http://www.thechannelinsider.com/article/Insurance+for+Stolen+Laptops+and+the+Uncontrollable+in+Managed+Services/191892_1.aspx By John Hazard 19-OCT-2006 The MSP Alliance and AIG announced a partnership Oct. 19 to provide insurance for managed service providers that would extend to user coverage for mishaps such as stolen laptops, data breaches and hackers. The package provides comprehensive coverage for specific liabilities that can't be mitigated through standard contracting procedures, such as a data breach not due to malpractice, a lost lap top and an intrusion by a hacker, said MSP Alliance officials and members. The package would be similar to the bond and insurance possessed by home contractors, obtained and maintained by the service provider, but extended to the client as part of the contract, said Robert Scott, an attorney and partner in the Dallas law firm of Scott & Scott. Scott represents IT firms and is a board member of MSP alliance. Payouts would cover actual damages such as lost businesses and replacement costs, plus such things as monitoring customer's credit following a leak of financial information, legal fees and public relations expenses incurred, the organization and members said. "There are certain risks, 'non-delegable duties,' like keeping an eye on your employees, that the service provider just can't assume," Scott said. Craig Valentine Brenner, CEO of NEDS (New England Data Services), a Boston-based VAR, was part of such a situation at a previous company and watched as the company approached financial ruin following a data leak at one of their customers. "It can go real bad, real easy," Brenner said. "It's not just the actual damages, like the fact that the system was down for four hours and no one could get on, but the potential liability. We didn't even know what our obligations were from a public disclosure stand point. We could have been looking at very expensive PR bills." The situation at the organization, which Brenner declined to identify, was eventually averted when the individual was found and the breach contained. Many MSP's have it on their radar screen, but few are taking the necessary steps, said Charles R. Weaver, president of the MSP Alliance. The alliance requires certain insurance steps of its membership for accreditation. Weaver expects the insurance to be considered another value add and a selling point for providers. "It helps to know your service provider is here to stay, that they won't be driven out of business by a catastrophe at another client site," Brenner said. Scott, following his keynote address, "Mitigating Risks with Liability Insurance," at the MSP Alliance Fall Conference in San Jose, also warned MSPs to be more vigilant about enforcing SLAs (service-level agreements). "Too often, things happen in the environment that are the client's responsibility, and the client throws it back on the MSP," Scott said. "It's time MSPs stood up for themselves. The market is mature enough now that these guys don't have to take it from customers just to keep the contract." _________________________________ Visit the InfoSec News store! http://www.shopinfosecnews.org
This archive was generated by hypermail 2.1.3 : Fri Oct 20 2006 - 03:18:51 PDT