Listen to MSP Business School on the Fox and Crow Group Your IT Podcasts Network!
[00:00:03] Welcome to MSP Business School led by our deans of business development, Brian Doyle, Tim McNeil and Rob Rogers
[00:00:10] Each week MSP Business School is committed to delivering you proven strategies, tips and tactics
[00:00:17] for MSPs to accelerate their business growth and revenue through better sales,
[00:00:22] better marketing, and true account management. Classes start now, so let's get started. Let's throw it to the deans.
[00:00:31] Hey everyone, welcome to the latest installment of MSP Business School. I'm your host Brian Doyle and I'm really excited about today's meeting.
[00:00:44] This is something that's been a question, a topic that's been on my mind and certainly I think on the minds of a lot of our listeners as well.
[00:00:52] So I'm pleased to introduce with me today Nick Wolf and Nick Corey from Cork.
[00:00:57] Nick Wolf is the director of partner acquisition and Nick Corey is director of product management.
[00:01:05] And they're going to tell you everything you ever wanted to know about Cork today and how their product works to protect you from cyber security threats.
[00:01:13] So welcome gentlemen, I really appreciate both of you joining me today.
[00:01:17] Thanks for having us on.
[00:01:19] It's great to be here Brian, thank you.
[00:01:20] Awesome. So Nick, Nick Wolf and guys you're going to hear me say a lot of last names today to keep track but Nick Wolf I'd like you to kick off and maybe tell people a little bit about your background and you know where you come from and how you ended up over at Cork.
[00:01:34] Yeah, yeah sure thing.
[00:01:36] So I've been working with MSPs for over 12 years now I started off in the channel as one of the very first employees of Datto, which is a very popular backup and disaster recovery vendor back in 2011.
[00:01:47] Got to work closely with channel legends like Rob Ray as we launched that product into the industry.
[00:01:53] After spending about 10 years at Datto I went on to help found a company called Scout Cyber Security they were an XDR cybersecurity vendor that was later purchased by Barracuda Networks.
[00:02:05] From there I spent some time last year helping out another startup vendor Evo Security they were an identity and access management vendor for MSPs and I'm super excited to be over here at Cork now.
[00:02:17] And selling cyber warranties to MSPs.
[00:02:20] And that is a topic we're definitely going to dive deeper into but I want to make sure Nick, God Corey now gets an opportunity to let us know his backstory.
[00:02:28] Absolutely. So I have a pretty interesting path to get here.
[00:02:33] I've now spent about seven years between businesses focused on cyber risk as well as the MSP space and so joining Cork was a really interesting blend of the two back in 2017.
[00:02:45] I joined a company called Bitsite which is one of the pioneers in enterprise cyber risk management and really focused on trying to measure the security performance of businesses without being terribly intrusive.
[00:02:57] And it was a really rewarding and pretty profound experience professionally and then after Bitsite, I had a number of colleagues that had went and gone to work at Datto leadership positions and I thought I was joining, you know, perhaps a little sleepy back of company but found out that it was this incredible culture and environment.
[00:03:15] And I was in the MSP community underneath that and really spent the next three and a half years there through the acquisition by Kaseya, helping to build the Direct to Cloud backup product line there.
[00:03:27] And growing that and also learning and getting very deeply invested in a lot of the challenges MSPs were experiencing.
[00:03:31] And so when I heard that Cork was emerging, I couldn't help but jump at the opportunity because I could see that the convergence of cyber risk and monitoring in MSPs was a really interesting place to be and a really excellent opportunity to help build value of the channel going forward.
[00:03:49] So you've heard a little bit of a common thread there with the data story we've done to both of your backgrounds. I think it's fair to say for those that don't know Austin McCord, the founder of Datto is one of the partners or founders here within Cork correct.
[00:04:04] That is correct.
[00:04:06] So, you know, Austin built an incredible culture. I'm akin to it only because I'm a Connecticut boy and for a long time Datto was our crown jewel here in this state.
[00:04:16] And, you know, and, you know, Austin's story was amazing, you know, really working from the garage truly from the garage right and building what he did over at Datto and now it's exciting to see what he's doing over at Cork so excited for you guys right because obviously a lot of what Austin does usually has some success with it as well.
