Cyber insurers and brokers are pushing the security vertical towards a unified baseline of necessary solutions and protocols. At least, that’s what Edouard von Herberstein, the founder and CEO at SPECTRA, sees after spending decades in the insurance industry and developing a passion for cyber insurance a few years ago.
Von Herberstein spoke with Channel Insider to explain how the company puts MSPs in the center of security discussions without pushing the boundaries on who is legally allowed to advise or facilitate insurance policy decisions.
Certifying MSPs worthy of policyholders: how SPECTRA connects tech to insurance
Von Herberstein founded SPECTRA in 2022, recognizing an opportunity to bridge the understanding gap between insurers, brokers, and their clients who require stronger security postures. As he puts it, insurers and brokers were beginning to step into the role of security advisors in an attempt to strengthen policyholders’ chances at better rates and support.
A friend of von Herberstein’s then introduced him to the world of MSPs and the broader IT services channel, and a lightbulb went off for the experienced insurance professional.
“I was not familiar with MSPs or the channel at that point, but then all of a sudden it made sense,” von Herberstein said. “And then I asked myself why these MSPs who are protecting and securing their client weren’t teaming up with insurers and vice versa.”
“When I asked my friends and colleagues in the insurance market, it seemed like they weren’t sure who to trust or how to work with MSPs at scale, and because of that, no one had really tried to address the potential here,” von Herberstein continued.
He then began to develop a systematic approach to matching MSPs with insurers, enabling them, in turn, to bring those providers to their policyholders.
“We’re not an insurer, a broker, or an MSP,” von Herberstein said. “We’re a third party that works to certify MSPs and put them on the map for insurers and brokers to recommend to their policyholders so everyone wins.”
By law, MSPs cannot advise on or sell insurance policies to their customers. The SPECTRA experience focuses on providing a connector that enables everyone in the chain to focus on their strengths, ultimately resulting in a more secure business landscape supported by MSPs and underwritten by insurance policy expectations.
The three-step methodology for certifying MSPs
SPECTRA offers a certification-based approach to highlighting MSPs it feels are worthy of recommendation to the broader market. To achieve this, von Herberstein says, the company adheres to three core steps within its system.
- Auditing MSPs’ internal controls: SPECTRA pulls back the curtain on how MSPs protect themselves from security risks, focusing on the level of risk partners would expose their clients to if they were compromised. The company considers security protocols and resiliency efforts.
- Reviewing the solutions and offerings sold to customers: Of course, one of the most crucial components of this whole system is what the MSPs offer to their mutual customers. Here, SPECTRA considers architecture, frameworks, the vendors with which MSPs work and sell to their customers, and how specific elements, such as backups and data protection, impact customers’ resiliency.
- Certifying and providing warranty coverage: After this extensive auditing process is completed, SPECTRA certifies those MSPs it deems trustworthy. Additionally, the company provides a warranty for all approved deployments through SPECTRA-certified MSPs.
Von Herberstein says that partners who can provide industry-standard certifications, such as compliance with SOC, NIST, and other frameworks, are fast-tracked through some of the auditing as the certifications address similar needs.
“Ultimately, we care about making insurers comfortable with working with our MSPs,” von Herberstein said.
Why von Herberstein thinks security is in for a ‘seatbelts and airbags’ alignment
A veteran of the insurance industry, von Herberstein says he has seen the impact insurers have on verticals. He often utilizes the example of seatbelts and airbags in vehicles, stressing that automakers felt compelled to include what we now consider standard security features because insurers were pushing consumers towards those components through policy requirements.
“Insurers are de facto regulators in many industries,” von Herberstein said. “In those verticals, companies ultimately cooperate with insurers and adjust their offerings to what insurers place value on. MSPs can’t ignore security anymore as a value-add for their customers, and insurers who work with us don’t have to advise policyholders on their own if MSPs continue to own that role.”
Now, he says, the cybersecurity industry is poised to be the next vertical heavily influenced by the types of risk insurers will and won’t take for their policyholders. And as that happens, MSPs will want to retain their value as security experts instead of letting insurers fill the gap themselves.
“Insurers are starting to play MSP and advise their customers, and obviously MSPs see this as a threat to their relationships with businesses,” von Herberstein said. “Our partners see what we offer as a win-win for everyone to stay in their swim lanes and get the best results.”
Cyber insurance is a trending topic in the channel. Read more about why Cork and UKON partnered on bringing MSPs the solution to becoming a “risk advisor.”