Written by: Charles Weaver, CEO of MSPAlliance
As the entire world debates the issues around regulation of managed service providers (MSP), relatively few address the issue of insurance and certification as a proxy for MSP regulation. The topic of MSP regulation is timely, and all MSPs seemed to be concerned with it at the moment. Simultaneously, MSPs are experiencing significant increases in demand for their services.
The MSP regulation issue is not unique, having been discussed for many years within the MSPAlliance community. But, instead of talking about what type of regulation we will accept, we need to explore whether there is a replacement for MSP regulation to satisfy both regulators, legislators, and clients alike. Let's examine it more closely.
Private Market Regulation Through Certification & Insurance
There are two general areas of assurance surrounding MSPs. First, is certification, audit, licensure. I use these interchangeably as they all attempt to solve the same issue of communicating the provider's credibility to clients. The second area involves insurance as a risk transference vehicle. Insurance and certification are crucial parts of any profession. Each plays a role in helping professionals communicate and demonstrate assurance to the broader public. The same holds for the managed services profession.
MSP Insurance
Insurance is about risk transference. If you insure your car and it gets in an accident, the insurance will pick up the risk and pay for the repairs. Similarly, if your MSP has insurance and your organization suffers a data incident (there are many different kinds of data incidents, not all of them involve MSP wrongdoing), it should provide some measure of risk transference.
Cybersecurity insurance products are beginning to grow in number and accessibility due to increased attacks and threats against MSPs and customers. While there is still a long way to go in the area of MSP and cybersecurity insurance, it has come a long way over the last decade.

