educating consumers on how to be more secure online, is not just another service but the service that you need for the modern age.
When it comes to cyber risk, prevention is better than cure
Reactive responses to cyber threats have been shown to be both ineffective and, in some cases, even damaging to a company in comparison to preventative measures. This is especially clear in those businesses that deal with clients’ personal information, such as the recent Uber data breaches or past hacks such as the 2013/2014 and 2016 Yahoo data breaches which led to all their user accounts, totalling 3 billion, being compromised. 200 million of those accounts had all their sensitive personal information stolen including names, dates of birth, addresses and phone numbers. The real danger of lacking a proactive approach to a business’ cyber exposure is the volatility of the fallout. It is simply too risky and unpredictable to react to breaches; they need to be nipped in the bud. Examples such as Yahoo have had to pay out $117.5 million in settlements with users, and that is simply the financial damage of these breaches. Without a shadow of a doubt, consumers are becoming less trusting of Yahoo’s security measures and their reputation has been subsequently damaged. While the threat landscape is constantly evolving and hard to adapt to, the effect of being breached can be devastating to the reputation of a company. In some instances, the company as a whole might not be to blame for a breach, but the headlines can still be just as damaging to public image. Like good hygiene, practising proactive cyber risk management is a thankless task that you will only appreciate once you’ve gotten sick, or in this case breached. Why take the risk?
Solving the problem of cyber insurance for your clients
Many businesses have adopted the tried and tested method of insurance from providers that were all too eager to take control of the cyber insurance market. However, by underestimating the level of coverage required and the threats they would face many providers found themselves paying out left and right. Most cyber insurers are looking to either accept losses and exit the space or hike up premiums and lower the coverage pay-out limits.
While some are using this opportunity to maintain a higher standard of cyber security, it does not change the fact that premiums will continue to rise at an accelerated rate. The ball is now in your court, as cyber insurance providers have already started implementing base requirements to be eligible for insurance. The industry has already seen that there are higher profit margins when covering companies with multi factor authentication (MFA) and endpoint detection and response (EDR) and thus have made these aspects of security mandatory for coverage. You shouldn’t wait to meet the minimum requirements of cyber security standards as this could leave you uninsurable when the time comes to renew your policies. In an industry where the problems can be just as complex as the solutions, clarity is key. This means access to experts and easy-to-use risk management tools are essential to any MSP looking to diversify the kind of support they offer their clients.
With the recent widespread cyber threats facing businesses being largely ransomware attacks, as recently as May of this year FitchRatings claimed that ‘Claims rose by 100% annually in the past three years. Claims closed with payment grew by 200% annually over the same period, with 8,100 claims paid in 2021.’ Considering premiums for standalone coverage have increased by 92% to a total of $3.1 billion, it’s incredibly telling to see that in the face of high premiums, SMBs are still looking to obtain cyber coverage because it is an undeniable necessity. Being an MSP with comprehensive cyber risk management services that you can offer to your clients is an incredibly lucrative space, now more than ever.
The cutting edge of MSPs starts with innovation
MSPs are essentially SMBs themselves, and the task of managing cyber risks for your clients can seem daunting. This is why many MSPs have either built their own security operations centres (SOC) or partnered with an existing Security-as-a-Service provider. Even though it is costly, you can’t afford not to evolve into managed security services providers (MSSP). If the cyber threats faced by SMBs is a thunderstorm with torrential rain, you could be the lifesaving umbrella that keeps your clients safe and dry. According to LogicMonitor, ‘88% of MSPs have experienced a brownout or outage in the past year averaging one per month’ and of those 88%, 41% had lost productivity in some fashion as a result.’ The same survey also found that MSPs reported that 80% of their customers had been affected by cyber threats and that they lacked confidence in their ability to effectively address the threats. This space is clearly in need of attention as the UK government stated in 2017 that ‘Organisations who fail to implement effective cyber security measures could be fined as much as £17 million or 4 percent of global turnover.’ Those who are frontrunners in this space will undoubtedly be looking to cyber risk management as their area of focus over the coming years due to the incredible demand for it expressed by SMBs.
Stay ahead of the curve by educating your clients about cyber threats
The aforementioned Uber data breach was only successful through the use of the social engineering method known as phishing, in which Uber employees were tricked by the hacker into giving them login credentials, enabling the hacker to have access to their company network and sensitive information. At the end of the day the human element can be the downfall of the most sophisticated cybersecurity protocols. Breaking down barriers around sometimes intimidating aspects of technology and cyber security is of the utmost importance.
