Security Panel: MSPs Need To Be ‘Really Careful’ When Talking Cyber Insurance With Customers

‘When you add cyber insurance into [your discussion], you basically fortify that position that you are taking care of all of their cyber. So you need to be careful that when you do that you are taking care of all of their cyber or at least you’re bringing the problems to their attention,’ says ThreatLocker CEO Danny Jenkins during a panel with executives from Pax8 and N-able at the 2023 XChange Best of Breed conference.

ARTICLE TITLE HERE

During a panel on cybersecurity, ThreatLocker CEO Danny Jenkins made the case for why MSPs shouldn’t worry about making friends.

Rather than fret over the added cost security brings to a customer, an MSP needs to “get out of your own way” and present data so that a customer understands what forgoing extra security means for the business, Jenkins told an audience of solution providers attending CRN parent The Channel Company’s 2023 XChange Best of Breed conference this week in Atlanta.

“Make them say, ‘No, I don’t want you to do that,’” said the CEO of the Orlando, Fla.-based security vendor. “I don’t think any business owner is going to say no because I don’t think any sane business owner will risk their business. … If they come back to you and say no, I’ll be very surprised because most humans, most business owners, don’t [care] about $100 a month.”

id
unit-1659132512259
type
Sponsored post

[RELATED: SentinelOne CEO: Microsoft Security Should Be More Like Apple]

MSPs And Cybersecurity

Jenkins said “there is one core difference between an IT person and a security person, and that is IT people have friends, security people don’t.”

“If you want to be a security provider, your job is not to make friends,” he said.

Sandra Antoun, director of sales and marketing at Austin, Texas-based Vintage IT Services—an honoree on CRN’s 2023 Managed Service Provider 500—told CRN that she agreed with Jenkins’ advice for selling security, which is to show use cases, point out where the customer stands and communicate the risks.

She has started working on a scorecard she can show customers to help illustrate risks from a lack of security, Antoun said.

“MSPs should be viewed as true partners, and our clients should trust us,” Antoun said. “But we need to show them that we’re the experts and here’s the data to prove it.”

Panelist Kelly Miller, vice president of channel sales at Tampa, Fla.-based managed security platform provider Deepwatch, said MSPs will continue to serve an important go-to-market function for the company because of the consulting and services capabilities they add to Deepwatch’s products.

About 100 percent of Deepwatch’s overall sales come through the channel, according to CRN’s 2023 Channel Chiefs.

Cyber Insurance Pros And Cons

The panel also discussed the pros and cons of MSPs offering customers cyber insurance-related services.

Vintage IT Services’ Antoun told CRN that enforcing businesses to buy cyber insurance is difficult due to high hurdles from insurance providers and the cost.

“It’s a cycle that is not that easy to solve,” Antoun said. “We can only educate and inform [customers] and hope they make the best decision for their business.”

ThreatLocker’s Jenkins warned that talking about cyber insurance with customers could create a false impression that the individual MSP solved all security problems.

“You need to be really careful,” Jenkins said. “When you add cyber insurance into that, you basically fortify that position that you are taking care of all of their cyber. So you need to be careful that when you do that you are taking care of all of their cyber or at least you’re bringing the problems to their attention.”

Fellow panelist Nikki Meyer—corporate vice president of vendor global alliance for Greenwood Village, Colo.-based IT distributor and cloud marketplace Pax8—told the audience that she does see a hesitancy by MSPs in introducing cyber insurance into the portfolio for customers because of the liability and accountability that come with it.

However, a distributor such as Pax8 can help insurance companies and MSPs communicate their needs. In fact, Pax8 has teamed up with a large cyber insurance company to do just that, she said.

“A lot of the work that we’re doing right now is bridging the gap between the guidance that’s coming from the cyber insurance company and helping the MSPs to realize that this is a part of the monetization of services that they can offer,” Meyer said.

Pax8 has about 24,000 channel partners worldwide, about 20,000 of them in North America, according to CRN’s 2023 Channel Chiefs.

Laura DuBois, group vice president of product development for Morrisville, N.C.-based N-able, told the audience that cyber insurance “is definitely something that everyone needs to have if you want to stay in business.”

DuBois also suggested that MSPs be more prescriptive about security offerings beyond endpoint protection, including multifactor authentication password management best practices, detection and response, patching and penetration testing.

Presenting security services as discretionary leaves the door open for customers to make decisions that could end up making adequate protection too difficult.

“Sometimes that means taking a harder line and giving less options to the customers themselves,” she said.

N-able has about 25,000 channel partners worldwide, according to CRN’s 2023 Channel Chiefs.

A final piece of advice from ThreatLocker’s Jenkins is to never fully trust employees, who can always make mistakes with the firewall or backing up information.

He said that he even has a secret company conducting penetration testing that his employees don’t know about.

“People are people and they make mistakes and they get busy,” he said. “They want to go home to their football game.”