Cyber Insurers are Cutting Out the MSP Middleman
Some are, at least, by providing managed security themselves. Plus: Huntress puts SIEM on a data diet, Syncro chooses AI over genAI, and Channel Program automates stack management.
Cyberinsurance doesn’t seem to be a popular topic with Channelholic readers. The last time I discussed it, three people unsubscribed within about five minutes of the post going live.
Some folks never learn, I guess, because here I go again.
The inspiration this time was a conversation at CompTIA’s recent ChannelCon event in Atlanta with Paul Guthrie, CEO of cyber insurance broker DataStream, confirming what I wrote two months ago: prices on cyber coverage have slowly begun declining, in part because more insurers are selling policies.
“There’s more capacity coming into the market,” says Guthrie. “More supply pushes down the price.”
Supply, meanwhile, is up partly because years of steep price hikes have brought rates into better alignment with risk and partly because underwriters have gotten smarter about security best practices.
“Losses have been not necessarily low, but pretty stable,” Guthrie (pictured) says.
That’s made cyber an increasingly attractive market for carriers at a shaky time for the industry. “It remains one of the few areas in insurance where you can make good profits if you do it, but it also remains one of the areas of insurance where you can take the biggest bath if you get it wrong,” Guthrie says.
Needless to say, that’s a big, scary “if” for insurers and it’s leading to an interesting trend Guthrie sees looming closer by the day: insurance companies are growing less and less convinced they can rely on MSPs to secure end users.
“They’ve found that they need to take control of managing their own clients,” Guthrie says.
It’s a conclusion they’ve come to slowly after years of watching customers fall prey to the same, specific vulnerabilities over and over again. Eventually, they started reaching out themselves to customers at risk of suffering the same fate.
“In some cases, they couldn’t get anyone to answer the phone,” Guthrie says, which sometimes inspired more desperate measures. “They were putting people on airplanes to go knock on the door.”
Even that didn’t always work, and it certainly didn’t scale. In time, insurers realized they need a new strategy for keeping customers safe.
“We need a preexisting relationship with these customers so that when we see these vulnerabilities, they can get fixed right away,” Guthrie imagines them thinking, “and if we’re going to have that preexisting relationship, it needs to be very proactive.”
Proactive IT services. Sounds like what MSPs do. And indeed, some insurance companies are getting into managed services, sometimes via a handful of carefully vetted preferred providers and sometimes on their own.
“Firms are developing their own MSPs and just looking to take care of the clients themselves,” Guthrie says. “It’s maybe an 18-month trend, but I think it’ll become very powerful in the next two years to five years.”
Beazley Security is squarely on the leading edge of that trend. A wholly owned subsidiary of insurance giant Beazley plc, the company replaced its original name (Lodestone) with Beazley Security earlier this year, and has since rolled out a managed XDR service and self-serve client portal. Its mission, according to CEO Alton Kizziah (pictured), is to provide “full spectrum” services that begin with preemptive consulting.
“There’s lots of reasons that claims happen, but there’s some that bubble to the top,” he says. “Understanding how to be better prepared against those very specific types of threats and how to stop them from occurring in the first place is very interesting and important to Beazley and to Beazley Security clients.”
The company provides incident response assistance too when threats do materialize, and can help clients implement post-breach upgrades aimed at preventing future problems. The benefits of doing all of that through Beazley Security versus another service provider usually include getting lower rates on your Beazley policy, notes Kizziah.
Clients range from enormous multinationals to small businesses. Yes, Kizziah says, those shops often have an MSP already, but Beazley Security has no interest in replacing them. To the contrary, in fact, it would much rather become their outsourced MSSP.
“Every time we’ve run into an MSP in an environment, those are the first MSPs that we’re talking to about creating partnerships where we can bring these services to their clients,” Kizziah says. “They actually want to have capabilities we have.”
Insurance threat versus insurance opportunity
There are exceptions to the rule Kizziah describes, of course. Antwine Jackson, president of Raleigh, N.C.-based Enitech Solutions, witnessed one firsthand when a local peer asked him for help responding to a major breach.
“We had to work with another MSP that the insurance company hired to kind of double check our work,” he recalls. After everything was resolved, the insurer’s MSP replaced the original one.
To be sure, Jackson (pictured) hasn’t seen that happen elsewhere and says that with that one exception neither he nor any of his peers has encountered insurer-sponsored or owned MSPs trying to usurp an account they met during an incident response engagement. In fact, in his experience insurer-affiliated MSPs rarely talk to end users at all outside of breaches except sometimes during the policy application process.
“They may do an external vulnerability scan just to make sure there’s some baseline there, or they may push back and say, ‘we don’t know or like this specific vendor,’” Jackson says. Otherwise, they’re mostly hands off.
