Managed Service Providers and SMEs: Regulations and insurance strategies

By 3 March 2024Blog

Managed Service Providers (MSPs) have existed since the early 1990s and their rise has been phenomenal. There are now more than 4,000  in the UK, while the MSP Alliance estimates that there are 150,000 globally.

What is an MSP?                                                               

An MSP is a company that provides outsourced IT services to support a business. It is likely to be responsible for the day-to-day operation, management and maintenance of a business’s IT infrastructure, including hardware, software, the computer network, and cyber security.

Examples of services provided by an MSP

    • Readily accessible technological expertise
    • Real-time IT support to employees
    • Cyber security advice and guidance to improve cyber resilience
    • Implementing the migration of services to the cloud and the associated management of regulation and compliance
    • Help with the wider digital transformation of an organisation
    • The provision of payroll services
    • IT infrastructure management
    • User account administration

Who requires an MSP?

Although the market for MSPs is growing across all business sizes and sectors, the SME sector has seen particular growth in recent years. Compared with banks and other large organisations, SMEs have more limited in-house IT expertise and financial resources. Outsourcing therefore makes better economic sense for this sector and enables companies to focus on other operational needs and scale more easily.

Many SMEs have moved to a cloud environment, or are in the process of moving, and an MSP can help navigate the transition and ensure the smooth running of an SME’s business.

New regulations for MSPs

The government has announced that MSPs will be bought into scope under the Network and Information Systems (NIS) regulations, which were implemented to ensure that a minimum cyber security standard is in place for certain organisations. This currently encompasses Operators of Essential Services (OES) such as energy, transport and water sectors and Digital Service Providers (DSP) such as online search engines.

MSPs are now added to the list in recognition of the significant role they play in helping and protecting businesses, so it is essential that they also have strong cybersecurity measures in place.

What specialist types of insurance should an MSP purchase?

    • Technology errors and omissions

An MSP has a similar risk profile to any other organisation that carries out technology-related services for third parties. With many firms now almost totally reliant on technology the risks to MSP customers are greater than ever.

This form of insurance provides coverage for legal liability where financial loss has arisen from professional services and products delivered to the customer. It includes coverage for damages for claims made by third parties and the legal costs and to defend these actions.

A technology errors and omissions policy is a key way to help manage and mitigate technology risks as part of a company’s overall risk management strategy.

    • Cyber

Like any other business, MSPs are at risk from cyberattacks. They need to protect their own business and are responsible for protecting their clients’ businesses.

Ransomware and phishing are the two main threat vectors that hackers use to gain access to a computer network. As the cyber threat landscape evolves, risk management becomes more challenging. Because MSPs can be indirectly responsible for huge amounts of data, the responsibility for safeguarding it is onerous.

A cyber insurance policy will provide coverage for any unauthorised access to a business’s computer network. The policy allows for defence costs associated with a cyberattack and the financial loss that flows from this. Examples of coverage include data loss, the impact and consequences of a ransomware attack, business interruption, and media liability. Most importantly, the policy provides 24/7 access to an incident response facility, manned by a specialist cyber incident management team.    

The future of MSPs

MSPs will likely continue to provide essential support for many business sectors, and their specialist IT services will be particularly relevant to SMEs. With the growth of AI and quantum computing, MSPs will need the right insurance to adapt to a fast-moving technology environment and the ever-changing cyber risk landscape.

For more information, contact the Elmore Cyber Team.

en_GBEnglish (UK)