DataStream: Having A Cyber Insurance Partner Can Change The Conversation

“We get to come in and be your partner and we get to come in there and say, ‘Guess what, Mr. Customer, without those things, you’re virtually uninsurable.’ And when the CFO, CIO hears those words, they open the checkbook,” Larry Meador, DataStream’s channel partnerships and alliances director, tells an audience at XChange 2020.

A cyber insurance partner is a way for MSPs to finally persuade stubborn customers to adopt essential cybersecurity technologies such as multifactor authentication, executives at insurance broker DataStream told a room of attendees at CRN parent The Channel Company’s XChange 2022 event.

But for MSPs looking for their own cyber insurance policy—that’s another story.

For MSPs, getting cyber insurance can be more expensive and take longer than average businesses, said DataStream CEO Andy Anderson.

[RELATED: Ransomware Causing Security Insurance Costs To Spike: MSPs]

He recommended that MSPs carry both cyber insurance and technology errors and omissions insurance from the same carrier.

“MSPs are really hard right now—it’s the hardest space to cover,” Anderson said. “It’s not cheap, but we can try and help get you coverage,” Anderson continued. “I don’t love shopping for you guys because it’s such a different experience than for most customers. For most small customers, small businesses under $5 million revenuewise, we’ll have quotes back in 10 minutes. For you guys, it could be a couple weeks.”

Anderson said that DataStream, a member of CRN’s 10 Hot SMB Cybersecurity Tools And Features To Watch In 2021, can provide MSPs with tools and talking points for speaking with customers about cyber insurance.

DataStream partners receive access to auditing tools, for example, that see if customers are properly deploying multifactor authentication, extended detection and response and other security technologies, Anderson said. The goal is to make sure customers’ existing policies will cover them after a hack or to make sure the customer gets favorable pricing for a policy offered through DataStream.

The broker offers “all of the components that you need to begin having these conversations in a legally appropriate, compliant way,” he said.

“You as an MSP, you have a choice,” Anderson said. “Either you can see this as a problem, or you can see it as probably one of the best opportunities to actually get your customers to invest in the things that they should have been investing in in the last 10 years.”

Regulations keep DataStream referral fees to about $50 or less, Anderson said. But by adding cyber insurance to the conversation when they talk to customers, some MSP partners “are seeing thousands if not tens of thousands of dollars of investment,” Anderson said.

Larry Meador, DataStream’s channel partnerships and alliances director, said that while prospective customers might scoff at adding new cybersecurity tools as just another way for the MSP to make money, a DataStream audit on what the customer needs for insurance can change the dynamics of the conversation.

“We get to come in and be your partner and we get to come in there and say, ‘Guess what, Mr. Customer, without those things, you’re virtually uninsurable,’” Meador said. “And when the CFO, CIO hears those words, they open the checkbook.”

Eighty-three percent of SMBs are not prepared to financially recover from a cyberattack, Meador said. “It’s very real,” he said. “It’s very scary.”

Insurers have also become more savvy about breaking out cyber protection into a separate policy from more general business insurance policies, Anderson said. In his experience, cost has not been a deterrent to potential customers of all sizes.

“We sell lots of $1,000 policies to small businesses. We sell lots of sub-$10,000 policies,” he said. “It‘s pennies on the dollar for most of these businesses.”

DataStream partners with Devon, Pa.-based Mullen Coughlin as the breach coach law firm that helps select the appropriate response firm after a hack.

“Part of what we‘re doing is just pulling that ecosystem—the incident response community, the breach coach law firms—into this community and your customers,” Anderson said. “Because once they start to hear those stories, it no longer becomes this imagined thing that never is going to happen to them. It becomes very, very real, because it is decimating businesses. If you have insurance, it [a hack] is a bad day, but it’s not the worst day of your life.”

Karen Penticost, vice president of development and operations for Envision Technology Advisors—a Pawtucket, R.I.-based member of CRN’s 2022 MSP 500 that counts Microsoft, Lenovo, VMware and IBM among its partners—spoke from the audience to share how one of her customers declined to get cyber insurance despite her company’s recommendation.

“They’ll probably go out of business because they can’t recover from the hack that they had,” Penticost said. “And that’s when we decided to partner.”

She told CRN in an interview after the talk that Envision became a DataStream partner about two months ago. Envision has been investing in its cybersecurity offerings, including hiring more ethical hackers on staff, she said.

Penticoist agreed with DataStream’s description of SMBs that don’t get cyber insurance or invest in cybersecurity tools because they believe only the largest companies face cyberattacks.

“You think you’re too small until it happens to you,” she said.