RapidFire Tools – known for its security and regulatory software -- has created what it says is a unique watchdog for cyber insurance customers that ensures they are in compliance with their policy before the worst happens.
“More and more customers are purchasing cyber liability policies and they’ve been reading the press of late that there’s been a lot of controversy in this because its kind of new and there’s unsettled law with it,” Michael Mittel, president and GM of RapidFire Tools told CRN USA. “The problem is, when the claim is made, or there’s a breach and the claim is made, unless you’ve complied with the policy the insurance adjuster or the claims processor might dispute the claim. In fact, they have.”
Mittel said Audit Guru for Cyber Insurance ensures the insurance policy application questions are answered correctly, and provides ongoing reporting so that in the event of a breach, all the documentation is on-hand to show the customer “used due care in hardening their network.”
“It means looking at the insurance policies and understanding what’s required under them,” he said. “So we’ve taken our experience in these other compliance areas and applied it to the insurance area, producing a risk analysis, policy and procedures doc and supporting evidence of compliance so that in the event of a claim, the documentation is already there to provide to the claims adjuster.”
Additionally, he said the tool will also alert MSPs to areas inside the network that need to be addressed to fix compliance issues. Mittel said RapidFire built the tool using the requirements taken from the leading cyber insurance policies as well as the applications for that insurance.
“We’ve looked at the five or six major insurers,” Mittel said. “We not only have the policies and have geared our reports to address the issues that are related in the policy documents, but we also found the applications that the customer must fill out to underwrite the policy initially and what we do is compare the accuracy of the information submitted in that policy to the automated information we collect across the network to make sure its accurate.”
One MSP — who asked not to be named because he is a RapidFire customer — praised the company’s products, however he said he has yet to hear of a cyber insurance claim being denied. He acknowledged however that as attacks grow in numbers, insurance companies could start limiting payouts.
“Insurance companies are experts at finding exclusions on how not to pay you. The thing is, it’s not technical things. Yes, I would imagine, coming down the pike, you would hear about them starting to limit their losses by excluding payouts on things. I’ve not heard of it yet,” he said. “I haven’t heard anyone in MSP circles say, ‘My client was denied coverage.’ Most of what I hear are people missing coverage, like third-party exclusions.”
And after reviewing his own cyber insurance policy with Chubb he said the terms are straightforward enough that he would not use the Audit Guru for Cyber Insurance.
“I get this all the time from my customers. I get a call saying, ‘My agent said I need cyber liability, can you help me fill the application out?’ “ he said. “They’ll ask ‘Do you have anti-virus software? Yes. Do you have a firewall? Yes. These are basic questions. They’re not asking, ‘Are you running a next-gen unified threat management platform?’ Then an underwriter approves you and you’re insured. Short of doing something negligent, you’re insured.”
RapidFire was acquired by Miami-based Kaseya last year, however Mittel said the Audit Guru for Cyber Insurance runs on competing IT service management platforms. He said there is also a reselling opportunity for MSPs to sell the product into larger companies with internal IT departments.
“I definitely think there’s a resale opportunity here and we’ve structured the product to be resold through the MSP to larger organisations that have their own IT departments,” he said. “We are not the IT department. We don’t automatically fix problems. These are things that require the MSP, as a trusted IT adviser, to the small and midsize company that they support, or the company has its own internal IT support crew in which case the MSP could act as a VAR or reseller into that SMB space.”