Skip to main content
Right of Boom
January 30, 2025

What exposure does your MSP have when filling out cyber insurance questionnaires for their clients?

In this video, industry experts discuss the evolving landscape of cyber insurance and its impact on Managed Service Providers (MSPs). They delve into the intricacies of insurance applications, potential liabilities, and the necessity of having robust MSAs. The conversation emphasizes the need for MSPs to accurately assess and address their clients' cybersecurity needs while also protecting their own business interests.<ul><li>Cyber insurance is becoming increasingly complex, with detailed applications requiring specific security controls, making it crucial for MSPs to understand their role and responsibilities in aiding their clients.</li><li>The relationship between MSPs and their clients is evolving, as MSPs are often expected to assist with cyber insurance forms, which can have legal implications if not handled properly.</li><li>MSPs must ensure that their Master Service Agreements (MSAs) are updated and comprehensive to limit liability, especially as they relate to cyber insurance and security services.</li></ul>

Guests

Andrew Morgan

Video Transcript

Welcome Everybody. Episode 1 0 2 here on the cyber call. We've got a packed house. All windows are filled, although there is a beta 2.0 or something of Crowdcast, so maybe there'll be more windows, but we do have a full, and so we can do the full Brady Bunch kind of a thing. Um, get ready, getting right on into things. Um, just real quick, I put a few announcements up in chat, everything from John Strand soc core skills, um, pay what you can starts today.

We, uh, it's estimated like a few thousand MSPs have now been through that. Um, and I also put in that Sunil, you, uh, Wednesday at 1:00 PM If you've never heard Sunil, um, I just can't stress enough to attend that session. Um, you'll see it up there four minutes ago.

And last but not least, um, I just wanted to do this for John Barrows, 'cause I kind of messed up last week if you were on the cyber call and wanted to be part of his, uh, sales coaching program, I put in the URL, um, and the, uh, offer that he gave everybody. Okay, so it's Nicoles Andrew. Oh, thank, why don't you do that, Garrison? Thank you. Yeah. So we have two polls up there. Um, if everybody could answer those, they're, it's interesting how those two questions tie together. It's so funny.

I don't know what it is about polls. Gareth, we've got hundreds on and then 10 people answer. Yeah. Um, but that's okay. Um, all right, so let me set the stage. Um, do some interruptions, hand it over. Uh, first off, setting the stage, um, as we know, and again, the rumor mill all started last week. Ryan is not N-T-N-O-T leaving shadow prior to any announcement or anything. He had some time that he would put in for his family. He's not gone.

And like he said, if anybody needs anything, he's accessible In that absence, we have the awesome Phyllis Lee, senior director of controls from CIS, uh, joining us. Um, I've heard enough that all we have is mails on the cyber call, so it is very awesome to have you joining us, Phyllis. Thank you, um, so much for, for, you know, being a cohost with us. And if I may say we could not have a better person join us. Phyllis, I'm so glad you're with us. Thank you so much.

Uh, it's an honor being here, so I'm, I'm very excited to be a part of this, Phyllis. Um, just maybe a 36, 30 seconds. Just quick for those that don't know you, could you just give a little background and then I'll intro to guests and hand it back to you? Yeah, sure. Um, my name is Phyllis Lee. I am the Senior Director of the Critical Security Controls here at Center for Internet Security. I've been here around four years.

Um, and prior to that, I spent around 25 years at the National Security Agency. The bulk of my time there, um, on, um, the defensive side doing pen testing and security evaluations and such. Yeah, and Gary was a peer of yours, I know, over in the NSA on keyboard, so very technical Know. All right, so let me set the stage and then we'll do some intros.

So, um, it's not probably a shock to anybody that's an MSP on this call that you're getting asked more and more about cyber insurance questionnaires and renewals.