[00:04:34] So with that being said, let's kind of dive into a few topics that I know I have questions on personally. Cork cyber warranties. How does that differ from cyber insurance and what you know and what does that really mean to me because I think that's a little cloud of confusion for some.
[00:04:54] Yeah, yeah, absolutely. I could tackle that. So in the auto industry there's car insurance and there's also car warranties both are different but both are important.
[00:05:03] You know, car insurance is if you're driving in your car and something unexpected happens you hit something and boom, you're now in an accident and you need someone to pay it off to help you recover from it.
[00:05:14] Whereas a cyber warranty is when you're driving in your car and something happens where there's something wrong with one of the parts or components.
[00:05:21] When I think of a car warranty, I think of the check engine light appearing on your vehicle saying hey something's going wrong with one of these parts or components bring it into the shop.
[00:05:29] The shop could fix it free of charge that way it reduces the likelihood of an accident ever occurring in the first place where you would need to activate that car insurance policy.
[00:05:38] And that's exactly what we're looking to do here at Cork but in the cyber cyber landscape because in the cyber landscape you have cyber insurance which is super super important.
[00:05:46] And what we're doing here at Cork is we're offering me cyber warranty in a lot of ways we're acting as a cars check engine light but for a small business that's being managed through a managed service provider.
[00:05:58] So if we determine if there's anything wrong with some of the parts or components running in that business, we're able to proactively alert that small business to fix it.
[00:06:07] For example, if someone is uninstalling EDR tools or disabling MFA users things of that nature.
[00:06:13] Those are all risks and warning signs that we could say hey you're about to enter into a lapse of coverage with both your warranty and most likely your insurance provider because this is going to open up a lot of risk on your network.
[00:06:25] So again make sure that you turn on your EDR again turn on your MFA again and we can pinpoint which devices which users are ultimately out of compliance.
[00:06:33] So in addition to the monitoring platform or this check engine light that we end up giving the customers, we end up backing that platform by a warranty that is hundreds and hundreds of thousands of dollars worth of coverage that in a lot of ways could supplement a client's existing cyber insurance policy.
[00:06:50] So if I'm hearing you correctly we're really almost talking a left to boom right to boom conversation right.
[00:06:55] The warranty is really coming in to protect you along the way and help you fund some of those changes potentially that might need to occur in order to bring you up to speed and reduce the risk for that right of boom event which obviously at that point you'd be calling in your insurance company.
[00:07:10] Exactly, exactly. And one of the reasons why our warranty is able to complement insurance very nicely and the reason why we recommend insurance to all clients is that with our warranty we could actually pay off the cyber insurance deductible.
[00:07:23] So our warranty for example it only goes up to a couple hundred thousand dollars worth of coverage whereas with insurance you can get coverage in the millions and millions of dollars. You know it's basically unlimited.
[00:07:34] Downside with insurance though is that the higher the coverage for insurance most likely the higher the deductible is going to be. A deductible can be ten thousand dollars it can be fifty thousand dollars.
[00:07:44] But if you pair your insurance plan with a warranty in most cases or at least in the case of Cork we would be the ones writing off that check to the insurance provider for that ten thousand dollar deductible fifty thousand dollar deductible etc.
[00:07:58] That way the client doesn't have any large out of pockets expenses.
[00:08:02] So Nick Wolf I see the wolf behind you there is the wolf supposed to be your version of the duck quacking if we talk about that other gap insurance company that supplements.
[00:08:12] Yeah right. Yeah I hear that.
[00:08:14] But no good stuff so you know I think that you know that's a great. I appreciate that because I've been fuzzy on this from day one and I'm sure a lot of the listeners are too and I think that you explain that really well in terms of left of boom right of boom and then supplemental right and those are some critical
[00:08:30] needs for MSPs you know I want you to think out there listener what would happen if you had a cyber event you had a right to check for fifty K tomorrow. Could yours MSP would stand that with that disrupt operations you know would that potentially make payroll a challenge.
[00:08:44] You know those are things that we need to consider in this process as well so look into yourself and say can I swallow that because I know a lot of companies that I've spoken to will take the highest deductible because they know the old I don't think this will happen so I'm going to reduce my cost and take the bigger risk.
[00:09:02] Awesome so you know I guess then the question would be which is better and it sounds like a combination is really the answer but which would be better for a company in a warranty insurance.
