When a vendor fills a gap in cyber, they deserve to be heard. I sat down with Nick Wolf of Cork to discuss the cyber insurance industry and the space they fill. I'd say Cork is to cyber insurance like Aflac is to Medical insurance. Join Nick and I as we navigate the challenges with questionnaires, insurance questionnaires, and all the crazy around insurance and coverage.
[00:00:00] Welcome to MSP 1337. I'm your host, Chris Johnson, a show dedicated to cybersecurity challenges, solutions, a journey together, not alone.
[00:00:17] Welcome everybody to another episode of MSP 1337. I'm joined this week by Nick Wolfe of Quirk. Nick, welcome to the show.
[00:00:33] Thanks for having me. Pleasure to be here.
[00:00:37] This episode is one of our more unique, as some of you have come to know that when I do an episode that is tied or has a vendor involved, it's usually because it stands out from the crowd.
[00:00:53] We were talking about this before, if we were talking about MFA or least privileged access, there's say 10 or 15 vendors that are playing in the space.
[00:01:01] And today we're talking about sort of the space that Quirk plays in which is very unique because there really aren't a lot of vendors. In fact, I maybe, and you can correct me if I'm wrong, I'm not aware of any vendors besides Quirk that play in the space of, say, gap coverage, which would be similar to like the Aflac is to medical coverage.
[00:01:21] Or maybe a warranty is with regards to car insurance, excess, not a big comparison because usually you have a warranty and your insurance is for when bad things happen like you crash.
[00:01:33] So I want to cover a couple of things that are really important for our audience and one of them is the tricky space that is insurance.
[00:01:43] And I think you mentioned this before we talked on the show and so we'll just start with the first one, you know, talk to me about why it's important to have cybersecurity insurance.
[00:01:52] And then where sort of Quirk plays into that for those that maybe can't afford that premium or how some of those pieces work so that like you said, I thought was a good analogy is, you know, Quirk provides like the check engine light on your dash for a car.
[00:02:07] Obviously, your car insurance probably isn't covering you necessarily for check engine light unless you're still in that warranty period.
[00:02:15] But I guess in your case, you're saying like, hey, like we're that third party warranty. So if the check engine light does come on, you should do something about it because there's coverage.
[00:02:24] Yeah, yeah, yeah, absolutely. So Quirk offers a cyber warranty that MSPs could resell to their end years of customers without needing a brokerage license.
[00:02:35] Quirk is could be an alternative to cyber insurance, but ideally this is going to be supplemental coverage to cyber insurance because every small business out there should have cyber insurance.
[00:02:48] Absolutely period end of discussion.
[00:02:50] Right, we're not proposing you don't, but unfortunately that's where you were going when I was going, go ahead.
[00:02:56] Yeah, unfortunately though about a third of small businesses are actually denied cyber insurance coverage. They can't they can't even qualify for that.
[00:03:05] And about a third of those that do have some form of cyber insurance ultimately ends up getting those claims to die, which is kind of lousy.
[00:03:15] Cyber insurance is a great, great start for any organization. But we've also seen things like high deductibles with cyber insurance and insurance premiums increasing year over year.
[00:03:27] You also see the categories that get broken down and suddenly you only have coverage for $50,000 in PR, $100,000 in whatever the category might be like, yay. So I have this great $2 million policy and I only get to use 100 grand of it.
[00:03:41] Yeah, yeah. And and I'm not sure if you ever been through a cyber security insurance questionnaire. They're getting longer, they're getting more complex 10 years ago.
[00:03:51] Yeah, 10 years ago it was, do you have antivirus? All right, check that box. Great. You qualify for it now. It's, you have ERMDR XDR and MFA.
[00:04:02] And if a, if a train is leaving Chicago at two miles an hour and it's trying to meet up with the train in New York at 50 miles an hour, when do they meet?
[00:04:11] Like some of these questionnaires are so complex to, to fill out. It takes MSPs a lot of time and it sort of put MSPs in an awkward spot with cyber insurance because they're not the ones that are reselling insurance.
