This module joins existing ones for GDPR and HIPAA, and will be followed by others as RapidFire Tools adds additional functionality to the Audit Guru platform.
Today RapidFire Tools, a Kaseya company, is releasing Audit Guru for Cyber Insurance, the latest tool for their Audit Guru compliance platform. This one allows MSPs to document and and demonstrate “due care” by cyber insurance policyholders, helping them to receive payout in the event of a claim, and allowing the MSP to show their own due diligence.
“Cyber Insurance is relatively new and the area is a bit unsettled,” said Michael Mittel, president and general manager of RapidFire Tools. “Cyberattacks have been getting more common, and these provide coverage for a relatively small amount of money. Its relatively inexpensive insurance on the grand scale of things. A company with $1-to 5 million in revenue might pay a few thousand a year, and it could be as low as a thousand dollars a year for several hundred thousand dollars worth of coverage. It’s certainly in the range of thousands a year, not tens of thousands.”
This solution protects both the MSP and their customers.
“It protects the customer by documenting security of the network and documenting the extent of compliance,” Mittel said. “If a customer of the MSP has a cyber insurance policy, this helps them submit a claim with success.”
It’s also critical for MSPs, Mittel said.
“It’s a variation of the general liability policy for businesses that MSPs typically have, and an Errors and Omissions [E&O] policy as well, in case you get sued by clients. When a breach occurs, it can expose businesses to a tremendous amount of liability.”
As a result, more MSPs are purchasing this kind of insurance.
“It’s a growing number,” Mittel said. “Compared to last year, more have cyber insurance. More are aware of the need to carry it on top of E&O. Hackers are increasingly targeting MSPs, because they have all the credentials. We also work closely with a select group of MSPs, and on a scale of 1 to 10 of problems to rank, this was near the top of the list.”
Audit Guru for Cybersecurity is designed to protect against claims being denied by the insurer.
“We verify the accuracy of information submitted for a cyberliability policy,” Mittel said. “This is important. We have looked at the policy language of the six largest carriers of this type of insurance, and it can be confusing. It’s easy to say yes and no to the same question. This can result in denial of a claim, and this has been happening a lot more of late.”
Audit Guru for Cybersecurity also documents the MSP’s proper securing of the network.
“If there is a problem, the MSP has to show that they acted reasonably and did due diligence in securing the network,” Mittel said. “We help by documenting the security that the MSP provides to the customer, and can provide reports.” The engine regularly scans the environment to identify any issues that should be fixed.
The third thing that Audit Guru for Cybersecurity provides is remediation capability, through those reports
“The MSP can then do the remediation by finding the weaknesses that we expose, and fixing them,” Mittel indicated.
Audit Guru modules already exist for GDPR and for HIPAA, and Mittel said that the functionality this module provides is similar.
“The compliance standards themselves are similar,” he stated. “The difference is that this is not a legal requirement like the others. But the MSP is expected to do certain things to harden the network.”
Mittel said that this module may even be more relevant to MSPs than the HIPAA module.
“HIPAA is usually relevant to a subset of customers, but this one is much broader horizontally, and can be relevant to 100 per cent of their customers,” he stated.
More modules like this, and the ones for GDPR and HIPAA will be rolled out with regularity.
“Audit Guru is a platform, but the modules that sit on it are what people want,” Mittel said. “They don’t just buy Audit Guru. They buy it to do something specific.”
Mittel also said to look for tighter integrations between RapidFire Tools’ products and the other Kaseya companies going forward.
“Right now, we produce standalone compliance products, but one day shortly we might discover an issue that then shows up in the Kaseya PSA or ticketing system,” he stated. “Being part of the Kaseya family will lead to very tight integrations in product lines, and we are working very quickly and diligently on building tight integrations with all of our products. The goal is to build much tighter integrations between the Kaseya product families than exist at present.”