ePlus, a Herndon, Virginia-based IT consulting solutions provider, has launched a suite of five cybersecurity-related services designed to help organizations meet tightening cyber liability insurance standards and prevent cyber incidents.
Helping companies to improve their cybersecurity profile can advance their chances to obtain cyber insurance and avoid higher premiums, ePlus figures. Its new offerings range from managed security services to ransomware preparedness and others to help round out an organization's overall cyber configuration.
ePlus cyber services include:
- Managed security services: Ensures continuous monitoring and security operations for organizations with managed detection and response, automated security operations, log aggregation, correlation and compliance.
- Cyber insurance consulting: Helps evaluate mandates from cyber insurers and guides organizations toward security frameworks expected by providers of cyber liability insurance.
- Ransomware preparedness assessment: Helps ensure an organization is able handle a potential ransomware event from a technical perspective.
- Incident response services: Assists in defining business processes and minimizing potential exposure in the event of an incident. ePlus offers both real-time point engagements and retainer-based services to facilitate priority, rapid response.
- Cloud managed backup: Fully manages the backup and recovery environment along with regular testing so organizations can more quickly recover when disaster strikes.
Cyber Insurance: Stiff Requirements
Insurance brokers have raised the bar for eligibility to obtain cyber coverage, said Lee Waskevich, ePlus security solutions vice president. Insurers are closely examining an organization's ability to prepare for a potential cyber attack, overall security posture, incident response and recovery capabilities, he said. Focusing on improving those areas could be the difference between coverage or no coverage or cost of premiums, Waskevich said.
"The suite of ePlus Cyber Services are architected with these higher standards in mind, helping organizations to remedy gaps and address market concerns that raise the bar on their overall security posture,” he said. “These efforts leave them better prepared to defend against attacks and put them in a stronger position to qualify for insurance coverage."
In mid-August, Wisconsin became the latest state to codify a set of cybersecurity regulations that requires insurance companies to develop policies to protect the personal data and privacy of individuals. The law formalizes the state’s adoption of The National Association of Insurance Commissioner (NAIC)’s model data security law and the associated cybersecurity framework.
With some exceptions, the Wisconsin law will require anybody licensed by the state’s Office of the Commissioner of Insurance to develop an information security program that protects its systems and data.
MSSPs and the Insurance Industry
MSSPs working in the insurance vertical should take particular note of the NAIC model in Wisconsin and other states that have adopted the standard. Those states include recent adopters Iowa, Maine and North Dakota along with Alabama, Connecticut, Delaware, Louisiana, Michigan, Mississippi, New Hampshire, Ohio, South Carolina and Virginia. MSSPs will also want to monitor cybersecurity in states that have yet to pass similar laws, including Hawaii, Idaho, Illinois, Iowa, Minnesota and Rhode Island, which have similar bills pending.
Amid rising cyber threats and high demand for cyber insurance, premium prices can be a major issue for MSSPs and MSPs. However, according to a recent study by AdvisorSmith, an insurance research firm, U.S. cyber insurance costs overall fell one percent year over year between 2019 and 2020. But the cost savings may not extend to MSSPs and MSPs. Insurers, influenced by a series of damaging cyber supply attacks that targeted service providers, have not followed suit with lower premium prices for service providers, according to some research studies.