And so in having conversations with Eric, with other MSPs and then seeing last week, the article on Travelers, and I will post it momentarily, um, it basically Travelers is appealing to a district court saying, we're not gonna pay this claim because the, and customer said MFA was functionally properly, we are doing all this, you know, putting in the controls properly, hence they warrant and we're, um, compromised. Therefore, travelers is saying, whoa, we're not gonna pay.

Almost like you have a trampoline in your backyard, but in the insurance application you said you didn't. Um, so with that, setting the stage, we have two very awesome, uh, folks joining us. Uh, first, both longtime friends, Dave Bennett, one of the early folks in this industry, I think over 40 years now as an, uh, you know, first var system integrator, MSP. So I've been on the whole journey. Um, and Eric Tills, um, who, uh, was the Chief legal Officer for Logic House.

But Dave, let me let you start with you. We'll go to Eric and then to Phyllis. Sure. Good to see y'all. I could do Dave's intro if you want it. I mean, that'd probably better than Dave, but I'll let him do it. So, a a a quick, uh, a quick little spiel. Um, born and raised, grew up South Florida. Have an MSP down here. Um, my dad actually started the company back in 1977. I've been here since 1980. Started when I was 12 in this business.

Uh, first client when I was 15, got driven there 'cause I was too young to drive myself and just love what I do. Um, you know, it started on the technical side, shifted over to, um, the, the sales and business development. And today I run the place. Yeah, Dave, you know, I have to say, man, you know, in almost 20 years of knowing you, you always just have such a great outlook. Forget MSP, you're just always optimistic. It's always great to see you.

Um, it was wonderful seeing you, uh, at writeup boom as well, so thank you. Can I tell a quick Dave Story? Sure, go. Yeah. So I, Dave and I go back a long way. Um, he's currently works with true methods in our peer groups, but when I had my first MSP, we were in the same peer group. So we got to spend, you know, three or so days together three times a year for a bunch of years. And Dave's one of the nicest people, uh, that I know. But one thing he did for me was he's a big cigar smoker.

And I said, you know, I would like to be able when I'm with people to enjoy a cigar. And so he, uh, after the meeting, a box shows up at my house and it's a humidor that he had seasoned with a bunch of cigars and notes about those cigars and like, you know, got me started on my cigar, you know, kind of journey. Now I have a couple humidors and, uh, but that's the kind of, that's the kind of thoughtful person that, that Dave is. Yeah, absolutely.

Gary, let's not talk about my incident with cigars in Philadelphia. Okay. No, that sounds like a story I need to hear sometime. It's, you can only tell it After a few drinks. All right. And another almost 20 year friend, an awesome, uh, person, Eric TIL's joining us again, uh, on the cyber call. Eric, share a little about yourself, your background, uh, you're no stranger to the MSP game. Absolutely. Thanks Andrew. And, uh, and thanks for having me back again. Um, so I am a recovering MSP owner.

Um, I, uh, I started an MSP with the time I was a systems integrator, became an MSP, um, when I was about a year outta law school. And, uh, we ended up growing that company, uh, sold it about 10 years ago, uh, once we had reached about 250 people, um, to a company called Logic Callus, um, which was a really, really large, um, IT service provider. So I have experience with really, really small, um, MSPs, systems integrators, you name it on the IT side, midsize and very large global ones as well.

Um, spent eight and a half years as the, uh, the general counsel for Logis leading their legal department, their risk department, and their information security group as well. Um, and now today for the past, uh, year and a half or so, um, I hung out a shingle on my own.

And I almost exclusively represent tech companies, whether they are MSPs, which account for about 70% of my business, um, or the, the, the organizations that, that provide services to MSPs, software companies, SaaS companies, et cetera. Um, they, uh, they complete my, uh, my, my client list, but, but it's all I do, right? It's, um, it's, it's all I've ever done. It's, uh, it's what I know. Well, Eric, so thanks for joining us.

Um, one of the conversations that also inspired today, can you just maybe give a quick vignette of something that you're dealing with right now? Yeah. So as I was sharing with, uh, with the co-host a few minutes ago, one of my clients, um, it's actually a, uh, a, a SaaS company, a very large private equity owned. Um, they are going through a, a breach situation right now. Um, they had a, a very, very significant, uh, loss of data, um, almost 700,000 records.