Sometimes educating can be as simple as altering peoples' perception. How threats are perceived can make a major difference to priorities within companies, Keeper’s 2019 SMB Cyberthreat study found that of the 500 senior decision makers surveyed, only 66% thought their SMB was at risk of cyber threats. This is in stark contrast to the actual figure of SMBs who were attacked in 2019, which is nearly the same percentage, at 67%. Secondly, it seems that businesses who have been operating for longer deem themselves less at risk while younger businesses (sub 5 years) are slightly more risk aware, with 28% believing they are ‘very likely’ at risk, and only 6% of businesses older than 10 years share this view. More troubling is that 70% of businesses who have been operating for 10 years or more ranked themselves as not very likely or not likely at all, which is supported by 18% of SMB leadership ranking cybersecurity as the least important aspect of their entire business. Offering cyber risk management is incredibly valuable to your clients, not just for the security itself but for the education in cybersecurity, the altering of priorities and perceptions, along with laying the foundations for a corporate culture that has evolved to be self-aware of the risks it faces.
Good cyber hygiene promotes good security posture
An organisation's overall cyber security strength and how well it can predict, prevent and respond to ever-changing cyber threats is what is defined as security posture. Cyber insurers are more likely to offer coverage if organisations can demonstrate that they have made a serious effort to mitigate the risk of data breaches. This tumultuous process is eased by the expertise of MSPs, not just in helping SMBs acquire cyber insurance, but in maintaining a strengthened cyber posture 24/7/365.
It is essential to look for external threats such as a brute force attack in which the perpetrator attempts to overwhelm an organisation’s network through relentless password-guessing attempts, or through the more discrete method of phishing where employees are targeted for their data. However, not all threats originate from outside sources, and in fact Security Intelligence stated that 84% of reported security breaches had been in some way the result of human error. Maintaining a healthy security posture internally starts with basic steps such as security policies. Managing who has access to what data is key, not just because it provides accountability, but also because it compartmentalises data into sections, mitigating the damage a breach can cause. Much like a ship with a leak, if the compromised area can be closed off from the rest of the boat, the ship can continue operating normally. Bad security posture could be the iceberg to your Titanic!
Much like washing your hands, practising good cyber security hygiene involves consistency and common sense. Despite the oft-repeated message of “Don’t make your password “password”, passwords such as ‘Guest’ and ‘1234’ still maintain a chokehold on the most commonly used phrases. You can have the most advanced home security systems but if you leave the front door open none of it matters! The same can be said for passwords. Another equally important aspect of good cyber hygiene is staying on top of updates and patches for the systems and software that you use to make sure vulnerabilities can’t be taken advantage of by attackers.
A new KYND of approach to cyber risk management
With upfront costs, compliance and finding experts, evolving with the digital age can be expensive and confusing. MSPs with ability and expertise in the cyber security field are in high demand, but it can be an uphill battle to adapt. Knowing what you can offer to your clients is essential in delivering them the services they need. If you’re an MSP of the future, you will understand that you may not have the capability to handle all the cyber security needs of your clients in-house and look to outsource to cyber risk management service providers. That’s where KYND comes in!
KYND has made seeing and managing complex and ever-growing cyber risk easy for you and your clients, and has been rewarded for our commitment to this mission. Just this month we won the 2022 FinTech Award for Most Innovative Cyber Risk Management Solutions Provider. If you would like to read more about this, check out the press release here.
Using a powerful suite of cyber risk management technology and solutions, KYND provides unrivalled instant insights into an organisation’s attack surface with as little as their website address. KYND allows you to offer your clients straightforward solutions by prioritising the red flags organisations need to address to maintain an airtight cyber security strategy. Unfortunately, this industry can lack simple, easy-to-use tools that address problems head on, which is why KYND is unrivalled in this area. Through KYND’s intuitive platform, you gain access to real time risk assessments to effectively address gaps in your clients’ cyber health. In addition to providing leading cyber expertise, KYND empowers you to provide tangible value by demonstrating its real impact on your clients’ cyber resilience.
For more information about KYND's services for the MSP sector, visit: https://www.kynd.io/providers/