[00:09:14] That's a great question when you're eating a peanut butter and jelly sandwich what is better is it the side with the peanut butter is it the side with the jelly you know some people are going to say peanut butter some are going to say jelly but the best combination is smacking them both together and eating them together.
[00:09:29] I would say the advantage of insurance is the fact that you can get coverage in the millions and millions of dollars so really really protecting you know your business as it grow in the millions of dollars space.
[00:09:41] The advantage of a warranty is that although it might only go up to five hundred thousand dollars with the coverage the advantage of a warranty is that you're able to get qualified in a matter of minutes without having to fill out any sort of lengthy security questionnaire so coverage starts in minutes it's a lot easier to apply.
[00:09:58] Most importantly typically with warranties they're going to be paying you out in real time in a matter of days.
[00:10:04] That's typically with insurance you might have to wait several weeks or several months to actually get a payout from your insurance provider which means during that time you as a small business are laying out all that money.
[00:10:14] Whereas with a warranty it's typically the warranty provider that's giving you cash now.
[00:10:21] Interesting so you know when you think about it in those terms it really means that you know you've got the opportunity to kind of fill those gaps and bring the best of both worlds put together.
[00:10:31] You know I really hadn't thought about the front end personally myself as much you know in that monitoring so in terms of like application you hit me with that are that are stated that it's a really easy application process for warranty what does that look like for an end user.
[00:10:47] Yeah Nick Corey you want to actually take that what that process looks like.
[00:10:51] Sure it's pretty straightforward.
[00:10:54] What we do is we start with the technology stack that the MSP is using to manage their clients and that technology stack happens to usually be a set of multi tenants software tools that those tenants are defining those client identities so what we do with the court platform as we allow the MSP to directly plug those tools into cork.
[00:11:15] We define the list of clients and identify them there and then we are able to then build a profile to understand which security controls are deployed in the client environment to which endpoints and to which users.
[00:11:26] And once we're able to build that profile that is then what allows us to then say okay this client is going to be continuously monitored by cork and our continuous monitoring platform to look for gaps that could lead to cyber losses.
[00:11:39] And it also then allows us to say yes you're now meeting a minimum standard that allows this client to become eligible for warranty coverage because we know and can prove with the telemetry that these controls are deployed.
[00:11:51] And that's a pretty significant difference right now as Nick mentioned earlier from a paper questionnaire where you're really checking a box and there's no direct link between the presence of the technology.
[00:12:00] And in the check box that's on the form. This is directly bringing those two things together so that the financial coverage is tied in with what the MSP is already doing for their clients.
[00:12:10] So I gotta assume then you know think about it this way one of the biggest concerns out in the marketplace today is potential fraud even inadvertent fraud right when it comes to filling out your insurance questionnaire.
[00:12:22] You know obviously insurance companies are built to not pay claims or they don't want to pay claims or play as little as as little as possible right so they're always looking for errors on those forms and obviously those forms, especially for a traditional business person are well above their
[00:12:36] pay grade and things that they can't answer. So you know what I'm hearing here is by really connecting their tools and doing a scan you're able to identify where those risk points are and really even prepare hopefully prepare them I guess a little bit better for answering those insurance
[00:12:51] questionnaires that might go in partnership with this is that a fair statement on my part.
[00:12:57] I would say that it is as a matter of fact we're taking it one step further where not only are we tying into those security tools that the MSP is selling but if the clients don't meet a certain cybersecurity posture threshold, they're not even going to be able to buy the warranty
[00:13:13] the button in the MSP dashboard won't even be present because the last thing we want to do is sell something that's essentially useless, whereas in theory with insurance. As long as you're saying yes to all the checkboxes you're going to qualify for insurance, even though it might not ever pay out
[00:13:29] because you feel that all those questions wrong. You know as a guy that does some work on the governance and compliance side of things right we're always trying to find the evidence that proves out the control right.