Um, and this came up about a week ago. Um, and, uh, so it's been, uh, it's been very, very eye-opening, um, to be sure. And then within about 15 minutes after getting off that initial call, um, Dave reached out to me and, uh, and we had a good conversation about, uh, about cyber insurance and, uh, and, and what his clients are looking for from him. Um, and could I help him, uh, him mitigate that risk? Very good. Very good. Gary.

I, I, I'm gonna lead off with Phyllis, but man, I'm, I, I know your, yours are gonna be burning and I, I just really hope you bring on the whole role responsibility. Like this is a whole again, I mean, it's just our worlds are expanding and the services that are being expected today are just, you know, no, we've never seen it before, Phyllis, yeah. Lead us off if you would. Yeah, sure. So again, thank you Eric and Dave for being here.

Um, you know, I believe that cyber insurance is really going to drive change for everybody, um, including, um, MSPs. And so from your legal perspective, um, what do you see, you know, um, in the cyber insurance landscape and given, you know, what Andrew had talked about earlier about travelers? Yeah. And you just mentioned one of your clients, um, having, um, a breach. Can you enlighten us a little bit about what you're seeing with your clients and in particular with respect to cyber insurance?

Yeah, and, and Phyllis, that's a great question, right? Because I've been doing this a really, really long time, about 25 years. Um, and you know, back when cyber insurance became a thing, um, you needed pretty much a name and an address and maybe a phone number on your application, and they'd write you a policy for cyber insurance. Mm-Hmm. Uh, and, and even you go back three or four years, it was maybe one or two or three or five questions.

Um, today it's pages and pages and pages and pages, right? So they went from writing policies for everyone to making it pretty difficult to get a policy. Um, and not difficult, but, but onerous, right? Um, and now once they write the policy, as we see from the, the Travelers article, now they're saying, well, wait, wait a minute. I know you had a claim. I know it would otherwise be covered, but let me tell you all the reasons why I'm not going to cover this claim.

Um, and I think we're gonna start to see that a lot more. Um, I've, is that Negative? Someone here said, you know, the, uh, love the negative shout out to Travelers. I don't know that it's a negative shout out. No, not not, not Travelers at all. You're an insurance company. It's like if you insured a car and they asked you do you use it for Uber and you didn't, and you got into an accident and you were Ubering, they would fight that claim, right? That's right.

You mis misrepresented That's That. That's right. But, but yeah, you're absolutely right, Gary. And, and, and the thing though that, that most MSPs and, and most of their customers don't think about is, okay, I have cyber insurance. They approve me for a policy, therefore they will cover it. Right? And, and that's the mentality. It doesn't, I I don't, I don't wanna bad mouth travelers or any other insurer at all, right? It's not their fault.

But what it does is put the spotlight on, on one thing, and that's the application, right? And, you know, looking at, at the poll, I, I don't see very many people, um, who have said their customers are not asking them for help on the applications, right? And so, so now we have the spotlight on something that is in litigation right now, and it's only going to get worse. I, I think you're going to, and, and, and, and why is that? Right?

It's, it's because the insurers have had massive claims, right? That's right. And, and they might not be so willing to, to write the check so easily anymore. So someone asked in the, um, channel, when did cyber insurance become a thing? Um, and I have talked with some cyber insurers, but I'd love to hear your perspective. I think a lot of it is just exactly what you said, Eric, these payouts due to ransomware. Um, and so now they're, they're requiring, you know, more questions.

The underwriters are looking at what's going on, why did that breach occur? What are your thoughts? Yeah, same. Right? It's, um, they're, they're definitely digging deeper. Um, and, and, and it's not that they're making it any more difficult, right? They're asking questions that are, that are based on history, right? Same way when we're writing, you know, legal contracts for, for, for MSPs, there's a lot of clauses that show up in those simply because there are previous histories, right?