[00:04:25] And in most cases it because you need a brokerage license to do that. In most cases, it's the end user customer that's stealing directly with the insurance provider or broker.
[00:04:35] But the MSP is involved to some extent filling out or helping those clients fill out those cyber security questionnaire forms.
[00:04:43] But where's the MSP making money during that process? You know, typically they're helping out their clients. They're trying to be a nice guy and they might be filling out those cyber security questionnaires pro bono but they're not actually making any money.
[00:04:55] That sort of where a cyber warranty comes into place at least the one with cork is this is now a new revenue stream for MSPs because they could still provide financial coverage to their clients just like a cyber insurance would.
[00:05:08] But this is something they can now resell to their customers at a fraction of the cost of cyber insurance. So really opening it up for those SMBs that might not have been able to qualify for cyber insurance or just place or afford it.
[00:05:22] So let me ask a little question because I can see another side of this coin where it's like maybe I require or maybe it's included in what I position with my clients because now when something does happen, I have some financial you know recourse for covering us to help get them back online where they may like.
[00:05:44] Like like clients saying like yeah we don't have the budget for you know 11 new workstations that are totally host and wait for forensics to do their investigation.
[00:05:53] You're like well that's going to be a problem because we're not going to just go and buy you 10 computers and hope that you someday have the money to pay us.
[00:06:02] But the flip side of that if you have something like say cork in place then in theory, you could leverage that to pay for that or is it more of like it's there the client has this policy not the MSP has the policy granted the MSP can sell it but I mean how does that work.
[00:06:17] Yeah yeah so we want to remove the liability from the MSP so the MSP is the one that's going to be reselling it but the liability is going to be on the end users shoulders so our agreement is with the end user directly but again we're not selling to the end user because we're.
[00:06:32] The company we're only facilitating it through the MSPs so does the client see the dashboard like does does a client acme corporations see that the check engine lights on and they're like hey Mr MSP I've got a check engine light on.
[00:06:47] They could if they want to but most of the time it's the MSP that's going to be monitoring it for them because what we're doing having an inside out approaches we're integrating with the API tools from the MSP cyber tech stack and we're we try to be vendor agnostic.
[00:07:01] So we don't care if you're using ninja RMM or dad or remember Kaseya or if it's hunter CDR sent no one like we really integrate with all the providers of an MSPs cyber tech stack and that's where we're able to alert the MSPs if.
[00:07:14] Hey when we sold you the warranty sent no one was turned on and for some reason sent no one just got turned off right now you're now in a lot of coverage you want to turn sent no one back on that way if there's an attack we could still pay you so it's designed to be more proactive here that way we can pay out the clients
[00:07:30] in real time without any sort of lengthy audit period because that's another thing that we've noticed with cyber insurance is that you know typically end users might have to wait several weeks or several months to settle claim and get that financial payout.
[00:07:43] Whereas with a warranty were able to position it where we could pay out the client in a matter of hours.
[00:07:48] Gotcha so in the event that you catch my Sentinel or fill in the blank.
[00:07:55] XTR because we use a lot of letters a little bit ago so my XTR has just gone offline and that gets flagged by cork and you're letting me know and I go to investigate and I discover that none of my devices have it anymore and they all have gone offline because they've all just been hit with ransomware.
[00:08:14] How does that work because technically it caught in the dashboard sent no longer here I'm no longer actively covered.
[00:08:24] Yeah yeah great question so we do all for a protective gap period so once we alert you we have you have 48 hours as the MSP to remediate that gap before there's a lapse of coverage but if it's within that 48 hour period you're still going to get covered by cork because that's a real cyber incident that's happening.
[00:08:43] It's cyber right it's not going to take 48 hours if they're being hit right like it's yeah got it so so along the same lines you know we've kind of talked through you know work works that's an equation and some of the challenges I think we should spend some more time on the challenges that not just MSPs are facing but clients as a whole when it comes to.