[00:13:40] So it sounds like you know by hooking into your system, you're at least letting people know if they don't qualify. There's a good chance you'll understand the why is behind it and then can take some action which certainly saves time right and that's a big challenge also when you're trying to get ready in your security
[00:13:58] Yeah and we found that you know many MSPs have plugged everything into Cork and said oh this is great because now I have some evidence that I can go take to my client who I've been trying to get security awareness training or better emails, sandboxing tool or you know getting EDR in place to
[00:14:13] upgrade that and now I can go to them and credibly say you can't get this financial coverage that I could offer you because you've been reluctant to invest in this so there's a little bit of a carrot, a little bit of a stick depending on how you want to then take that
[00:14:25] We're just an objective third party we're not going to change our standards for somebody because of the decisions they made to deploy so I think that makes for a really powerful dynamic in the ecosystem where you know they can blame us if somebody can't get coverage instead of having to be the first party to deliver that news so we've sort of seen a lot of conversations emerge like that which helps to strengthen the MSP selling posture.
[00:14:48] Well you know it also helps I think with some of the selling conversations that the MSPs are struggling with as well.
[00:14:54] You know a lot of times they're selling cybersecurity on fear uncertainty and doubt and trying to make a point that the S&P is even at risk now but we really need to change that conversation to your risk, meaning the customers right and how where your gaps are and how you're vulnerable and we've certainly seen you know within the world of BCIO Toolbox and people leveraging some processes we have to change that conversation
[00:15:15] and coming back to me and saying our cyber sales accelerated by 30% just because we finally talked about it in terms of their risk.
[00:15:24] And you guys are actually providing the evidence to allow them to go here's the risk and here's where it lives.
[00:15:29] So, you know really isolating on the pain point and helping them get to that go hopefully so good stuff.
[00:15:35] You know, Nickory this is probably pushed to a little bit to you right I think some people are probably trying to figure out how do we get involved in this, you know, insurance is regulated.
[00:15:45] You need a license to sell that, but a warranty you know it seems like it's pretty fair game for anybody to sell right.
[00:15:53] So what is you know why is that and you know how come you guys are able to provide something that you know obviously feels like insurance in some respects but do it in a way that you know it sounds like MSPs can capitalize on.
[00:16:05] Yeah, I'll drop back to the car analogy and that you know you go to a car dealer and your car sales person selling you a car that has a warranty attached to it.
[00:16:12] It's about as straightforward as that insurance is a product design that is not attached to a specific product or service that is sold.
[00:16:22] So it's a coverage policy designed for risks that are you know could come out of anywhere if you think about that way and the regulatory structure in the US and most other markets around the world is such that you need a broker's license to be able to sell that policy and represent it.
[00:16:35] We are warranting the performance of our continuous monitoring product that MSPs are connecting into and deploying into their client environment because the warranty is we're offering financial protection due to the as a result of the performance of that product.
[00:16:52] That's where the warranty really sits very nicely and offers a great solution for MSPs to be able to sell it similar to the way a car dealer might attach a warranty to the car that they're selling to one of their customers.
[00:17:03] Awesome. So you know what's in the future for Cork so you know obviously you guys are still pretty early stage at this point.
[00:17:13] What are some of the things that you're looking to accomplish as a company it sounds like adding potentially insurance into the portfolio might be something you're looking at doing but you know what's the long term roadmap and how are you finding the market kind of educating them to a warranty standpoint and that might be pointed more to you Nick Wolf.
[00:17:29] Yeah so we were founded as a channel only company and let me make that perfectly clear that that's never going to change right. We're working with MSPs all day every day and ultimately rely on those MSPs because it's the MSPs that's managing the cybersecurity text back of the end users environment.
[00:17:47] That's why we're able to provide this warranty is because we're ultimately monitoring the telemetry of the RMM tool that's running in the environment the EDR tool the backup set the multi factor authentication tools etc.
[00:18:00] So we were founded as a channel only company that's never going to change and ultimately what we're looking to do here in the future is integrate with as many cybersecurity tool sets as possible in the MSPs tech stack to ultimately gain more visibility.
[00:18:14] And for those.
[00:18:16] Yeah, for those that are watching YouTube we just brought up some of those names here as well but continue on Nick I apologize.
[00:18:22] Yeah for us when it comes to integrating with the MSPs tech stack we want to be as vendor agnostic as possible so whether you're a data shop or a casea shop or you know using Ninja RMM or Duo for MFA or Veeam for backup we really want to integrate with all kids in the sandbox.
[00:18:39] That way we're getting all that telemetry for the MSP and you know these are the APIs for those that are watching that we integrate with right now and you know we're adding more on a constant constant basis I think we added a little over six just last quarter alone and we only see this you know expanding our approach.
