With more news about cyberattacks making headlines, organizations who rely on a Managed Service Provider (MSP) are starting to ask questions about how their data is being protected - including requests for MSPs to prove they have the knowledge of proper data protection processes and their own cybersecurity program in place.
In a recent webinar, Defendify Success Managers Shanna Utgard and Glen Capen shared real examples of issues MSPs face to protect themselves from evolving cyber threats, like ransomware and finding a way to offer comprehensive cybersecurity to their clients. Read on for a recap of their conversation.
Meeting Client Demands
Clients are increasingly asking MSPs for proof of cybersecurity services, many being driven by requirements from cyber insurance or vendors. The cyber insurance industry is still relatively new and challenging to manage as threats rapidly change. Insurance carriers ask applicants about their current cybersecurity practices and processes through in-depth questionnaires, also known as third-party assessments. These assessments lay the foundation of how the insurance carrier determines an organization’s risk factor and figure out their premiums.
Managing the Conversation
MSPs may be hesitant to approach the topic with clients and prospects, anticipating push back over added fees. To head off any objections before they arise, MSPs should be prepared to discuss the types of services they currently provide as well as make a differentiation between managed IT services and security.
Working cybersecurity risk assessments into regular business operations provides an avenue for discussing insights into the risk landscape, identify gaps, and provide recommendations or solutions. It may take some education, but coming to the conversation armed with this background information will enable a more productive partnership.
Offering Comprehensive Cybersecurity
MSPs may be working with clients and prospects with minimal budgets and/or limited resources to devote to cybersecurity. Building the foundational pieces – the assessments, plans, and policies – into the organization’s stack is key to making the most of a cybersecurity program. These organizations should also be aware that even with all of the right technology and procedures, they may still experience a breach. Therefore, it is crucial to have a solid incident response plan that sets expectations at an employee level and coordinates all the different parties involved in response and recovery, which will minimize downtime after an attack.