[00:09:03] Understanding coverage like you know you mentioned the questioners are getting longer and longer and the questions themselves in some cases aren't necessarily very clear you know do you have MFA turned on and obviously that's a it's written as a yes no question and yet when you look closely at it's like across all systems is what it's implying and oh by the way these four safeguards and whatever framework it is are implied that you've satisfied as well.
[00:09:29] Are you seeing the ability to like help MSPs and their clients navigate this space because obviously you said this at the beginning you know the goal here isn't to be like hey instead of getting insurance use us because we know and you said this like I think it's like.
[00:09:44] You know to be able to cover your deductibles a big deal especially on larger and larger claims you know the deductibles keep going up and i don't foresee them going back down do you have a path or strategy around how to help clients and their MSP are if they are.
[00:09:59] They are the MSP and helping their clients with regards to like hey what would you answer in the questionnaire like what are the things because I see where this goes I see an insurance company saying if you don't have court installed on your system then we don't pay out claims.
[00:10:16] Yeah yeah so so we've seen plenty of cyber insurance question ears and all cyber insurance question ears are different but we've seen that in general they're very vague and there's a purpose because again at the end of the day they don't want to pay out the claims right like that that that's their business well they also don't want to not.
[00:10:33] So policy yeah yeah so so that's where it gets tricky I would say what I will say is this what makes work unique and the reason why we don't send out a 50 page security question or anything complex like that is we don't really need to ask those questions because we know the answers begin with.
[00:10:54] And you did it once we install the agent we're going to start seeing the truth yeah well it with us there's not even an agent that needs to be done it's all done through the API keys of an MSP's text act so I don't have to go to the client and go do you have a D.R. check that box do you have MFA check that box because I'm tying into the MFA the MFA API whether it's duo or someone else I'm tying into the API sent no one or what insert you know.
[00:11:23] So you're essentially like another user profile if you will API inside like my 365 or exactly I don't have to ask you if you have EDR turned on because me as your warranty provider I know that EDR is turned on I see it over there but what I could do is I could also alert the MSP to potential gaps.
[00:11:43] Hey client XYZ has 55 endpoints of ninja RMM installed but only 48 of those endpoints have have a bit defender turned on for EDR what happened to those other seven endpoints you might have forgot to do it forgot to install MSPs have told us like wow yeah you're right I forgot to install it there.
[00:12:03] So even even in the not so negative space of like also the opportunity of like guess we are paying for licenses or not paying for licenses on endpoints that we're not leveraging the product.
[00:12:15] Yeah yeah it's crazy what our warranty platform has visibility into like the other day when the connect voice screen connect had that issue we were able to easily find out hey there's a couple of endpoints on your infrastructure that have the old version of screen connect you want to get that patch you want to get that face right
[00:12:32] and I mean speaking of screen connect I mean it's you know the week I don't even know like where this came out four days ago five days ago like that it was something like an all of a sudden we're not just seeing like how big a deal this is like we saw the stuff out from
[00:12:46] from Huntress and also from Connect wise then of course you know I don't want to say they're late to the party but then leaping computer had a you know great article right up on it and all the things that you need to do what I found most interesting was that
[00:12:59] the thousands of endpoints that are still impacted are largely tied to servers that are not part of the cloud stack it's that the legacy and I feel like we've heard this before like a pattern of like hey you're still writing your server on your on prem environment.
[00:13:15] Do you guys see challenges there with infrastructure that you know quite honestly the vendors have moved away from really being pushing you know hey if you want our services you have two options cloud or on prem it's really anymore it's like we have the cloud version
[00:13:31] the only ones running the on-prem edition are the ones that came in you know they're like legacy clients right you see a lot of that.
[00:13:38] We do legacy is the key word so like for example when we're reaching out to our cork MSP saying hey make sure you patch your your screen connect we're seeing some issues on the corkside of things we had some MSP's going oh no need no need I've never sold screen connect to my client well turns out that this client in particular had a previous MSP in that previous MSP you screen connect and it was still installed on a couple of those endpoints.
