A pile of burning cash on the ground, symbolizing financial loss and the devastating impact of lawsuits and cyberattacks on businesses.

Last night, I had dinner with a business owner who just went through personal bankruptcy. Not because he was reckless. Not because he mismanaged his finances. Because he lost a lawsuit. 

I want you to stop and really think about what that means. 

He had to start over. From nothing. 

No loans. No credit cards. Want a car? Pay cash. Need a house? You don’t just have to scrape together a down payment—you have to buy the whole thing, upfront. That’s if someone will even sell to you. 

And the worst part? Everyone blames you. 

They don’t see you as the victim of a broken system or a predatory lawsuit. They assume you did something wrong. That you were reckless, irresponsible, or worse. It’s like blaming someone for getting mugged because they “shouldn’t have been walking in that part of town.” As if it was their fault a predator was lurking in the shadows, waiting for the opportunity. 

No one wants to hear the real story. They just want to know why it was your fault. 

Now imagine this happening to you. 

A client gets breached. They lose a ton of money. And suddenly, their insurance company and their lawyers are looking for someone to blame. 

If you think your airtight security stack will protect you, it won’t. 

If you think your rock-solid contract will save you, you’re mistaken. 

Because if you don’t have evidence—documented proof that you did everything right—you don’t have a defense. 

How to Protect Your MSP from a Total Loss 

You can’t eliminate risk. But you can control how it impacts you. 

When it comes to risk, you have four choices: 

  1. Tolerate it—Stick your head in the sand and hope for the best.
  2. Treat it—Build a security stack that actually works.
  3. Terminate it—Shut down and go work for someone else.
  4. Transfer it—Use contracts and insurance to shift the risk away from you.

If you’re serious about protecting your business, you need to do all of them—except sticking your head in the sand. 

That means: 

  • Building a security program based on standards so you know exactly what you’re protecting.
  • Locking down your contracts to limit your liability (this helps, but it won’t save you completely).
  • Having the right insurance—both E&O and cyber—so when things go bad, it’s the insurance company’s money on the line, not yours.
  • Collecting evidence. If it’s not documented, it didn’t happen.

What’s Your Future Worth? 

Some MSPs tell me they don’t see an ROI for Cyber Liability Manager in their own business. 

So let me ask you: What’s it worth to be able to defend yourself in a $925,000 lawsuit? 

What’s it worth to make sure your business survives? 

$1,000 a month? 

$10,000? 

Because it takes a lot less than that to protect yourself from bankruptcy-level risk. 

If you think you’re safe because of your contracts, think again. Lawyers are shredding MSP contracts in court. If you don’t have evidence to back up your security program, your contract is just paper. 

If you’re planning to sell Cyber Liability Manager to your clients, the best place to start is with yourself. 

Not just to protect your business—but to protect theirs. 

Because if you have an event, your clients will need evidence that you did the right things. Even if they are collecting evidence for their own environments, they will be looking to you. 

Without Evidence, There Is No Defense 

It doesn’t matter how good your security program is. If you don’t have documented proof that you followed best practices, you are a liability magnet. 

  • Document your security controls. Show how they align with industry standards.
  • Record risk acceptance decisions. If a client refuses a recommendation, get it in writing.
  • Provide cyber awareness training. And get proof your team actually completed it.
  • Track policy approvals. You need an audit trail of what policies were in place and who signed off on them.
  • Have a written incident response plan. And make sure your team knows how to use it when things go bad.

You Can’t Afford to Gamble with Your Future 

Right now, 1 in 5 ransomware cases ends in a lawsuit. 

If you don’t have evidence, you don’t have a defense. 

If you haven’t implemented Cyber Liability Manager in your own MSP yet, you’re gambling with your business—and your future. 

Even if you have a great security program, a locked-down contract, and top-tier insurance, without evidence, you’re a sitting duck. 

And if that lawsuit comes? You’ll be the one sitting across the table from a lawyer, explaining why you don’t deserve to start over from nothing. 

Let’s make sure it never comes to that.