MSP Panelists: Be Cautious When Handling Customers’ Cyber Insurance Questions

Liability and cost issues accompany firms that help customers apply for cyberinsurance

Jim King, partner at Atlantic Pacific Insurance; Allen Falcon, president of Cumulus Global; Henry Timm, president of Phantom Technology Solutions; and Paul Vedder, managing director of VXIT

Compliance and risk assessment may be lucrative new fields for MSPs to explore.

But three MSP executives said during a panel discussion at the XChange NexGen 2022 conference in Orlando, Fla,. that MSPs must still be cautious about getting too involved with customers’ compliance-related issues, particularly those involving cyber insurance, due to legal liability and cost concerns.

During an XChange session titled “What An MSP Needs To Know About Cyber Insurance,” the three panelists—Allen Falcon, president of Westborough, Mass.-based Cumulus Global; Henry Timm, president of Rolling Prairie, Ind.-based Phantom Technology Solutions; and Paul Vedder, managing director of Palm Beach Grardens, Fla.-based VXIT—agreed that compliance is becoming a larger segment of their business relationships with customers.

Vedder, responding to questions from panel moderator Jim King of Atlantic Pacific Insurance, said that MSP personnel need to be careful about telling customers how they should answer specific questions on insurers’ application questionnaires, saying they ultimately are not insurance or legal experts.

“You don’t necessarily want to give them that simple yes or no answer,” Vedder told attendees at a special security workshop at XChange NexGen. “You want to give them the context around that answer.”

He warned that it can sometimes take hours to fill out various compliance-related questionnaires—and that raises the question of when and how much to charge customers for such services.

“I don’t want to nickel-and-dime my clients,” he said. “I don’t want to send them a bill.”

Yet some of the questionnaires are quite long and detailed, and many customers simply don’t understand the time burden and legal liability issues involved in preparing insurance applications and other types of compliance forms.

Phantom Technology’s Timm said his company is “just incredibly cautious” regarding how to help customers filling out insurance questionnaires and that the insurers’ questions keep changing.

“We‘re seeing quite a few questions on those applications now where it’s very clear that the insurance company has no clue what they‘re actually asking,” Timm said, sparking laughter among audience members.

Falcon also drew laughter during the panel discussion when he indicated that some customers ask if it’s OK to just answer “yes” to all questionnaire inquiries—and how he has to diplomatically tell them that’s probably not a good idea.

As states increasingly pass various security-related laws and rules, several panelists said that the federal government may have to intervene to provide more clarity and consistency when it comes to security-related mandates. The federal government may even soon issue “cyber insurance guidance” moving forward.

In addition, Vedder said that some customers are so resistant to following certain rules that MSPs may need to “opt out” on some matters due to customers going against their recommendations.

But Timm said opt-out agreements many not be enough to legally protect MSPs. “The insurance company at the end of the day is going to try and recoup their money and that onus is on us as the MSP regardless, and we have to figure out how we address that.”

He emphasized that it’s important for MSPs “to be really involved in educating clients about shared responsibility.”