So, so, so we, we see that, um, we see it a lot and, and, and it's only going to, it's gonna get worse. It's not worse. It's only gonna get more onerous to, uh, to, to complete those policies both on behalf of the MSPs and their customers. Phy can I, can I just mention something and ask Eric a question? Sure. So Eric, you know, probably a year ago we had Lockton on, um, who Ryan works with, you know, I think the largest global broker. Don't hold me. I always get MGA broker mixed up, so please.

Um, but one of the largest global insurers, and, you know, their CISO came on and was saying, you know, and it's, no, it's not an earth shattering it's loss ratio, right? Yeah. They, they swung from one side to the other side. So now they're, you know, being very, um, you know, harsh in terms of what they will won't write, how much premium. But I do have a question for you, Eric.

'cause Wait, Andrew, so real quick, have you ever been to the headquarters or a regional office of any insurance company? Yeah, they're really dumpy, aren't they, Eric? Uh, Yeah, they are the mo it's the NI in, in Philadelphia. We had one customer that was insurance. Um, it was the nicest office I've ever been to. I thought I was inside like a castle. Yeah. And, um, you, you don't get there when you're, when you're in cement.

I like to say, uh, with, with your actuary tables, and I think with cyber, a lot of 'em are in cement. I was just in Vegas, Gary, there was a lot of people in cement there. But that's a whole nother story now that the, the, you know, ponds are drying out. But my question to Eric, Eric is for, you know, for precedent in law, yeah. Again, I know this is a speculative question, but if travelers wins a case like this mm-Hmm. What do insurers do with that case law, that history precedent?

What happens and what could happen? Well, well, it becomes precedent, right? And, and, you know, to, to Gary's earlier points, you know, it doesn't matter that this is cyber or auto or life insurance or whatever kind of insurance it is, right? They're gonna take their precedent and they're gonna apply it across the board, right? They're gonna, they're going to apply it to everybody. And, you know, you mentioned loss ratios and, and why are we seeing this? Right?

If you take a, a big enough population of people, right, they can, the actuaries can tell you how many of those people are gonna die in, in a year, how many are gonna get sick, how many are gonna be disabled, who's gonna get in a car accident, et cetera, et cetera. Cyber's not that predictable, right? Attacks are not that predictable. So it's really, really tough. And, and frankly, they've, they've done a not so good job to Gary's point of, of covering those losses, right?

They want their, their loss ratios to be relatively low. Um, and, and right now they're over a hundred percent. So, so what do they do? They get a little bit pickier about who they insure, and they get a little bit pickier about how they pay. Yeah. Very cool. So Dave, as an MSP, um, how are you, how are you kind of navigating cyber insurance and, um, as you try to apply or have applied, what are you finding with the questionnaires? For myself, for clients? Both. Both. Sorry. For both. Yeah.

Oh, so, um, well, for us, I think everyone on the call is probably, if they're, if they're buying cyber insurance is dealing with the same thing, right? It's, it's, it's 50% to double each year. It's, it's massively increasing for us in our industry. The insurers have recognized, um, they have a problem on their hands, and that we are a massive threat in their landscape. Because if I'm supporting 50 clients, I'm gonna attack vector to penetrate 50 people. That's a massive risk.

So our costs are gonna be high. Um, there's that aspect, um, for our clients. Um, they are all stumped. They don't know what to do. They're being told they need to have this. Many of them haven't had it. They're being told they need to have it. That's number one. So there's a, uh, I call it a marketplace compliance that occurs. I think Fred Valo, when I was talking to him last month, he said, oh, he calls it commercial compliance. Same concept.

It's if I wanna do business with Wes' company, Wes is gonna require me to have some controls in place or some insurance in place. No different than if I hire, uh, Eric to be a contractor at my house. I'm gonna say, you need to have, uh, liability insurance and workers' comp and that kind of stuff for your workers. No, it's no different than that. It's just, well, we haven't heard of this before. We heard about workers' comp, but we haven't heard about these other requirements.