[00:14:04] Man I wonder never heard that before ever like what do you mean there's three different RMM tools on the client endpoint that are not tied to the current MSP yeah that never happens.
[00:14:15] So so obviously you guys are growing really fast do you have goals to to see cork in in other spaces besides where you're at today I mean I can see a lot of things that could be a value with it with a tool or a resource like that is giving me visibility into what is or isn't happening in an environment.
[00:14:33] Yeah so again we're always going to be a channel focused company I mean heck even our founders lost them accord the same guy who found data so like we were built around MSPs from day one and that's our model and we see ourselves working more closely to other MSP vendors in the space last year.
[00:14:53] We announced a strategic partnership with Barracuda Networks so you can get cork through Barracuda. Earlier this year we announced a partnership with Lion Guard and there might be some other announcements coming soon in the pipeline as well.
[00:15:05] So really your goal is to increase not necessarily the products that you have visibility to that's kind of a byproduct of what you're doing but really to make it that it's an easy path to get to cork through whatever venue you might already.
[00:15:20] Exactly we want to make it as easy as possible for an MSP to buy cork regardless of what tech stack they use if you're sure job great a data shop fine Barracuda shop fine because when a lot of MSPs are doing is you know in PCH technologies or buddy Tim in New Jersey the way that he's positioning it to his clients of his MSP is he's actually bundling it in with his tech stack right.
[00:15:44] I kind of wondered about doing that myself and I'm not an MSP yeah I am so confident in the tech stack that I've designed for you Mr. customer that I'm going to back by a $500,000 warranty.
[00:15:55] So it creates more stickiness there that way that way clients don't nitpick and go well you're recommending set no one but I like my or bites you're recommending duo and I like octa it's hey this is the tech stack this is what my team knows and I'm so confident in it I'm giving you a $500,000.
[00:16:13] Cyber warranty partner in my cork if you go with this tech stack so you see a lot of MSPs in this space where they have you know 10 or 15 clients that are say their elite clients they have everything that we could ever want to put on our environment.
[00:16:28] But then you have other clients may you inherit them and you realize like hey we're not going to suddenly swap out the sonic wall for the watch guard or fill in the blank.
[00:16:35] Sentinel one versus malware bites or whatever it might be do you have a way for MSPs to navigate and sort of capture like KB's 10 clients have this tech stack so you could also then see the flip side of the anomaly like what you were describing of like hey look we have an RMM tool they just showed up on an end point.
[00:16:53] Do you want to do something about that yeah taking take down yeah so within our within our warranty platform we integrate with a variety of APIs and again we're vendor agnostic so you're going to be able to see that all right.
[00:17:07] You have five different end users and they're using ninja RMM you have 12 different end users and they're using data RMM this end user over here might be using big defender this end user over here might be using malware bites or sent to one and that's totally fine by us.
[00:17:23] Yeah totally vendor agnostic regardless because with us what's important to us in order to get you know got proactive monitoring and instantly qualify for a cyber warranty you need have EDR you need to have MFA you need to have some form of backup.
[00:17:38] Sure I don't care if it's that will back up I don't care if it's being you know we just need some form of backup and that's why we want to tie into as many tools as possible in the MSP along along those lines if I were to leverage something like cork.
[00:17:51] So there's then say some we'll say check boxes there's a list of technology that I need to be able to get reflected back into a cork dashboard to be considered for coverage.
[00:18:04] Correct the reason why we don't have to send you out of 50 page cyber security question here is we're integrating with the tech stack now asterisk there yeah there are some minimums right you need to have RMM if if an MSP is not having an RMM on the client site there's no visibility.
[00:18:20] Like that's a deal breaker well because you're not going to see anything right that's one of the few do you have more than one then so I can be the RMM it could be like these are the list of APIs we can tie into we don't need to tie into all of them we just need to tie into one that's actually on the end exactly that type some sort of heartbeat there so needs to have some layer of RMM some layer of EDR slash anti virus now again.