Even so, Jackson is thinking as hard about the interplay between cyber insurance and cyber security as the insurance industry is. Working with Cork, a cyber warranty provider and DataStream partner that we’ve written about from time to time, he’s bundling a $100,000 warranty—at no extra charge—into every service contract he signs and marketing it as “The Enitech Guarantee”.
“We’ve been able to kind of use that as another lever to differentiate ourselves,” Jackson says. “It’s basically saying we’re putting our money where our mouth is.”
The deal comes with an all-important and strategic catch though: clients only get the $100K guarantee if they embrace Enitech’s security recommendations—all of them. Many customers are taking that deal.
“It’s driving opportunity for us, because it allows us to make clients adopt certain tools in the stack that make them eligible,” Jackson says.
Guthrie encourages other MSPs to get similarly smart about cyber insurance. The savviest ones he knows are learning how to weave the topic into a larger conversation about comprehensive security solutions that include coverage as part of a layered defense strategy.
“Those firms are very good at forging insurance partnerships and are very good partners for insurers. Firms that don’t have that full view are in danger of coming off as sales agents or sales brokers to their customers, and not as trusted risk advisors,” Guthrie says. “Those firms are going to struggle from competition in the next couple years.”
Or sooner, and if not from fellow MSPs then possibly from insurance providers. “The way these markets happen is that it doesn’t seem like a threat until it is, and then it’s too late,” Guthrie says.
Huntress put SIEM on a data diet
Insurers deserve credit, in a roundabout way, for the latest solution from Huntress, a recently launched managed SIEM service. True, notes Chris Bisnett, the vendor’s CTO, few if any carriers require businesses to have SIEM protection right now, but they’re starting to inquire about it on applications and Huntress knows how this movie ends.
Think back a few years to when EDR first started showing up on questionnaires, Bisnett (pictured) suggests. “Eventually, it switched over from not are you using one but which one do you have, and you must have one to get cyber security insurance.” Huntress rolled out EDR in 2022 as a result. Now, in a bid to be ahead of the inevitable curve, it’s introduced SIEM too.
“We can see what the trend is,” Bisnett says.
Like EDR, he continues, SIEM is hardly a new technology. Enterprises have been using it for a long while. SMBs, less so, primarily because existing solutions are expensive and rely on 24/7 monitoring by a professionally-staffed SOC. Eliminating the latter issue by offering a managed SIEM solution was something of a no-brainer for Huntress, according to Bisnett, given that the company has been providing outsourced security services for years.
“That’s something we’ve done a bunch,” he says. “We really felt like the biggest place we could make a difference was in the cost.”
The key, the company saw quickly, would be reducing the storage burdens existing products typically impose. “The biggest thing that drives costs for a SIEM is the amount of data,” Bisnett says. Huntress’s solution significantly reduces that amount by automatically filtering out log events that produce lots of data but have little value to security analysts.
“Because of that, now we can charge a significantly cheaper rate than most of the other vendors,” Bisnett says.
Unlike competing vendors that charge per user, moreover, Huntress charges per data source (like an end user’s Windows event logs or password management system) and data points within those sources. “It starts at two dollars [per month] if you only have a few data points, like 15, and it goes all the way down to a dollar per data source if you have, say, 100,000,” Bisnett says, adding that each data source comes with 10 GB of collection and storage per month.
At present, Huntress’s SIEM imports, filters, and analyzes data, but it will soon have the ability to act on that data as well by locking or deleting compromised accounts, for example, or rotating passwords. Look for that functionality to arrive in three to four months, Bisnett says.
Syncro says “now” to AI and “later” to genAI
People have a tendency to use “AI” and “generative AI” interchangeably. Managed services software maker Syncro, however, is acutely aware of the distinction and has consciously chosen not to equip its software with the technology that turned “hallucination” into a word as familiar to IT professionals as it is to psychiatrists.
“We’ve decided to draw that line for now until we feel like we can do it in a way that isn’t going to pass that risk on to our partners,” says Dee Zepf (pictured), Syncro’s chief product officer.
The company’s relying on more traditional forms of AI until then to power hyperautomation upgrades like the Smart Ticket Management solution it made generally available earlier this month. Per my coverage in June when early access users got their hands on it, the feature comes with “guided resolutions” functionality (available at no extra charge to partners on Syncro’s Team plan) that automatically reads and classifies incoming tickets.
“Then it takes that information and matches it up with a solution or a resolution for the issue and provides the technician with a suggested recommended checklist,” Zepf says.
