All Posts

    Noam Morginstin Noam Morginstin
    Dec 19 6 min read

    How MSPs and MSSPs can reduce risk and liability for their clients


    For 83% of companies, a cyber incident is just a matter of time (IBM). And when it does happen, it will cost the organization millions, coming in at a global average of $4.35 million per breach. 

    Add to that stringent data protection laws and the growing frequency and reach of ransomware and other sophisticated attacks. The result is that companies all over the world are looking to bolster risk mitigation with the support of managed service providers (MSPs) or managed security services providers (MSSPs).

    In fact, the trend has gained considerable momentum in recent years, with the global market for security services expected to generate $49.6 billion by 2027.

    The benefits of bringing on an MSP’s/MSSP’s team of security experts are many, including:

    • Filling the talent gap
    • Continuous protection
    • Increased cyber resilience
    • Reduced security-related CapEx and OpEx

    But, ultimately, the MSP/MSSP imperative is to reduce risk and liability for their clients.

    And doing so is matter of enabling superlative incident response (IR) planning, effectively testing the IR plan with clients through hands-on tabletop exercises, and being able to accelerate incident handing when needed.


    IR planning

    When it comes to security, the focus for MSPs, MSSPs and their clients has traditionally been prevention. Too often the strategic importance of IR planning has been overlooked.

    Without expanding the scope of services and expertise to this critical task, it will be very difficult to mitigate risk and liability.

    For, when an incident hits, and it will, it is vital for the service provider and the organization to know that the incident team is taking the right actions to contain, resolve, and secure insurance coverage.

    This is what the incident response plan (IRP) is all about, providing a framework of guidance, governance, and actions that need to be taken during a suspected or confirmed cybersecurity incident.

    The IRP clarifies roles and responsibilities for all those involved and outlines the key people required for managing a crisis.

    A proper IRP enables teams to respond to an incident in a controlled and efficient manner, so they can avoid mistakes that can be especially costly when dealing with compliance and/or insurance.

    Without the right plan in hand, it is very difficult to do this, as this is the go-to document that outlines:

    • Everyone’s roles and responsibilities
    • The right investigative procedures
    • Which external stakeholders to contact, e.g., insurance carrier, breach attorney, and others
    • The data that needs to be collected
    • The reports that need to be compiled and who needs to get them
    • Legal protocols
    • Who should communicate what to whom
    • And more

    If this information isn’t within reach at all times, resolutions will be prolonged, insurance claims may be denied, legal or regulatory fines may be incurred, and clients will likely lose confidence in the team.


    Testing the IR plan with clients

    Once the plan is set, it’s no less important to make sure that the team doesn’t wait for a live incident to test its efficacy.

    This is what the tabletop is all about – a proactive, simulated, and interactive exercise that engages all relevant IR stakeholders on the MSP/MSSP and client teams.

    During the exercise, the team is encouraged to execute the response to a scenario as if it were real. When completed, the outcomes of the exercise are reviewed to understand what works, what doesn’t, and how response can be optimized.


    Virtual War Room


    Incident handling

    The MSP/MSSP-client relationship is finding itself expanding in recent years into the territory of incident response. Clients come to trust and rely on their service providers not only for monitoring, prevention, planning, and tabletops. More and more they expect the MSP/MSSP to take on the role of incident lead with skill and proficiency.


    The MSP/MSSP channlege

    Effective and expert IR planning, testing, and handling is the key to reducing risk and liability for clients. But it’s also neither simple nor easy.


    The planning challenge

    A Word document is typically what is used to create the IR plan. As such, it’s not a formal, structured tool. It can quickly become outdated and irrelevant. And it is also too often impossible to locate right at the moment of need.

    Even when it is located, digging through its 50 plus pages to find the actionable, play-by-play insights that are required is time consuming and prohibitive.


    The testing challenge

    Testing the plan has also traditionally meant manually setting up various scenarios for the tabletop exercise, which is likewise time intensive.

    And because documents are used there is little structure, making hands-on incident simulations difficult to organize, orchestrate, and leverage for lessons learned.


    The incident handling challenge

    Even with a great IR plan and a solid tabletop exercise under your belt, incident handling is a very demanding endeavor.

    Locating and onboarding the team can be very time consuming and accessing incident information in real time is nearly impossible.


    Overcoming the challenges

    The good news is that there is a set of key capabilities that can help MSPs and MSSPs to overcome these challenges.

    Pre-built tool-based incident response plans eliminate the need to prepare every plan from scratch. All the team needs to do is to fill in the client’s information, click on a few buttons, and they’ll be ready to go.

    With structured tabletop scenarios that are prepopulated with content, they can engage in hands-on incident simulations, effort-free.

    And they can accelerate resolutions by automating key steps such as onboarding the team, assigning roles, and consolidating incident processes, data, and tools

    This is what the Exigence platform is all about.


    How Exigence can help

    Exigence brings a SaaS-based automated incident response and planning platform that is specifically designed for the needs and objectives of MSPs and MSSPs.

    It serves as the one go-to during an incident storm, providing guidance to the team and clients, as well as to external legal, compliance, and insurance stakeholders.

    This enables all handlers to go through the response process, from trigger to lessons learned with calm, integrity, and without missing a beat.

    Exigence enables fast and easy tool-based IR planning, streamlined testing with structured tabletop scenarios, and process-driven incident response with dynamic incident overview forms, configurable incident data analytics, and more.

    With Exigence, MSPs and MSSPs can reduce risk and liability as well as improve support for breached clients. They can differentiate their service with an IRP offering that others can’t deliver. They can secure customer loyalty with an innovative solution to real-world IR problems, and grow the business by monetizing a value-driving service that generates recurring revenues.

    To learn more about how Exigence help you deliver more value to your clients, we invite you to book a demo by clicking here.


    New call-to-action

    Critical Incident Management CyberSecurity Incident Response Automating Critical Incident Management

    Critical Incident Management CyberSecurity Incident Response Automating Critical Incident Management