One of the largest – if not the largest – ransomware events in history took place over the U.S. Independence Day long weekend. A recap:
- Kaseya, a company that provides remote monitoring and management software, was breached- resulting in their clients and their clients’ clients being hit with ransomware.
- 1500+ companies impacted, ranging from small family run businesses to large national chains.
- Over 1 million devices affected.
- Initial ransom demand of $70M USD to decrypt everyone. Lowered to $50M USD at the time of this writing.
The numbers are staggering.
It seems like everyone is talking and speculating about this event. But I have yet to see a single discussion on the future real-world impact to cyber security services and all businesses.
One word: Insurance.
Just like the snow removal industry underwent a fundamental shift a few years ago when lawsuits from slip-and-fall insurance claims increased dramatically, resulting in astronomical insurance increases for companies that provide snow management. After speaking with a cyber insurance industry expert this week, I expect managed security service providers (MSSPs), as well as managed IT service providers (MSPs), to shift in a similar way.
The shift in insurance for the snow removal business resulted in many small snow plowing companies shutting down or leaving the industry. It used to be that anyone with a pickup truck could install a plow and be in business – and many people made a little extra side money doing just that.
Not anymore. Businesses can no longer take on the risk of using a snow removal company that doesn’t have adequate insurance to cover a slip-and-fall lawsuit. And small snow removal operators can no longer afford adequate insurance. Well-established larger players are the only ones who can afford it.
With this high-priced insurance comes significant additional cost for the operators. Which means that for every business needing snow removal, prices increased substantially.
Birmingham Consulting and our clients were NOT impacted by the Kaseya breach. However, we’ve already been informed by our insurance provider that it will be much more difficult for us to obtain insurance and the cost will increase dramatically.
Sound familiar?
Will smaller MSSPs and MSPs be able to afford adequate cyber insurance? Probably not. Businesses who depend on these types of service providers will no longer be able to take on the risk of an inadequately insured service provider – their own insurance companies will insist on it.
What does this mean in the industry? Here are my predictions:
- Small and/or financially unstable providers will be forced out of the market by increased liability and associated insurance costs.
- Insurance companies will force their businesses clients who rely on MSSPs and MSPs to only partner with companies having adequate insurance.
- Costs are going to increase for everyone. Substantially.
Every business needs to prepare for this changing environment.
