4 thoughts on “MSPs Can’t Avoid Managed Security”

  1. In the second to last paragraph it is stated, “…have a direct conversation with the client about who owns the risk.”

    We have a clause in our contract that says bottom line we are not responsible for network security, breaches, etc. even if security work is being done. Many people touch the network and make changes, cyber security threats are fluid, etc. We are not paid enough to be responsible for whatever happens to their company even if we are paid to do some or all the work. If the client wants to transfer risk to someone there are firms that specialize in doing so. They are called insurance companies. We can provide the IT/security services and for a fee an insurance company will take on the risk. If they client insists we take on the risk I get an insurance quote for cyber security and I add that on to the cost of our agreement. The clients always back off that demand at that point.

Leave a Reply

Your email address will not be published. Required fields are marked *