MSPs: Educating your clients on potential cyber insurance gaps

IMPORTANT: you are not licensed, so be extremely careful. Do not talk about dollar limits, pricing, or about a specific policy. Think of it this way - you are talking about the same concerns you would typically have for cybersecurity and disaster recovery, and the client needs to check with their agent that they are fully covered.

A common issue that our MSP partners bring up is that their clients are buying the cheapest policy possible, sometimes spending a few hundred dollars per year instead of the few thousand they should be spending. That results in major coverage gaps, a few of the common ones we see:

• Endorsements are an add-on/bolt-on to another policy. Many general liability, professional liability, and business owner policies (BOPs) offer a cyber endorsement. These typically have major restrictions and limits. One example is restrictions on digital forensics and incident response (DFIR). Tiny limits of certain situations are excluded such as forensics or legal counsel.

• Pay on behalf of: in 2026, many cheaper policies will require the client to front the expenses for a claim, and insurance will reimburse them. This can be an enormous expense, especially for smaller businesses, and can also leave them holding the bag if an expense is denied by the carrier claims team.

• System failure: the Crowdstrike incident was a stark reminder that cybersecurity tech can still cause outages without a malicious attack. System failure is a coverage for these types of events where there was no malicious intent.

• Third party providers: what if a datacenter or SaaS provider results in an outage? Some policies will only cover outages that occur on the policyholder’s internal systems.

• Cyber crime - funds owed to the policyholder: if a company is due to pay the policyholder, and gets phished or otherwise impacted, will the policy cover that? This is a very high end coverage but is becoming standard on the best policies.