Today, the double-edged sword called cyber insurance is both a must-have and a safeguard that’s increasingly difficult to acquire and afford. 

In 2022, cyber insurance coverage is more elusive for companies than it was in 2021 and chances are strong that that trend will continue. Why is it so scarce and costly? The explosion of ransomware and cyber-attacks means that cyber insurance has simply become a less enticing area of business. 

This makes it even more critical for both IT Security MSPs (Managed Service Providers) and their customers to adopt recognised security standards and then adapt them to changes in the cyber threat landscape. 

Although a great many MSPs are less adept at securing cloud IT compared to traditional on-premises applications and systems, the scope of protection that clients and cyber insurers see simply can’t end at the office door; it must extend across all applications, internal or external, on-prem or cloud. Only that degree of comprehensiveness will give Insurers the necessary confidence to underwrite cyber risk at affordable premiums. 

So how can proactive IT Security MSPs take charge of their customers’ cyber security in ways that optimise protection and greatly improve their standing in the eyes of stringent cyber insurers? Here’s a five-step plan. 

Step 1. Conduct a comprehensive SaaS discovery app audit  

You can’t secure what you can’t see. SaaS proliferation has given rise to risky Shadow IT, the unauthorized apps that employees and departments often add on their own, opening additional doors for cybercriminals. Fortunately, there are auditing tools gives you full visibility into the SaaS apps in a customer’s ecosystem, supplying the insight required to address Shadow IT and improve the overall security posture that cyber insurers evaluate. 

Step 2. Leverage global security threat reports to identify and highlight active risk. 

These days, a mainstay platform like Microsoft 365 has millions of fraudulent sign-in attempts happening each day—but how do we gain visibility into these and other threats on a continuous basis? Ensure that your MSP supplies threat reports that can give you an immediate picture of active risks, offering critical insights upon which to improve security policies and posture. 

Step 3. Customize MFA alerts to focus on what matters most. 

Alert fatigue is a significant problem in IT security largely because most alerts are after-the-fact reactions to issues that arise using the widest possible alerting scope. Thankfully Infoprotect have the necessary solutions that are equipped with specialised alerts related to the all-important multi-factor authentication (MFA) security measure.  

Step 4. Configure MFA policies to efficiently secure Microsoft 365 

Multi-factor authentication is the single most important security setting for SaaS software. Traditionally, O365 would require a security admin to click into each security policy and perform a lot of added configuration steps manually. We can eliminate these additional steps with a single, comprehensive view of which MFA policies are enabled. 

Step 5. Document ongoing security improvements to share with customers and insurers. 

While IT Security MSPs often struggle to show the concrete value of their security services to customers, the customer-facing reports feature available from Infoprotect tracks and illustrates exactly how they are protecting the customer’s users and data. The reports also show security score improvements over time, something that both clients and their insurers are highly interested to know about in detail.