Software patching dramatically improves a company’s security posture. Most of the publicized breaches in recent years, and even the unpublicized ones, have their roots in hackers exploiting an unpatched system. All the cyber insurance policies I have seen have stipulations that the insured must comply with in order to be eligible for the insurance. Those stipulations make sense because they are just plain good security practices that dramatically reduce risk for the insurer. No insurer wants to take on the risk of a blatantly irresponsible network owner.
That premise brings us to the insurance bundled into Patchworx. Our underwriter has a belief that clients of MSPs are inherently better managed and safer than clients without MSPs. I certainly agree. The operational maturity we bring to software patching with Patchworx is unparalleled when compared with what even the best internal IT operations are doing. I have seen some very good internal operations, but the reality is that most companies just don’t have good patching practices in place, and that is understandable. On the surface, software patching sounds easy enough. However, to do it every month on production systems and then verify the systems are back in service in a timely manner–as a task usually done in narrow time windows after hours–is actually a very difficult task. Add in accurate inventorying and reporting that satisfies managers and regulators, and now patching is downright daunting.
Patching is a task most IT personnel don’t look forward to doing. They view it as tedious and risky. No one gets kudos from management for patching, but they sure do get yelled at if it goes wrong. Management is always pressuring IT to deliver on projects that advance the company’s competitiveness in this era of non-stop business by Internet. Patching therefore becomes a side task, a diversion from the edicts issued by management. It therefore puts the company at great risk when there are not reliable, accurate and regular patching practices executed each month. It’s no wonder patching is a mess and deferred almost everywhere.
So back to Patchworx cyber breach insurance….
Why bundle cyber breach insurance with Patchworx? Well, it is simple. It adds a lot of value and peace of mind. IT professionals get a huge sense of relief in their jobs when they know Patchworx is getting the job done every month. Add in breach insurance in case something should happen, and now everyone feels great because the risk is spread to other people. If something does happen, it is good to know that someone has your back regarding cyber forensics, cyber legal representations, public relations response, breach notification, credit monitoring and more. Let’s take a look at what you get with Patchworx’s cyber breach insurance:
- $250,000 coverage
- It will cover you for nearly any breach occurrence, not just those caused by a patching problem. For example, if you have a business email compromise, this insurance will cover you for that, too.
- $250,000 will cover a lot of breaches, especially for smaller firms. For larger firms, the $250k is gap insurance that will cover the deductible on most cyber insurance plans for larger firms.
- Cyber forensics – Hire the experts to figure out the extent of the breach. At first, most people are resistant to knowing the extent and cause of the breach, but actually this is quite important. Why? Because oftentimes breaches are limited in scope and you need to know if that is the case. There is no need to report to customers and regulators, and pay for credit monitoring for people who were never part of the actual breach. Patchworx cyber breach insurance gets you those forensic experts.
- Legal representation – This is the most overlooked and misunderstood component of a significant breach response. A good lawyer will make or break how people, regulators, opposing lawyers, and the press view a breach. Having a good lawyer in your corner with actual cyber breach experience is worth every dollar, in this case paid for by the insurance. Patchworx cyber breach insurance gets you that lawyer.
- Public relations – Having a good cyber experienced PR firm to manage communications with clients, the press, and the regulators is also essential. Patchworx cyber breach insurance gets you that resource.
- Paying for ransomware demands or paying back money paid out through extortion or business email compromise is also covered by Patchworx cyber breach insurance. Limits do apply, but most of the requested amounts are covered.
- Credit monitoring – If a breach does occur and credit monitoring for those affected is required, then having cyber breach insurance can be a huge relief. Credit monitoring is expensive, so having to pay for that can cost a fortune. Patchworx cyber breach insurance pays for that service.
- Dark web monitoring is included with the service. Monitoring the dark web for information that can potentially signal vulnerability before breaches is vital, but it becomes even more vital after a breach.
- *Of course we have to have the asterisk because this insurance, like all insurance, has many specific terms, conditions and limitations; but overall, it is a pretty effective solution.