Small- and medium-sized businesses struggling to qualify for cyber insurance or find a reasonable insurance quote may be able to fast-track their way to coverage by contracting with a growing number of cloud-based services that have entered into partnerships with prominent insurance companies.
At a time when ransomware attacks are ravaging smaller businesses, sometimes beyond the point of recovery, these partnerships are designed to be win-win: SMBs are incentivized to pay for these risk-reducing cloud-based services, knowing that a key perk is insurance eligibility that otherwise may be out of reach.
Among the latest examples of these offerings is the recently launched AWS Cyber Insurance Competency program from Amazon. As of late November 2023, Amazon Web Services customers hoping for insurance coverage can use this program to expedite the process, receiving an estimate within two business days.
That’s important to SMBs, which often find themselves in over their heads when dealing with cyber insurance, especially as the criteria for coverage gets increasingly stringent. If an assessment turns up even one oversight or source of exposure – like failure to patch a known vulnerability in a timely manner or existence of outdated legacy systems – that’s potentially all it takes for an insurance company to reject the application.
And it’s not just maintaining an acceptable security posture that’s challenging. The attestation process that determines eligibility can be overwhelming.
But by relying on a cloud partner, SMB can leverage a third-party architecture, framework and series of controls that have already passed muster with the insurance companies. As Amazon explained in its own product announcement, the company’s various insurance partners worked with AWS to “digitally transform their assessment and onboarding process” to facilitate the process for cloud customers – rewarding them for “following AWS best practices; similar to ‘safe-driver’ discounts.”
And it’s not as if AWS is the only major cloud player to get into the insurance game. Microsoft and Google have also worked directly with insurance companies to provide affordable cyber insurance coverage to their cloud clients. Conversely, insurance companies can leverage these partnerships to offer their own clients complimentary migrations to cloud companies’ services, thus helping policyholders become more secure.
For that matter, cloud partnerships are not the only third-party strategy through which SMBs can become insured. Alternatively, they can seek help via a managed security services provider relationship, whereby the MSSP helps their clients qualify for and obtain cyber insurance coverage by ensuring the company’s cyber posture meets or exceeds an acceptable threshold.
Whether SMBs use a cloud partner or a managed services provider, having a trustworthy and reputable third-party partner helps remove much of the burden off of the smaller company’s shoulders, allowing their modest-sized IT staff members to fully concentrate on their core competencies.
