Have We Turned a Corner on Cyberinsurance?
Pre-approved coverage from Sophos and instant-activation cyber warranties from Cork and High Wire Networks are the latest signs that we have.
During a recent appearance on the All Things MSP Live! podcast, I said something that polite people would call controversial and others might call nuts: It’s possible, I suggested, that the worst of the managed services world’s cyberinsurance nightmare is behind us.
If you deal regularly with steep premiums, book-length application forms, and infuriating claims disputes, you’ll have trouble buying that, but hear me out.
The first hints of progress on cyberinsurance appeared early last year, when vendors like Augmentt, ConnectWise, and Trend Micro began announcing data-sharing alliances with insurers. Those deals led to cheaper rates, but you still had to fill out a lengthy questionnaire and wait weeks typically for an approval.
What’s starting to look like a breakthrough came in April when Kaseya announced its new Cyber Insurance Fast Track Program, which gives MSPs and their clients more or less instant access to $1 million of coverage with no application process so long as they have five specific Kaseya security products in place.
That was followed shortly afterward by a similar program from Apptega that I wrote about here in Channelholic last month. Verify that you have a complete stack of security tools in place via automated backend integrations between Apptega and its insurance partners, and you’re pre-qualified for a heavily discounted policy.
And now, effective this week, Sophos has a comparable offer that qualifies U.S.-based users of its managed detection and response service automatically for coverage from Cysurance in amounts ranging from $275,000 to $3.2 million at fixed, pre-defined rates. The pricing is “aggressive,” according to Raja Patel (pictured), senior vice president of products and managed services at Sophos, and the approval process is quick.
“It’s predictable. It’s linear. It’s pretty straightforward,” Patel says.
Cysurance is comfortable skipping past underwriting, he continues, because it knows that businesses protected by a professionally staffed SOC are far less vulnerable than peers.
“Most organizations can’t manage cybersecurity on their own,” Patel explains. “They need somebody to keep an eye out for them 24x7, and organizations that have an MDR service are going to have lower risk than those that don’t.”
It helped that Sophos has a track record in managed security as well, he adds, noting that the company has over 17,000 MDR customers globally at present. “It’s not like they’re jumping in with a leap of faith,” Patel observes.
When something happens once, it may be nothing. When it happens twice, it’s worth noticing. When it happens three times in as many months and involves some of the biggest names in the channel, you’ve got yourself a trend.
Kaseya, Apptega, and now Sophos are showing that it’s possible to insure SMBs at reasonable prices without the hassle of submitting a questionnaire. The more we see other vendors join them, the harder it is to imagine traditional cyber insurance services enduring. The only question is how long it takes for pre-qualified, automated acceptance products to go from leading edge to mainstream.
And if you still don’t like cyberinsurance, there’s cyber warranties too
Here’s a further encouraging development in cyber insurance: it’s no longer the only option for shielding businesses from losses. Cyber warranties are becoming an option as well.
Not that warranty coverage is entirely new to the security landscape. Vendors have been offering warranty protection for years. Indeed, Sophos introduced a $1 million warranty for its MDR service last November, and Veeam announced a ransomware recovery warranty worth up to $5 million for the premium edition of its platform in February.
Those offers cover one vendor and often one solution, however. “An MSP wants to be able to bundle all of the different products that they can sell to the end client,” observes Carlson Choi (pictured), CEO of cyber warranty provider Cork. They’d also like to make money on the coverage they sell but can’t, because regulations bar anyone but licensed brokers from providing—and therefore profiting from—insurance policies.
Conceived by a team that includes Datto founder Austin McChord and Jon McNeill, formerly president of global sales, delivery, and service at Tesla, Cork aims to address both issues. Its core offering (due to reach market in the fall and currently in an early access program that reached full capacity this week) is a “bring your own stack” warranty that covers multiple solutions from multiple vendors, provided at least one of those systems is among the roughly 30 (and growing) systems the company integrates with at present.
“We recognize an MSP works in a best of breed approach,” Choi says.
Unlike insurance, warranties aren’t regulated, so MSPs can resell and earn margin on them. Coverage goes into effect immediately, and claims get paid in days versus months. There are no deductibles either, making warranties a good supplemental coverage option for insurance buyers who would otherwise have to cover thousands in losses out of pocket. And though most businesses carry cyberinsurance these days, per data from security vendor Delinea, large numbers don’t.
“Our programs are also designed for those folks, so that they will at least have some level of coverage,” Choi notes.
Cork’s warranties apply specifically (and exclusively) to ransomware, spear phishing, and business email compromise attacks, the three most common threats SMBs face. The company couples that coverage with a real-time monitoring platform that automatically sends alerts about issues like users disabling MFA, more or less eliminating the prospect of a denied claim so long as the MSP acts on warnings promptly.
