Cyber insurers and managed service providers have long debated where insurance ends and cybersecurity services begin. As insurers expand into offerings such as managed detection and response (MDR), many MSPs have questioned whether those moves create channel conflict or create new opportunities to improve customer security.
Josh Hohbein, manager of cybersecurity and automation at centrexIT, was among the skeptics.
When Coalition Security launched its MDR offering, Hohbein’s first reaction was that the cyber insurer should “stay in their lane.”
After meeting with Coalition executives, however, he came away convinced the company had built an MSP-first approach by separating its insurance and security businesses, protecting customer data, and working through—not around—channel partners.
Cyber insurers expand into active risk management
Cyber insurance has become an increasingly important part of the managed services conversation as insurers have expanded beyond underwriting policies into active risk management.
Many providers now offer attack surface monitoring, vulnerability assessments, security recommendations, and other preventative services designed to reduce claims.
That evolution has also raised new questions for MSPs about where insurers’ responsibilities end, and security providers’ begin, particularly regarding customer ownership, data visibility, and potential channel conflict.
For Hohbein and his colleagues at centrexIT, a candid conversation with Coalition Security revealed a path forward that benefitted everyone involved.
Coalition addresses MSP concerns over channel conflict
Hohbein and another centrexIT executive met with Coalition representatives for what became a direct debate over those concerns.
“One of the most unexpected things is they’re like, ‘We agree with you, and that’s why we’re doing it differently,’” Hohbein said.
Tim MalcolmVetter, general manager of Coalition Security, said security operations and insurance claims are handled through separate legal entities. When a policyholder files a claim, third-party breach counsel serves as a legal barrier governing what information can be shared with the insurance company.
MalcolmVetter also acknowledged that Coalition’s earlier approach had sometimes created accidental channel conflict by selling past MSPs. He said the company has since instituted a policy of directing security opportunities back through an incumbent MSP when one is involved.
“MSPs are existential for us,” MalcolmVetter said. “There’s just no way you can serve that long tail with any kind of services without having an MSP involved.”
Coalition has approximately 100,000 policyholders, he said, with most employing fewer than 250 people. Reaching those organizations with cybersecurity services requires working through the MSP ecosystem rather than attempting to replace it.
Wirespeed brings MSP-focused MDR model
Coalition acquired MDR provider Wirespeed after MalcolmVetter and his team initially approached the insurer about a potential white-label relationship.
The resulting service is offered to MSPs without annual contracts or seat minimums. MalcolmVetter said that structure allows partners to add and remove customers as their businesses change while placing pressure on Coalition to continually demonstrate value.
“You win, we grow with you. We lose a customer, we shrink with you,” he said. “That means we have to win you over every month. My team has to constantly innovate because you can leave next month.”
For Hohbein, the more significant differentiator has been the product’s ability to correlate information across multiple security integrations and present the relevant details within a single case.
He cited identity compromise as an example, noting that Wirespeed had detected suspicious sign-ins before the activity appeared in Microsoft audit logs. He also described an instance in which Coalition addressed an exclusion issue in roughly 20 minutes after centrexIT’s previous MDR provider had spent months responding to the same problem.
“The security moves fast, and the business needs that,” Hohbein said.
Insurance data can strengthen MSP security guidance
Hohbein said MSPs cannot eliminate every cybersecurity risk, making insurance a necessary component of a broader risk management strategy.
The opportunity for closer cooperation, he added, comes from insurers’ use of claims data to identify controls that measurably reduce losses. That information can reinforce an MSP’s recommendations and help customers understand that proposed security investments are tied to risk reduction rather than simply another technology sale.
“We need them,” Hohbein said of cyber insurers. “We can have tools, we can have services, and partners such as Wirespeed. We can’t eliminate all risk.”
The centrexIT relationship demonstrates that insurers entering the security market will need more than technology to earn MSP support. They will also have to establish clear data boundaries, avoid channel conflict, and prove that partner feedback leads to action.





