661 Innovative Cyber Insurance Solutions with SeedPod Cyber

[Uncle Marv]
Hello friends, Uncle Marv here with another episode of the IT Business Podcast. We are continuing our vendor profiles for the 2024 IT Nation Pitch It Accelerator Program and today I am going to be joined by SeedPod Cyber, an intelligent cyber insurance company that partners with managed service providers to offer cyber insurance to their clients and to themselves. And with me to talk about that, I have the founder and CEO, Doug Kreitzberg joining me here today.

Doug, how are you?

[Doug Kreitzberg]
I'm doing well, Marv. Thank you so much for having me.

[Uncle Marv]
All right. So of course, with that explanation, I've got to ask, this is truly an insurance program or is it some sort of insurance supplement?

[Doug Kreitzberg]
No, this is actually cyber insurance. So this protects clients against ransomware attacks, data breach, social engineering, kind of the financial costs of either they have to bear directly or that they may have to pay to the extent that they're sued by another party. And also we provide the tech E&O and cyber for the MSPs themselves to protect them similarly from both cyber as well as technology errors and omissions that may occur for them.

[Uncle Marv]
All right. So I know that a lot of us have to carry our own liability. We have our professional insurance.

I have cyber liability there. Would this replace what I have?

[Doug Kreitzberg]
If this were, yes, for your business, this would replace. And what we've been able to do, Marv, is because of our partnership with MSPs, we're getting a behind the firewall look at the environment. And because we're getting that behind the firewall look, we have a unique view into the risks that we're writing.

And as a result of that, we're able to substantially reduce the cost of the insurance because we know what you have in place from a security tech standpoint. The rest of the marketplace has to look at you through the lens of whatever you put on your application or whatever they've been able to pick up from external scanning. So they don't really get a true sense of what you have in place, and therefore they have to price up for that uncertainty.

We've been able to remove that uncertainty, provide more competitive pricing for an organization like yourself, as long as you're working with one of our approved MSPs.

[Uncle Marv]
All right. So, of course, the question I have to ask now is you say that you get a look behind the firewall. So does that mean that there is an appliance or an agent that has to be running in the network?

[Doug Kreitzberg]
No. What we do is we partner with MSPs and we underwrite their tech stack. We underwrite their deployment of those tech stack.

And when a client is interested in coverage, we ask the MSP if they're on that tech stack and if it's deployed according to the SOPs that we underwrote too. And to the extent that they are, that's the extent of the underwriting process. Now, we've just launched an integration with Connect Wise ASIO, so we can pull some information from there.

And we are looking at further integrations down the road to kind of streamline the process. That's basically how that works.

[Uncle Marv]
All right. So then, of course, the next question is there's got to be some list of approved stack items and unapproved stack items or unapproved yet?

[Doug Kreitzberg]
Yes. What we underwrite to are CIS standards. So we underwrite to certain controls.

We don't underwrite to specific products. So we're not locking an MSP to say you can only use Sentinel-1 or Sophos or whatever. The MSPs should have and does have with us the freedom to choose the tech stack.

But we are looking for is there an automated patch management process in place? Is there an EDR solution in place? Is there multi-factor authentication for remote access?

And how are we handling administrative access at the local level? Do we have a backup with one offsite and data recovery testing? Do we have at the SMB and the RDP ports locked down?

Those are the types of controls that we look for. And to the extent that the clients are on that controls, then that's where they benefit from the coverage savings. And the MSP benefits from being able to upsell the clients to get those to take advantage of the insurance savings as part of the process.

We had one example, a couple of examples. We rolled out a program for any business that's under $50 million in revenue through our MSP partners. They can get a million dollars of coverage for about $2,000.

And we had one $40 million engineering firm that would have had to pay $10,000 outside of the program because they were with one of our partners, they were able to get that coverage for $2,000. And they still had to do some things to get to be qualified for that. So the MSP gained from additional sales of services and products and the client gained from being able to get cyber insurance at a much lower cost than they would have otherwise been able to do.

[Uncle Marv]
Okay. Now you mentioned that this is something that MSPs can offer to clients. I understand that other products on the market have said, we cannot do that because in a sense that would be selling.