A resellable, margin-boosting cyber warranty from MSP/MSSP High Wire Networks features outside monitoring too. The program, which offers $500,000 of coverage against ransomware and BEC attacks, is available only to customers of the company’s managed XDR or EDR service plus its vulnerability management solution. Users must also follow security hygiene guidelines, adhere to a set of requirements around wire transfers, and comply with relevant data privacy regulations like HIPAA.
MSPs can surround warranties with their own monitoring, patching, and security awareness training services and price the resulting bundle as they wish. They can also use High Wire’s vulnerability management service to identify defensive gaps in client environments and turn closing them into new revenue-generating projects.
Buyers are eligible for $1+ million of cyberinsurance at below-market rates without underwriting too. “[Insurers] know that as a result of what we’re doing they have a customer who’s got a compliant environment that is adhering to best practices, has the right security services and technologies in place, and has somebody looking after them on a 24/7/365 basis,” says Stephen LaMarche, Hire Wire’s COO.
High Wire isn’t the only company taking advantage of that dynamic. SOC-as-a-Service vendor Arctic Wolf has been offering discounted fixed-fee $1 million insurance policies via Cysurance (sans questionnaire) to enrollees in its Security Operations Warranty program since last month.
One more sign, MSPs, that as hard as it might be to believe at the moment there appears to be light at the end of the cyberinsurance tunnel.
Auvik enters the SaaS management fray
ChatGPT went from zero to 1 million users in five days, shattering the fastest-to-a-million record previously held by Instagram. Well take that, OpenAI. Instagram spinoff Threads just went from zero to 100 million users in the same five days.
Whether or not MSPs can tell which of their clients is using any of those apps is a question that Auvik’s newest solution is designed to answer. Named Auvik SaaS Management (ASM), the system is an integral component of an evolving strategy (outlined previously in Channelholic) to adapt network monitoring and management to a new age of post-perimeter, cloud-first IT.
“Anywhere we go and anywhere we work, we’re traversing the network, but at the end of that network is a SaaS tool we’re probably using to get our job done,” says John Harden (pictured), Auvik’s senior product marketing manager for SaaS. “So from our perspective, SaaS is probably one of the next most fundamental areas for management for IT professionals.”
ASM competes with SaaS management products from Augmentt, N-able, Nerdio, and SkyKick, among others, but stands apart according to Harden in its proficiency at discovering all of the cloud apps in use at a given company, much as Auvik’s flagship network management solution maps all of a client’s endpoints and network devices.
“We’ve got about 100,000 applications that we monitor and see in our platform,” he says.
MSPs can use the SaaS inventory that ASM assembles to build comprehensive checklists of apps that must be added or removed during user onboarding and offboarding. They can draw on the same inventory during quarterly business reviews as well to increase customer satisfaction by reducing shadow IT and unnecessary SaaS spend, Harden observes.
“Stop asking customers what they use and start asking them why they’re using it,” he says.
Per my earlier post, Auvik views ASM as a complement to RMM solutions versus replacement. “We’re about visibility monitoring and management, whereas an RMM has more functionality around remote monitoring and management as far as remote software management or remote code execution,” Harden says.
At present, ASM is a stand-alone product priced and sold separately from Auvik’s network management solution, but unified by a common look and feel. “There is a vision to centralize the data into a single platform,” Harden says.
Also on the roadmap are new regulatory compliance reports plus “SaaSOps” integrations and automations that will streamline user adds and deletes. “That becomes immensely valuable when your techs are logging into five or ten or twenty different platforms to handle one employee,” Harden says.
ASM is based heavily on technology Auvik acquired last October along with cloud management vendor Saaslio, which Harden ran and founded. The other company Auvik bought that day, Boardgent, will add diagnosis and resolution of remote connectivity issues to the company’s capabilities when its core solution officially becomes part of the Auvik portfolio.
Also worth noting
As long as we’re talking about Auvik, we should probably mention its new partner program.
WatchGuard has rolled its AuthPoint MFA solution together with dark web monitoring and a corporate password manager to form the AuthPoint Total Identity Security bundle.
Liongard has updated its configuration change detection and response platform and integrated it with Seceon’s XDR and SIEM solutions.
The latest addition to the AI capabilities in Intermedia’s contact center solution automatically excises sensitive data from call transcripts.
The ASCII Group will showcase the up-and-coming vendors in the ConnectWise PitchIT accelerator program to its MSP membership.
The Alliance of Channel Women has launched a coaching, mentoring, and networking hub powered by the channelWise platform.
Fear not, NUC fans, Intel may be discontinuing its line of mini-PCs but Simply NUC’s got you covered.