I’ve heard it more times than I can count.
“I don’t like making my clients sign risk acceptance documents. It feels adversarial.”
Let me get this straight—
You make a recommendation.
They say no.
And writing that down feels like you’re picking a fight?
That’s not adversarial. That’s called documentation.
You know what is adversarial?
Getting blamed.
Insurance denials.
Client lawsuits.
Being dropped like a hot potato by your carrier when they realize you don’t have a single signed record of declined security recommendations.
Let’s Stop Playing Word Games
I had an MSP ask me if they could just get a “risk acknowledgment” instead.
Listen—this isn’t a tomato / tomahto situation.
This is a CYA / see you in court situation.
“Risk acknowledgment” sounds nice, sure. But it’s not legal armor. It’s vague. Passive. Weak.
It’s probably what got you into this situation in the first place. You likely didn’t make a recommendation—you made an offer. You said something like: “I think maybe you should consider possibly investing in this new firewall option… perhaps?”
Or worse, your team didn’t say anything at all. They assumed it would be uncomfortable. They decided the client “just couldn’t afford it.” So they skipped the conversation altogether.
Risk acceptance says: “We made a recommendation. You said no. Here’s the receipt.”
That’s what your E&O carrier wants to see.
That’s what protects you when the breach happens and everyone starts pointing fingers.
That’s how you prove you didn’t drop the ball—you documented the toss.
Want Your Insurance to Pay Out? Then Act Like It
Your insurance company isn’t looking for heroes.
They’re looking for documented processes.
They want to stand by you when things go wrong.
But if there’s no signed risk acceptance? No evidence that your client declined SIEM, or MFA, or basic protections?
Then it’s not your client on the hook.
It’s you. And your insurer has an easy out.
Too much risk. Too little documentation.
Good luck in court. We’ll be over here, adjusting our exposure rate.
What’s in It for Your Clients?
Here’s the missing component: your clients benefit from this too.
If you don’t collect risk acceptance, and something bad happens—especially something you did screw up—your insurance company might not back you.
And when that happens?
No claim. No check. Just fallout.
Which means you can’t pay to clean up the mess. Which means they eat the cost.
Risk acceptance isn’t just CYA.
It’s how you prove to your insurer that you’re worth protecting—so your clients get the protection they’re paying you for.
That’s peace of mind. That’s value.
Stop Emailing Risk Assessments Into the Void
You want to really piss your client off? Send them a random risk assessment with no context and ask them to “just sign this.”
Congratulations—you just confirmed their worst suspicion: that you only care about yourself
Here’s what actually works:
- Get on a Teams or Zoom call.
- Send the document live via Sign Secure Now.
- Walk through it with them.
- Answer questions. Show you care.
- Get the signature. Log the proof. Sleep better.
Our most successful partners do it this way every time.
Because it works.
Time to Grow Up and Get It Signed
This isn’t about being adversarial. It’s about being responsible.
And if your client truly respects you, they’ll understand why this matters.
If they don’t? You’ve got bigger problems than a signed document.
So here’s your new risk acceptance process:
- Review your outstanding risk acceptance gaps.
- Meet with every client.
- Document the decisions they made.
- Use Sign Secure Now to keep it clean and defensible.
- Send it to them while you are on the call.
Because nothing ruins your day like being held responsible for someone else’s decision—without a shred of proof to back you up.