So how are we offering that to our clients as MSPs?

[Doug Kreitzberg]
That's a great question. Yes, from a regulatory standpoint, unless you're licensed, you're not able to sell insurance. And that's not what we're asking in this situation.

This is more of a partnership where you're presenting this to the clients as if they want to explore it, they're then put in touch directly with us and then we manage that process on a go forward basis. So this isn't something that the MSP has to get too far down the weeds on other than to say, hey, as an example, you've asked me to complete this application for cyber insurance. There's a partnership with CPOT Cyber.

They may provide you and that's already pre-underwritten what you have. They may be able to provide you a better deal when you want to talk to them.

[Uncle Marv]
Okay.

[Doug Kreitzberg]
And that's about it.

[Uncle Marv]
All right. Good. Saves me the selling headache to worry about.

Now, I understand that this is an embedded cyber insurance program. So what did, you may have explained it earlier, but let me just ask, what does embed actually mean?

[Doug Kreitzberg]
Yeah. What it means is that we've really taken, we looked at certainly what are the CIS controls that are required in order to reduce the risk, at least the minimal controls. And then we've looked at the typical tech stack that are being offered by MSPs and we've kind of aligned our criteria with those tech stacks.

So the MSP can say, as long as to a client, hey, this, you're pre-approved for coverage. That was one of the challenges that we heard from MSPs as we were beginning to develop this product is they didn't know what was approved. They didn't know what could be pass, insurance muster, because the insurance market was all over the place.

And one carrier had one set of guidelines versus another. Now they can confidently say, yes, this is at least through us, this is something that is approved. So that's, and some MSPs are beginning to incorporate that into their actual kind of packaging of their services as well.

And so that's what we mean as embedded.

[Uncle Marv]
All right. So we got a program here that partners with MSPs, utilizes the known cybersecurity benchmarks. Is there a sense of continuous monitoring?

If you're going through the tech stack, is this something that, you know, you have to check in with like once a year to validate or how does that process work?

[Doug Kreitzberg]
Currently, it's on a once a year basis, coincident with a renewal of your insurance. We ultimately want to get to more of a continuous monitoring, not to play gotcha with the clients or the MSPs if something changes but be able to actually be able to dynamically just price the risk or to let the MSP or clients know, hey, there's a new vulnerability or a zero day just came out. It could be within your environment, take a look at it.

And so I see down the road that, you know, monitoring on an ongoing basis can be helpful. We ultimately want this to be more just like utility, you know, you pay a utility bill. You're entering, you know, you have the lights on or air conditioning on, you know, running full time, you're going to pay a little bit more.

If your risk kind of goes up a little bit, you may pay a little bit more. When it goes down, you pay less and make it more of a streamlined function for both the clients as well as the MSP.

[Uncle Marv]
All right. So let's shift just a tad. And I want to ask you as the founder and CEO, what made you decide to do this?

[Doug Kreitzberg]
Great question. You know, for over 20 years, I ran insurance programs, I developed insurance programs and affinity or association programs for where we would create packages for particular markets or types of insurance like cyber insurance. And I got, you know, two things happened that led me to create SeedPod.

One is I got to be one of those CEOs who got the call from their CIO saying, Doug, there's been an incident. So I got to live, you know, daily meetings with forensics and lawyers and RIT trying to figure out what happened. How did it happen?

When did it happen? What states did they reside in, et cetera? And we were a billion dollar company.

So we had the resources to take care of it. We did OK. But at the same time, we were selling two small and medium sized businesses.

And I wondered how the heck they get through what we just went through. And at the same time, we were trying to sell cyber and nobody was buying it. And when I talked to the businesses, why there seemed to be two reasons.

One, they didn't understand cyber insurance, which in and of itself made sense. And number two, they really didn't know how to think about cyber risk. They had somebody managing IT.

They thought they were on top of it. And they also thought, hey, you know, I'm not Target or Home Depot. Nobody's going to care about me anyway.