[00:18:58] From a minimum viability standpoint in order to qualify for a warranty with cork though we need to absorb RMM on the endpoints EDR and the endpoints and MFA for the cloud users so that's sort of like the bare minimum.
[00:19:11] But again we still want to be able to get visibility into security awareness training tools email security tools things of that nature.
[00:19:19] Awesome. So guys we're getting near the end of our time today I don't know you know if any of you have any closing thoughts before we talk about where we can find you so Nick Corey I'm going to start with you I don't know if you've got any closing thoughts anything we haven't covered today that you think might be important for an end user to know about.
[00:19:36] It's been a great discussion Brian thank you so much I think one thing I would just you know reflect on in the journey that we've been on the last year here at cork is there's something that's structurally broken in the market and that the the you know insurance industry has largely focused on the end client which doesn't really have direct responsibility for their own security posture that managing
[00:19:59] actively and the MSP has sort of been left out of the equation and we've been really excited and energized by bringing them into the conversation in a way that's very aligned and sometimes that can be antagonistic.
[00:20:10] And the response we've gotten has been pretty overwhelming it's it's it's wonderful to just talk to a new SP every day and hear how it kind of lights up and they're finally able to answer have an answer to the problem that they've been sort of seeing but can't really grasp the solution for because they know that they're not going to go and necessarily run and get a broker's license but they still want to be able to offer a solution to the
[00:20:29] broker and offer that piece of mind to their client that extends beyond just the technology stack so that's I think for anyone listening a way that you might be able to sort of enter an approach cork with that mindset of really align with your interest we're really aligned with the
[00:20:43] interests of insurers were really aligned with the interests of small businesses and we're super excited to continue serving and growing with you in the coming months and years.
[00:20:52] Awesome.
[00:20:54] Any closing thoughts from you Nick.
[00:20:55] Wolf. Yeah I'll just add on to Nick Corey and say we're also aligned with the idea of MSPs making money here right because typically with cyber insurance you know that's going to be done through the insurance agent the broker dealing directly with the end user so now MSPs are sort of in an awkward spot where they want to do right by their
[00:21:13] clients help them fill out those cyber insurance forms to some extent but during that process they're not really making any money along the way whereas with a cyber warranty this is designed for MSPs actually resell to their end users and make sure that they're
[00:21:25] making a monthly occurring profit on it while also still giving their users financial protection you know during that left to boom as well as potentially that right of boom so this is a product that it's really designed for MSPs to resell either as a standalone product or built into the cyber security tech stack that they sell their clients.
[00:21:43] Terrific guys I really appreciate the insight on this I think you've cleared up a lot of the listeners confusion potentially about where you know a cyber warranty compares against cyber insurance I know that was certainly a question I had
[00:21:55] to ask.
[00:21:57] I think some of the places you're going to be in the future you guys are at most of the ASCII events correct so if I'm going to come see you.
[00:22:04] ASCII is a great community for us so we're going to be at plenty of those events for sure and I'm sure there's more events will be going to later on in the year but you know at least that the ASCII events will be there.
[00:22:13] And Nick being the director of partner acquisition I gotta say how can they get in touch with you because I'm assuming that's where those requests should be directed to.
[00:22:20] Yeah if you're an MSP listening to this and you want to become a partner or buy a cork warranty for any of your clients you can reach out to me on LinkedIn or you could visit us on our website where corkinc.com that's c o r k i n c dot com and will be able to answer your questions and get you all set up.
[00:22:38] And Nick if folks wanted to get in touch with you and understand a little bit more about the platform how can they get in touch with you.
[00:22:43] Yeah the same go to corkinc.com slash partner will be happy to have a conversation my personal email this to Nick's but you can always email Nick at corkinc.com.
[00:22:53] And I think Nick W is the other one for him so that's my personal outreach there awesome well guys I really appreciate you coming on today really exciting stuff that you've got going on at cork definitely a different approach to solving a problem that every MSP is facing so I really appreciate you giving us that insight for you listeners you're going to get in touch with me.
[00:23:13] And I think you can get this podcast anywhere you download your podcast from and of course it's up on YouTube as well so you know feel free to smash that button and subscribe there but in the meantime I do I want to thank both of you again for joining us today and wish you the best have a great day.
[00:23:29] Thank you Brian.