[00:18:45] You know web is fine we work web root some people say web roots and anti virus some people say web roots in EDR but some sort of EDR MDR XDR anti virus whatever you want to call it.
[00:18:55] Yeah if you if you've heard it on an radio that counts yeah we need some form of MFA and we need some form of backup so as long as you have those four things you know that's really it I'm not sending you a 50 page explain you know question your saying well you know this that the other.
[00:19:16] So do you have so what's your like aha moment like with you have an msp like I like the story you gave me of the one that saying hey we're backing this by do you have any other anecdotal evidence like that to share with the audience on the why this this is so unique and so different to help them yeah I'm the fence man don't normally do this but like hey it's not very often we have someone that's like uniquely their own.
[00:19:42] Yeah so I tell you story yeah I'll tell your story of an msp I was working with last week here's a neat little aha moment so an msp they help their client out with cybersecurity insurance question ears you know it's it's something that they do for free because it's a long customer which is fine.
[00:19:59] Customer had a two million dollars cyber insurance policy today and it was I believe it was around a five thousand dollar deductible to activate that two million dollar cyber insurance cyber insurance policy.
[00:20:14] Now the client was pushing back why do I need more tea I already have two million dollars worth of coverage that's more than enough well what the msp was able to do is during the renewal their cyber insurance keep it at two million dollar policy let's upgrade the deductible.
[00:20:28] Upgrade the deductible from a five thousand dollar deductible to say a twenty five thousand or fifty thousand dollar deductible okay the annual savings that that end user customer now has on their cyber insurance was a couple thousand dollars in premium savings that more than paid for the cyber warranty.
[00:20:45] So now the cyber warranty is paying out that cyber that cyber insurance.
[00:20:50] If there's a if there's a breach the msp is now making money because they resold that warranty so the msp is happy and the customer is happy because they just saved a couple thousand dollars a year now I think that's a great example of for msp is regardless of whether or not you find the need to position cork and that is if you're not having conversations with your clients about the question is that they're filling out then you're not part of the conversation when they make the money.
[00:21:15] So we're going to make decisions that could end up booting you out.
[00:21:20] Well we've got a little bit of time left what are some of the shows that you're going to be at here in the coming months that solution providers can check you out at yeah so we're going to the
[00:21:31] bunch of the ASCII shows it's a fantastic community job being coastamans of California next month for the ASCII or next week rather for the ASCII right yeah yeah we're also going to have a big booth that
[00:21:44] right of boom in Las Vegas which is an early March which is fantastic and then you'll see us most likely around say connect in April itenation secure in June so yeah we're going to be we're going to be on the road nice nice all right well hey I don't
[00:22:02] don't I don't know if there's anything last things that you want to say this has been this has been excellent I love being able to talk about insurance and not being so like doom and gloom like you know like hey there's there's ways to do this and and to help clients and navigate a really uncertain area of their businesses because no one wants
[00:22:19] to pay for insurance no one wants to have to have insurance we've all accepted it pretty soon cyber insurance is going to be a lot like car insurance you have to have it to operate
[00:22:28] and I think what you're describing really helps sort of solidify that that doesn't have to be as bad as it sounds because we I mean no one says like hey I don't like a flag or I don't like gap coverage everybody wants to be covered right so yeah so what last yeah last any last last bits to share before we wrap this up
[00:22:48] no again at the end of the day an SMB should have both cyber insurance and cyber warranty ideally if they don't have either and they can only afford one I think cyber warranty is the way to go because it's easier to get coverage starts within minutes
[00:23:03] and the payout can happen in a matter of hours as opposed to having to wait a long time well I think you also add to the equation with that or you know if someone really can't afford cyber insurance today or
[00:23:14] they're not are there being denied coverage which you we talked about earlier it's an opportunity for them to start on this visualization of like the things that they need to have in place
[00:23:23] so that in the future they will be more likely to get a positive reception for cyber security insurance absolutely well Nick I appreciate your time I appreciate you being on the show for those you listening this has been an
[00:23:34] episode of 1337 thanks and have a great week