So I really thought there was an opportunity to create a value stream, kind of integrate the insurance with the security solutions that were being offered to the small business segment, because they really needed to have kind of a holistic approach or solution presented to them for their cyber security needs. And as I looked at the market, I saw the important role that MSPs play with regards to the small and medium sized businesses as that last mile into the digital infrastructure of their organizations. And I figured that I really needed, if I was going to help, you know, really help address cyber risk for these businesses, I needed to figure out a way to partner with MSPs.

And that's, I took some chips off the table, started my own company, and that's where we are today.

[Uncle Marv]
Okay. I'm going to use an analogy. We didn't talk about this ahead of time, but I live in the state of Florida and we have to deal with a ton of insurance risks because of hurricanes and stuff and homeowners insurance goes up every year.

In fact, it's skyrocketed the last couple of years. We've had insurance companies leave the state because of that. Cyber insurance has kind of gone through a similar things where a lot of companies got in, you know, thinking it would be a money pot.

And then some of them are now retreating and others are just simply raising the rates of premiums because they mispriced it and stuff. So how much of a gap do you think still exists in this cyber insurance area?

[Doug Kreitzberg]
Well, there's two areas where the gap is. One is the uninsured. And I would say that gap, the uninsured risk that still exists out there is about 70% of the market.

In other words, 70% of businesses don't have cyber insurance. They may not have even heard about it. So that's the gap there.

I think the other gap is really the gap that insurance carers have towards their understanding of the risks they are writing. And that was the main reason, as you said, when, you know, they went in the market, they thought if somebody had a firewall, they could figure out how to price that risk. And obviously when ransomware came in, in particular, they were out of the ballpark.

And today the carriers still don't understand the risk. I would say there's still a huge gap for the carriers in understanding the risk. Our approach through the partnership with MSPs, you know, getting behind the firewall, as I mentioned, is really reducing that gap.

That's the area. We can't, you know, there's going to be, there are going to be cyber-attacks, there are going to be incidents, there are going to be claims. But the extent that we really understand what the security posture is, the better in a position we're going to be to price the risk competitively and be around in the long term for our clients and partners.

[Uncle Marv]
All right. Well, that was a very good answer. I'm glad you had that ready.

And just as the listeners understand, I don't prep a lot, but thank you very much for that. So let me now ask Doug, how, you know, has the Pitch It been going for you? This is your first time through, right?

[Doug Kreitzberg]
It is the first time through. And I have to say it's been informative. I really learned a lot from the various speakers and the presentations that we've had on a weekly basis.

Learned a lot through doing, you know, the podcast, certainly. And then had a lot of fun. We went to IT Nation Secure, we had to do kind of a Pitch It spiel there.

And, you know, it allowed us to have fun, kind of stretch the borders of how we wanted to present ourselves in order to get ourselves known. And that's been very helpful as well. And I think most importantly, it's a great way to get introduced to the MSP community overall and how to really act and play a role that really is designed to help the MSPs and make sure that what we offer is always through that lens of that channel.

[Uncle Marv]
All right. And do you have plans that differ based on whether or not you win first prize or not?

[Doug Kreitzberg]
Well, other than, you know, some type of, you know, big celebration, which I'll have to figure out if we do win, I think we definitely want to, from the, you know, whatever dollars that we receive from it, we certainly want to put it into the marketing and, you know, getting out there with our clients. And I'm hoping, you know, if we don't win, you know, we'll still be able to lever, I think, you know, the networks that we've been able to build over this time, I think that will help our business regardless.

[Uncle Marv]
Wow. I know from past experience, pretty much all of the vendors experience growth. They get a lot of interest because of this.

Not just at the IT Nation events, but throughout the industry, all of us as podcasters, we promote you and applaud what you guys are doing. I wish you luck and I will see you in November at IT Nation Connect and maybe get to see you guys present as one of the finalists.

[Doug Kreitzberg]
All right. Well, thank you so much, Marv. This has been fantastic.

Really appreciate the time.

[Uncle Marv]
All right. Thank you. And there you have it, folks.

Doug Kreitzberg with SeedPod Cyber. We'll have the links in the show notes. Be following them.

Check them out and wish them the best on the road to Orlando in this year's 2024 Pitch It Accelerator program. And we'll be back with more vendor profiles later. Check out everything and over at itbusinesspodcast.com.

And we'll see you soon. And until next time, holla!