Sophos adds new insurance partnership with Cysurance specifically around its fast-growing MDR offering

The new partnership deals with a key partner pain point, the difficulty in getting cyberinsurance for their MDR customers.

Raja Patel, SVP of products and managed services at Sophos

Today, cybersecurity vendor Sophos has announced a new cyberinsurance partnership with Cysurance. The partnership provides unique, fixed-price cyber insurance to U.S.-based organizations around Sophos Managed Detection and Response [MDR], and takes advantage of the fact that Cysurance was one of the first to grasp that the surveillance provided in an MDR service also reduced the insurers’ risk.

“Eight months ago, our partners told us that one of their pain points was how hard it was to get their MDR clients insurance policies,” said Raja Patel, senior vice president of products and managed services at Sophos. “There were a lot of issues. We started out earlier this to find a strategic program to do several things. As a result, we work with more than one insurance provider, because we found that one size does not fit all.”

Learning what works better for MSPs and their clients has been an issue in itself, because cyberinsurance is relatively new for vendors.

“We have not been in cyberinsurance for long,” Patel said. “As an industry, we are just getting into this.”

All three of the insurance providers Sophos has signed up with offer alternative benefits to MSP customers.

“Cowbell, who we signed up with in March of this year, has two offerings – cookie cutter, and adaptive risk,” Patel said. The adaptive risk one takes our telemetry and is able to see if the customer kept up with their security hygiene. If they weren’t clean, it would be a high price, but if the hygiene was good, the price would be better. Those types of partnerships give partners a lot of flexibility. The second partnership, with Measured Analytics and Insurance, followed in May and was different in checking the time of policy creation and putting it in the risk engine.

Patel described the new partnership, with Cysurance, as the next step, created by the success of Sophos’ relatively new MDR offering.

“Sophos introduced MDR last November for a hybrid environment,” he said. “We have see that MDR service go to over 17,000 customers since then.  Cysurance thinks they are at least amount of risk with MDR, because there is always someone watching 24/7. As a result, they offer a fixed price policy if a customer is on the MDR service. This fixed pricing provides the perfect storm, giving the partner base another option to get the policy.”

Patel noted that the other insurance companies with which they work have picked up on this idea that MDR improves their risk tolerance, but that Cysurance enjoys an advantage from having been in this area earlier.

This is still largely a green fields market, because very few MSP end customers are currently covered by cyberinsurance.

“The number is very low,” Patel said. “Insurance is a very regulated, and we can’t sell it ourselves. I love cyberinsurance partnerships, however, because they align the interests of all constituents. Customers get the best benefit, including ransomware coverage without having to buy it as an add on. For partners, this gives them an answer for a question they commonly get, In addition, the application process is very streamlined.”

The application process is simple for MSP customers, who automatically qualify for coverage under the partnership. The client visits the Sophos page on Cysurance’s web site, picks their coverage level from the four available plans, which range from $275,000 to $3.2 million in total coverage, including ransomware coverage, and enrolls in the program. They are then bound, and issuance will be held until they verify their service level of Sophos MDR.