Smart ticket search functionality originally slated to arrive later in the year but here early, is now included in all Syncro plans too. “It’s context aware, so it knows the ticket you’re on, it understands the subject and content of that ticket, and based on that it gives you five similar tickets,” Zepf says, along with other recent tickets from the same customer. The goal, she continues, is to give technicians a short cut toward a fix.
That emphasis on getting more done in less time is characteristic of what Michael George, Syncro’s CEO since February, considers a key distinction between his company and arch-rival Kaseya. Both companies see helping MSPs boost profitability as a path to competitive advantage. Kaseya’s core strategy for realizing that objective is to make line-of-business software less expensive through disruptively-priced offerings like Kaseya 365. Syncro’s is to make technicians more productive through AI-powered enhancements like Smart Ticket Management.
“The greatest cost for an MSP is in their labor costs,” George says. “That’s the cost of goods sold that we’re focused on.”
Generative AI isn’t part of the plan today, but it will be eventually. “You’ll definitely see more to come from us in that space as we move farther down the road,” Zepf says, pointing to platform-wide, LLM-based smart searching as a likely example.
Other forthcoming features have little and perhaps nothing to do with AI. According to George, who declined to share details, Syncro will soon draw on underleveraged capabilities in tools MSPs already use to provide better security with fewer solutions.
“People spend a lot of time and energy, and money candidly, on layering up security products and elements today,” he says. “If some of the more underlying technologies were structured in a way to be much more useful, then it would allow MSPs to reduce the stack and just be able to operate much more fluidly and much more efficiently within the native systems.”
Syncro has stack-shrinking initiatives in areas beyond security coming too. Like what, you wonder? Here’s all George will say for now: “The things that we’re doing will help stand up the Microsoft environment in a much more useful and productive way.”
Channel Program’s emerging integration strategy
True Channelholic stans are probably familiar with Channel Program’s NaviStack feature, which we covered when it first went live a year ago. The system helps MSPs inventory the solutions they use to run the business and support customers.
Turns out there are a lot of them, as in dozens per MSP quite often, which is why NaviStack has taken off to a degree that’s surprised even Channel Program and influenced the product’s development. The original vision for the tool was simply to give users a complete, organized picture of the software they’re running, says CEO Kevin Lancaster. Over time that vision has expanded to include, for example, the ability to track subscription renewal dates and see which apps each of their clients is using.
“The MSPs can visualize not only their stack, but they can visualize the stack that they’ve deployed to that specific customer,” says Lancaster (pictured).
Which is interesting, because it turns what was originally an operational efficiency tool alone into a competitive differentiation engine as well that MSPs can use to show clients where they’re spending—and perhaps wasting—money on IT.
“It’s not just about, ‘hey, here’s our MSP service, it’s ‘x’ dollars a month,’” Lancaster says. “We’re going to keep you up and running and secure and all that stuff, but we’re also going to help you manage your holistic technology expense.”
Enthusiasm both for that capability and the renewal management functionality has been strong enough for Channel Program to invest in automating them through two PSA integrations rolled out this week that let users import prices, dates, and other forms of contract data directly into NaviStack.
At present, neither integration exports data as well, but Lancaster anticipates that changing. MSPs searched Channel Program’s solution catalog, which is separate from NaviStack, 7,000 times last month, he says. “5,000 of those were MSPs looking for new technologies to add to their stack.” Creating a workflow that lets them export data about the apps they adopt into their PSA makes a lot of sense.
Connections to more PSA solutions are on the way, as are integrations with products in other categories. Lancaster won’t specify which categories, but like Syncro’s Michael George he did drop a hint.
“The reporting that we can do now to help the industry understand what’s going on in the marketplace can’t be matched,” Lancaster says, noting that Channel Program has over 3 million data points about 1,200 products from 900 vendors, plus some 5,200 product reviews from MSPs. The new functionality, Lancaster promises, will be “unlike, I think, anything that anybody else has contemplated in this space.”
AI-powered automations are apparently due soon as well. “The Q3, Q4 roadmap is ridiculously robust,” Lancaster says.
Also worth noting
I told you CISA’s Secure By Design pledge has a shot. Veeam and Object First are the two latest signatories.
No rest for weary threat actors. Most ransomware attacks happen between 1 a.m. and 5 a.m. these days, according to new research from Malwarebytes.
Device isolation and process tree visualization are among the new enhancements to Webroot by OpenText’s EDR solution.
vCISO platform maker Cynomi has a new directory of vCISO service providers.
You’ll need two sets of fingers and two sets of toes to count the over 40 new additions to the GoTo Connect portfolio.
Heather Brown is the new chief customer officer at LastPass.
Leonard DiMiceli is the new channel chief at 5G network vendor RYTHMz.
Workday has a new global payroll solution and offers a new payroll service in partnership with Strada.