The world of managed services is advancing rapidly, but with new cybersecurity offerings comes increased legal risk. On a recent Cyber Call, experts broke down a real-world legal battle involving LandTech, an MSP sued by a client following a ransomware attack. The client—without cyber insurance—alleged LandTech failed to protect them, despite vague agreements and unclear expectations. The lesson? Clients often assume “the MSP is responsible,” and that assumption can turn into litigation.
Attorney Eric Tills emphasized that traditional Master Service Agreements (MSAs) and Statements of Work (SOWs) are no longer enough. Contracts need to be specific, comprehensive, and legally sound. Critical components include bold, conspicuous limitation of liability clauses, clearly defined service scopes, and detailed responsibilities—what’s included and what’s not. Contracts should also include favorable assignment terms, intellectual property ownership clauses, and, increasingly, client insurance requirements. Requiring clients to carry cyber liability insurance protects both sides and elevates the seriousness of the engagement.
Vague language in SOWs can leave MSPs exposed. Saying “we manage your backups” means little if it doesn’t explain off-site storage, RTOs, and frequency. Be detailed. Meanwhile, cyber insurance isn’t optional anymore—it’s a vital risk transfer tool. Reid Welock of Fifth Wall Solutions explained how the right policy can cover incident response, legal fees, and client support, while also pushing clients to improve their own cyber maturity.
Not every client is worth the risk. If a business refuses to take basic security measures or invest in insurance, you may need to walk away. You can’t carry their liability. If a crisis hits—like an FBI alert—you’ll want to notify the insurance carrier immediately, align with legal advisors, and document every action.
The key takeaways for MSPs are clear: keep contracts up to date and specific, encourage or require client cyber insurance, clearly define service responsibilities, and partner with legal and insurance experts. These steps can protect your MSP from unnecessary liability, improve client trust, and build a more resilient business foundation.
