Managed Service Providers: A Tantalising Target For Cyber Criminals

Posted October 10th, 2018 in

It wasn’t that long ago that a business would select an IT managed service provider (MSP) based on its expertise in providing software support, system management, data warehousing and network monitoring.

However, with organisations continuing to outsource more of their data and operations, they are now more reliant than ever on MSPs to deliver progressive and comprehensive digital security solutions that mitigate against threats posed by cyber attacks. 

As business reliance on technology grows, it has provided a boon for the IT industry through the development of new revenue streams. For MSPs to deliver technology services, as well as providing a central aggregation point for their clients’ data, network connectivity needs to be maintained. And, it’s these data-rich channels that cybercriminals are determined to exploit.

Attacks on MSPs On The Rise

According to the Threat Report 2017 released by the Federal Government’s Australian Cyber Security Centre (ACSC), there has been an increased occurrence of malicious cyber attacks targeting IT service providers and IT security firms.

As an MSP, you’re responsible for remotely managing your customers’ IT and user systems, which often includes direct and privileged access to their networks. Also, if you’re a cloud or hosting provider, you may house large amounts of your customers’ data, which may be personally or commercially sensitive or confidential.

It’s no surprise then that MSPs represent a high payoff target. By breaching just one, cybercriminals can leverage access to a large number of different organisations across multiple industries and sectors.

For many businesses, MSPs are a crucial enabler of technology. Nevertheless, they are just as susceptible as everyone else to attack. MSPs are becoming increasingly attractive to cybercriminals as they pose a target-rich environment for attackers. Especially as they often possess admin-level access to dozens if not hundreds of clients.

Think You're Insured, Probably Not...

In the past, the primary source of risk to MSPs was their exposure to liability claims made by customers arising from a failure of their professional service; such as a financial loss to a customer resulting from misconfiguration of important commercialised digital assets.

This risk was easily mitigated through the purchase of traditional insurance policies such as professional indemnity and public liability. (Sometimes, both types of insurance are combined under a single policy and referred to by names such as “IT Liability Insurance” or “Multimedia Liability Insurance”.)

However, when considering the threat of a malicious breach of an MSP, these policies fail to provide adequate protection as:

  • Public liability insurance only responds to claims arising from personal injury or property damage, which commonly excludes intangible property such as data.
  • Professional indemnity insurance typically requires an error or omission, in the provision of professional services, on the part of the MSP as the cause of their customer’s loss. 

When considering their needs for cyber insurance, MSPs and security firms often focus on their  own costs incurred in identification and rectification of the breach itself - an issue many can easily handle in-house at little cost should they fall victim to an attack.

However, with the introduction of mandatory breach notification legislation and rapidly increasing scrutiny of digital supply chain risk, it is the liability associated with a data breach that now represents the biggest threat to MSPs and without appropriate cyber insurance they are exposed to financial loss. 

Edmund’s specialist cyber insurance allows MSPs to buy a comprehensive policy, that covers those Liabilities excluded by design in traditional Professional Indemnity and Public Liability Policies.

Edmund's Cyber Insurance Solution for MSPs Includes: 

  • 24/7 Emergency Response Unit to provide breach response assistance where required. Importantly, it includes advice and assistance in preserving evidence. 
  • The immediate and ongoing legal assistance required in the preparation and defence of clients’ claims or actions brought under the data-breach legislation.
  • Provide compensation for awards, defence costs, fines and penalties against the MSP or its directors as a result of a data breach.

In addition:

  • Coverage is underwritten by 'A+' rated Munich Re Syndicate at Lloyd's
  • A policy can be bought online in less than 8 minutes.
  • MSPs and security firms with an issued “Partner Code” are entitled to a 12.5% discount on their premium.

For more information about protecting your business, visit us or contact your Partner Manager today. 

Cyber Insurance for your Clients? - Download Our Partner Prospectus