So there I am, wrapping up a conference session—over 1,000 MSPs in the building—and one guy comes up clutching a fresh copy of Standardized like it’s a fire extinguisher in a server room. He’s nodding along, clearly rattled in all the right ways. And then he drops the question:

“What kind of insurance should I have for my MSP?”

Cue the sound of brakes screeching in my head.

Because here’s the kicker—MSPs know exactly what insurance their clients need.

You’re telling them to get cyber insurance, breach coverage, ransomware riders, crime policies, probably even praying they spring for business interruption protection.

But what about your own MSP business?

Most MSPs are out here treating insurance like an afterthought. Or worse, like it’s optional. And that’s a great way to end up personally bankrupt, offloading your Ethereum, and trying to sell off rack switches on eBay to cover a court judgment.

Let’s fix that.

Here’s the Insurance Breakdown:

  1. Cyber Crime Insurance

Imagine someone tricks you into wiring $87,000 to a fake vendor. They spoofed an email. Looked totally real. But surprise!—money’s gone.

Cyber Crime insurance is the policy that covers things like business email compromise, wire fraud, and stolen funds from social engineering scams. Think: “Oh crap, the hackers outsmarted us and stole our lunch money.” This covers that lunch– the cafeteria’s tater tots are incredible. 

  1. Errors and Omissions (E&O) Insurance

Now imagine your client gets breached. And even though they ignored every security recommendation you ever gave them, they sue you because their backups didn’t work or they “didn’t understand MFA.”

Errors and Omissions (E&O) covers you when someone says, “this is your fault” even if you didn’t touch the darn thing. It’s like malpractice insurance for MSPs. If your work (or lack of documentation) might have caused damage, this is your parachute.

Cyber and E&O policies are apples and oranges—and both are essential. If you don’t know what you’ve got, assume it’s not enough. 

Bonus Reality Check: Most MSPs think their cyber policy alone covers them for this stuff. It doesn’t. These are two entirely different policies with entirely different exclusions—and if you don’t know what you’ve got, odds are, you’ve got nothing. Make sure you understand what's covered and what your incident reporting requirements areThe devil's in the details.

Insurance Won’t Save You If You Don’t Have the Paperwork

Let me be brutally clear: Your policy doesn’t mean squat without proof.

No MSA? Good luck. No signed SOW? Say hello to personal liability.

No documentation proving the client ignored your security recommendations? Congrats—you’re now the proud owner of a six-figure legal problem.

Insurance companies are in the business of not paying. That’s their model. And they’re damn good at it. If you can’t show:

  • You followed their procedures on incident reporting 
  • A signed contract between you and the client 
  • A clear scope of work 
  • And a trail of evidence showing what you recommended and what they declined 

And if you can’t provide those…they’ll walk. You’ll be left holding the bag—and the bill.

Security Isn’t Real Unless It’s Tied to a Standard

Let’s pretend the lawsuit doesn’t happen (lucky you). You still have a responsibility to know why you made the decisions you made.

It’s not enough to say, “Well, that’s what the vendor said was best.”

Nope. Not in court. Not to regulators. Not to insurance underwriters.

You need to anchor your decisions to actual frameworks:

  • HIPAA (healthcare)
  • PCI (retail)
  • FTC Safeguards Rule (finance/accounting)
  • NIST, ISO, or something equally grown-up and defensible.

Here’s a brutal truth: If you’re protecting a dentist and you’re not referencing HIPAA in your stack decisions… what the heck are you doing?

900 MSPs Went to Lunch. 100 Learned About Cyber Liability.

At that same conference, I had a packed room of about 100 MSPs.

That’s 1 out of every 10 who were ready to talk about cyber liability—how to protect themselves, their business, and their future.

The rest? They were out trying to figure out how to win more business.

Let that sink in.

Nine out of ten MSPs are so focused on acquiring clients while ignoring the urgent need to protect themselves—legally, operationally, or financially.

That’s not growth.

That’s walking into a war zone wearing a T-shirt that says, “Trust me, I'm bulletproof.”

Want to Know If You’re Actually Protected?

Get a cyber liability assessment. It’s quick. It’s meticulous. It’s necessary.

We’ll show you what happens when your tools fail, your contracts get challenged, and your client’s lawyer starts digging through your documentation with a magnifying glass.

👉 Book your assessment

Because the next MSP to go down won’t be the one with bad tech - it’ll be the one who couldn’t prove they did the right thing.

And if you can’t prove it?

You’re not protected, you’re just hopeful.