There's gonna be compliance requirements. And those requirements could be something as simple as you have to have liability insurance or cyber liability insurance. I think it's gonna go to the point where you have to have certain controls against a framework. I think that's gonna be coming up very, very soon. I'm already seeing it in some cases. Now, where does all that fit in? Right now?

We're, what we're seeing at the tip of the spear of it, of this is the insurance folks, and they're, most of them, it's a six to eight page, uh, uh, form. And you know, I'm saying the comments here, and, and I, I have to agree. The, the insurance people, one insurance person said it to me this way, insurance people are stupid. Now, she didn't mean that. What she meant was they're ignorant, and they are, they're ignorant about our space. They don't know what they should be asking.

So when they find, oh, you should have an EDR, oh, there's a list of them. Well, why don't we list those things out? And then you can tell me, do you have Sentinel one? Or do you have this, or do you have this? Or do you have this? And they ask questions like that when that's really not the best way to ask the que, but they don't know what else to ask. So in, in, in, because they don't know they're reacting. And it's mostly point solutions.

Do you have these things, whether they make a difference or not. And that's what we're dealing with right now. So that creates confusion, which is fantastic for us, because when you have confusion, somebody's looking to help some, some, somebody should be able to help with the answer. And we should be there to be that answer, which means, this is a consultative opportunity. This is a customer's coming to us. We're not, we're not going to sell them something.

They're coming to us saying, I need this. Help me. We have an opportunity right? Then to be able to engage, explain, educate, and provide them solutions. So, so Dave, just to follow up on, on one point that you raised there about, you know, the necessity you think in the future of, of controls being mandatory in order to, to write coverage. That's the kind of thing I'm dealing with right now with, with my client who, um, who had the breach where, but they had controls in place, right?

They had all the controls in place in the, the world, but they didn't get followed, right? And because they didn't get followed, there was a breach. So, so then you have to dig into, okay, why didn't they get followed? Did they, did they not get followed because someone was supposed to train these employees and didn't, right?

Did they not get followed because maybe it was a new employee who hadn't gone to training yet, and maybe, maybe was, was an MSP responsible for providing security awareness training, and they didn't provide that, that training. So, so that's frankly what scares me a little bit is, all right, fine, yes, the controls are there and we tell the insurer the controls are there, but if they don't get followed, whose fault is that? And is it anyone's fault?

So that's, That's a, I would argue that if the controls were there, but no one followed them, and then maybe they weren't there, right? So the intent of the control is not to just write it down on paper, is to actually implement it. Understood. Yeah. You can take, But how, how many, how many companies? You Can't, Gary, it's the Seinfeld episode. You can take the reservation, you just can't keep the reservation. So anyway, go ahead.

But listen though, in real, realistically, how many MSPs, how many small, medium sized businesses really can do it? I mean, they're in a competitive environment, this is really expensive, and they're trying to compete against other people. Like it's really hard to do. You, you're running whatever business you're in, then you almost have to run a completely separate business, uh, to be able to do this.

That is not like any of your other line of, even as IT providers, it's not really our line of business. This is something new that we have to do. You sell widgets, you know, you're an accounting company, and all of a sudden you or someone has to be, have this discipline to permeates everything you do. It's sounds impossible, Gary. So, so let me ask you a question. And we had Cyber 74 on AKA, Scott Putnam, Tim Weber, uh, which is, you know, a spin out if you will.

Hey, Robert, awesome to see you. Which is spin out in essence of, you know, an big MSP, right? They're MSSP. Is that what you're a suggesting? Or do those kinds of companies have an advantage? What are you thinking here on that? I, I'm not suggesting, I'm not really saying the solution. I'm trying to make sure we're all seeing what the problem is, you know, in, in the same way, Wes, you have so much experience, right? With this, um, are you, maybe you could jump in on it, on on what part, Gary?

