Over the last five years, cyber insurance has become a must-have for organizations at a time when the number and sophistication of cyberattacks are continuing to grow, bad actors are weaponizing AI and similar advanced technologies, and the amount of money lost in a data breach can reach well into the millions of dollars.
A ransomware attack could wipe out a small or midsize company if they don’t have insurance. According to Comparitech, the average payment demanded in a ransomware attack last year was more than $3 million; the average ransom paid was more than $9.5 million.
Given that, it’s not surprising that the global cyber insurance market is expanding quickly, with Fortune Business Insights analysts predicting it to grow from $20.88 billion last year to $120.47 billion by 2032.
That said, getting cyber insurance can be a cumbersome and time-consuming process that includes lengthy questionnaires and external scans that make it difficult for insurers to accurately quantify risk, create confusion among businesses about their policies, and put MSSPs and MSPs under pressure when trying to address client insurance needs, according to John Nellen, founder and CEO of cybersecurity platform provider Todyl.
Streamlined Insurance Process
At the Denver-based company’s inaugural Partner Summit this week, Todyl executives are announcing a program developed with Spectra – a cyber insurance and risk management platform company – that MSPs and MSSPs can offer to clients that simplifies the certification process and eases access to coverage programs.
The Todyl Spectra Certification Program is based on Spectra’s three-step certification process that initially validates the vendor’s solution, then the service provider, and lastly, the customer’s implementation of the cybersecurity solution. According to Todyl, the approach better ties insurance to a client’s security posture, internal controls, capabilities, and best practices, and it eliminates questionnaires and other bulky workflows.
A Growing Cyber Insurance Space
The cyber insurance field has evolved significantly over the past five-plus years, according to Spectra founder and CEO Edouard von Herberstein, who told MSSP Alert that it was in a “primitive state” until the COVID-19 pandemic, which immediately ramped up remote working and fueled a rapid expansion of the attack surface since then that ransomware and other bad actors have taken advantage of.
The insurance industry reacted by trying to incentivize policyholders to adopt better security practices by requiring backups, multifactor authentication, endpoint detection and response (EDR), managed detection and response (MDR), and similar tools.
“Many insurers have in the last couple of years significantly increased their security offerings, [including] pen tests, threat intel, risk assessment, and MDR,” von Herberstein said. “Some leading insurers have acquired MSPs and MSSPs to pair insurance offerings with security. This emphasizes, logically, a convergence of cyber security and cyber insurance.”
S&P Global reported that cyber insurance is the fastest-growing subsector of the global insurance market, with premiums reaching about $12 billion in 2022, and expected that they could grow to about $23 billion this year.
An Attractive Option
John Nellen, founder and CEO of Todyl, told MSSP Alert he had been speaking with partners earlier in 2024 about challenges in the insurance process and later in the year connection with von Herberstein, adding two points about Spectra caught his attention.
“The first was the certification efficiency for the MSP partner – the vendor certifies first, then the MSP who uses the vendor can get certified in about 24 hours, with an equally efficient process for the end client,” Nellen said. “This allows Todyl to absorb the certification burden and deliver efficiency and value to our partners with warrantied services. It’s a force multiplier: we certify once and can streamline and drive positive impact on a large scale.”
The second aspect was the access to better coverage at reduced rates for SMBs that had been certified.
“In an environment where insurance cost is increasing while coverage is reducing – 58% of businesses reported reduced coverage last year as policy costs have risen over 25% – MSPs have the ability to deliver additional value to their clients,” he said.
No Questionnaires, Reduced Premiums
The joint program offers a range of benefits, from offering service warranty protection and eliminating the questionnaires to giving clients access to preferred coverage programs, reducing premiums, and offering efficient procurement, with insurance quotes delivered via partners in as little as 24 hours, rather than weeks or months.
It also gives MSSPs and MSPs another revenue stream, Nellen said, whose company revamped its partner program last year.
The program already is delivering results, according to Todyl, with one MSP that works with companies in high-risk industries able to secure a 36% premium reduction after being declined coverage by an insurance carrier, a large international research organization getting comprehensive coverage after being rejected by multiple carriers, and a MSP seeing a 98% client uptake for warranty-backed services, with 90% of those clients citing it as a key differentiator.
A Tighter Relationship
Both Nellen and von Herberstein said a tighter relationship between vendors, MSPs and MSSPs, and insurance companies will benefit all involved. The better the relationship, “the more precise they can measure risk, driving economic and process efficiency,” Nellen said. “While the concept of the partner acting as a trusted advisor isn’t new, and many businesses have cyber policies, this partnership helps reduce overhead, streamline process, and enables partners to deliver additional value.”
Von Herberstein added that “the cooperation between MSPs and insurers will enable a feedback loop where evidence of better security unlocks better insurance and insurers' claims allow MSPs to continuously optimize security solutions, creating a virtuous cycle common in other insurance sectors.”
Expanding into the channel has been a focus of Spectra. Last year, the Bermuda-based company unveiled new certification and cyber resilience warranties and a partnership with Ingram Micro to expand its reach in the channel. Later in 2024, Spectra announced it was working with Beltex Insurance, an agency founded by MSP veterans, to offer tailored policies and solutions aimed at MSPs.
The Todyl Spectra Certification Program is available to Todyl partners who use the vendor’s security stack, including SASE, SIEM, MXDR, endpoint security, and GRC modules, along with email security and backup solutions.
