Cybersecurity firm Sophos, in a report last year, wrote about the increasing organizational adoption of cyber insurance policies as they face more sophisticated attacks, including the high number of MSPs that are seeing more clients seeking their help.”The widespread adoption of cyber insurance is driving high levels of channel engagement, with 99% of MSPs reporting an increase in demand for support and solutions to meet cyber insurance requirements,” the UK-based company wrote in its MSP Perspectives 2024 report.The needs primarily include implementing security services, such as managed detection and response (MDR), endpoint detection and response (EDR), and related technologies, to help companies qualify for cyber insurance. Additionally, about 45% of MSPs surveyed said they were being asked to assist in completing insurance applications.applications.“The provision of services and technologies that improve insurability is a major opportunity for MSPs, and organizations should look to optimize their support in this area to maximize revenue potential,” the company wrote in the report.Sophos is taking another step this month by partnering with insurance broker Capsule to make it easier for its UK customers using MSPs to access cyber insurance coverage. It is a recognition of cyber insurance and its importance in the modern environment and the central role MSPs and MSSPs play in helping companies acquire and maintain such insurances.

Business is Booming

Such trends are feeding a fast-growing and evolving global cyber insurance industry, which Fortune Business Insights analysts expect to grow from $20.88 billion in 2024 to $120.47 billion by 2032.“The growing cybersecurity risks and data breach activities are enabling businesses to implement cyber insurance policies,” the analysts wrote. “Nowadays, small and medium enterprises are also being targeted by cyber attackers. This is projected to boost new cyber insurance products adoption by small businesses.”It’s also propelling MSSPs and MSPs to expand their cyber insurance related services.Last month, Cork Protection rolled out AI agent-based tool services that MSPs can use to quickly analyze insurance policies for clients. At the same time, cybersecurity firm Todyl joined with Spectra, which offers a cyber insurance and risk management platform, to create a program for MSPs and MSSPs to simplify the certification process and ease coverage access for organizations.Rob Enderle, principal analyst with The Enderle Group, noted the high number of reports, particularly with publications and websites that focus on IT professions, about cyber risks and the widely held belief that attacks that reported cyberattckes are only a fraction of those that actually occur.“This makes having some form of insurance protection critical to people being able to sleep at night knowing they are less likely to be held accountable for an expensive breach – often ransomware – that could be career-limiting without some kind of insurance limiting the financial damage to something far easier to keep quiet,” Enderle told MSSP Alert.MSPs haven’t always been so involved, he said, noting that the ecosystem is now changing as the “insurance problem moves from a people issue – folks that understand how to do this – to a systems issue, where the system both reduces the threats and helps with the insurance selection and surrounding processes that assure the insurance will pay out, if needed, by avoiding problems that could have the insurance company declining coverage.”“MSPs and MSSPs move between companies and can often contain the experiences of their clients, thus, when a problem does result, they are more likely to have experienced it someplace else and be better prepared to prevent, mitigate, or help recover from it if the related services and capabilities are mature,” the analyst said.

Benefits to MSSPs and MSPs

In a similar move, Sophos’ partnership with Capsule dovetails with such efforts. There are a number of benefits, including discounts for organizations using Sophos products and services, a streamlined application process that could mean getting quotes within minutes, and early indicative pricing for transparency.The coverage includes financial protection against breaches, crisis support, and customer care services and pre-approved use of incident response services from Sophos in the wake of a cyber incident.For MSPs and MSSPs, such programs mean greater protections they can offer clients.In October 2024, Stellar Cyber launched its own program, called RiskShield, which according to Steve Garrison, senior vice president of marketing for the cybersecurity firm, “empowers MSSPs to bridge the gap between cybersecurity and cyber insurance, acting as cyber coaches to help customers meet insurance requirements.”“This creates new revenue streams, stronger client relationships, and a competitive edge while simplifying the insurance process,” Garrison wrote in a blog post in February.For MSSPs and MSPs, partnering with an insurance broker, at least initially, can help transfer the related learnings between the service provider and broker, also the MSP and MSSP to get up to speed more quickly, Enderle said, adding that it is particularly true of MSSPs, given their security focus. 

MDR Services a Differentiator

A study in February by Sophos examined how the use of cyber controls financially affects companies and the value of insurance claims.“Reducing the value of cyber insurance claims is to everyone’s advantage,” the security vendor wrote at the time. “For clients, lower claims demonstrate improved cyber resilience while insurers benefit from lower payouts. It also creates a virtuous circle: If insurers are spending less covering claims, they are able to drop premiums, delivering further advantage to clients.”The use of MDR services and EDR and extended detection and response (XDR) tools showed a significant benefit, according to the study. Sophos found that businesses using MDR service claim 97.5% less – $75,000 vs. $3 million – than those that rely solely endpoint protection.Those using EDR and XDR solutions claim a sixth – about $500,000 – that those only with endpoint protection.In addition, 47% of organizations using MDR service fully recover from a breach within a compared; only 18% of those with only endpoint protection can do so, while that number is 27% with EDR and XDR solutions.