[ISN] New Insurance Coverage in Place for Managed Services

From: InfoSec News (alerts@private)
Date: Fri Oct 20 2006 - 03:02:24 PDT


http://www.thechannelinsider.com/article/Insurance+for+Stolen+Laptops+and+the+Uncontrollable+in+Managed+Services/191892_1.aspx

By John Hazard
19-OCT-2006

The MSP Alliance and AIG announced a partnership Oct. 19 to provide 
insurance for managed service providers that would extend to user 
coverage for mishaps such as stolen laptops, data breaches and hackers.

The package provides comprehensive coverage for specific liabilities 
that can't be mitigated through standard contracting procedures, such as 
a data breach not due to malpractice, a lost lap top and an intrusion by 
a hacker, said MSP Alliance officials and members.

The package would be similar to the bond and insurance possessed by home 
contractors, obtained and maintained by the service provider, but 
extended to the client as part of the contract, said Robert Scott, an 
attorney and partner in the Dallas law firm of Scott & Scott.

Scott represents IT firms and is a board member of MSP alliance.

Payouts would cover actual damages such as lost businesses and 
replacement costs, plus such things as monitoring customer's credit 
following a leak of financial information, legal fees and public 
relations expenses incurred, the organization and members said.

"There are certain risks, 'non-delegable duties,' like keeping an eye on 
your employees, that the service provider just can't assume," Scott 
said.

Craig Valentine Brenner, CEO of NEDS (New England Data Services), a 
Boston-based VAR, was part of such a situation at a previous company and 
watched as the company approached financial ruin following a data leak 
at one of their customers.

"It can go real bad, real easy," Brenner said. "It's not just the actual 
damages, like the fact that the system was down for four hours and no 
one could get on, but the potential liability. We didn't even know what 
our obligations were from a public disclosure stand point. We could have 
been looking at very expensive PR bills."

The situation at the organization, which Brenner declined to identify, 
was eventually averted when the individual was found and the breach 
contained.

Many MSP's have it on their radar screen, but few are taking the 
necessary steps, said Charles R. Weaver, president of the MSP Alliance. 
The alliance requires certain insurance steps of its membership for 
accreditation.

Weaver expects the insurance to be considered another value add and a 
selling point for providers.

"It helps to know your service provider is here to stay, that they won't 
be driven out of business by a catastrophe at another client site," 
Brenner said.

Scott, following his keynote address, "Mitigating Risks with Liability 
Insurance," at the MSP Alliance Fall Conference in San Jose, also warned 
MSPs to be more vigilant about enforcing SLAs (service-level 
agreements).

"Too often, things happen in the environment that are the client's 
responsibility, and the client throws it back on the MSP," Scott said.

"It's time MSPs stood up for themselves. The market is mature enough now 
that these guys don't have to take it from customers just to keep the 
contract."


_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org 



This archive was generated by hypermail 2.1.3 : Fri Oct 20 2006 - 03:18:51 PDT