Yeah. Just what, how hard this is for companies. I mean, listen, you work for, you know, before you know, you, you work for a bank who really has probably had some regulations for, for the longest, and it was still hard, right? Absolutely. Right. And it's not gonna get, it's not gonna get easier. And MSPs are the Great jugglers because they're dealing with all of these inherited regulations and compliance standards from all their clients. And so it's really difficult, right?

And, and I was even thinking about this, Dave, from some of the comments you made about MSPs must be pulled into insurance conversations. I mean, I'm looking at a Beasley application right now, and look, look, look what it says. This is what a client has to fill out. Beasley actually asks questions like, do you configure service accounts using the principle of lease privilege? Yep. You tell me what small client has any answer to that. When they have an M MSSP involved, we'll ask you.

They Don't know Pam, right? They'll ask you, do you have a pam? Do you have a sassy? Oftentimes they'll ask you those in acronyms and you'll have to go look above. But Sassy, what is that? What is a Pam, a privileged account manager? They don't, you know, a a lot of folks don't know, and they're asking this question that way. Yeah. So yeah, these, the, the, the, the clients do not know Dave.

Another way of looking at it is like, you've been pulled into the middle of this as an MSP, and if you don't know it, you're gonna get yourself in trouble quickly. That's Which is going to Gary's point, which is exact, I think exactly going to Gary's point if we don't understand, and I think where this is all going back to with Eric, which is the conversation he and I had a few weeks ago.

If we don't also then put the boundaries around our area of responsibility, we're opening up a liability that is gonna whack us upside the head really, really bad. And we don't wanna do that. Yeah, that's, I Just came up way next. Go ahead. Go ahead, Phyllis. Oh, no, I was just gonna follow up with Eric, like, what is, so, you know, now you have MSPs, like Wes says, is being pulled into the middle Mm-Hmm.

Um, of all this, and maybe some people, as an end organization, I would be like, well, you're, you're providing my it, of course, you have to help me fill out this questionnaire, and in fact, I would like you to just take this over. So, you know, as an end organization, I would want that. But as an MSP, I could see how that's cautious. So what, what is the liability? What should an end organization be able to say? Well, that's all my, that's all my MSP, that's what I count on them for.

And what is it that an SP really is responsible for? So, so, so, so this answer is, uh, is, is subtitled, the road to hell is paved with good intentions, right? Mm-Hmm. So, so you have, um, every MSP on this call wants to help their customer. They just do. I would, I would imagine that the vast majority of them, though, do not include this particular service as part of a service offering, right? It's just something that they do.

Their customer, their, their customer calls them up and says, Hey, I need help with an application. Right? Um, you know, I know that, that, that, that Dave's, you know, MSA and his statements of work, they don't say, we're gonna help you fill out your, your cyber liability insurance applications. So, so what do you do? And where does the liability lie?

Well, if your documents are silent on it, it means that when you do that work for a customer, you are not protected by your MSA, because most MSAs will say, look, here's all the services we're gonna provide to you. They're gonna be in a statement of work.

Now, if you're doing work outside of a statement of work, well, then you're doing work outside of your MSA and therefore all of your indemnification provisions and your warranty provisions and your limitation of liability provisions, they don't apply, right? So, so what does that mean? That means that you're doing a good thing for the customer, right?

You're helping them fill out their cyber liability insurance application, but you're betting the company, you're betting your MSP, that number one, you're gonna do it properly. Number two, you're gonna do it thoroughly. And number three, during the term of the policy, if it's actually written, if it's actually bound, that your customer isn't gonna change anything without your knowledge to make your answer obsolete or wrong. So, Eric, it sounds to me like it's not really a bet.

'cause a bet would would mean that I could stand to, to win or lose. That just sounds like a, it's, it's a, it's a, it's a guaranteed loss. It does. I I can't win that case. I mean, correct. A winning would be, I didn't get sued. I mean, Not a very good prize at the end. No. Right. Awesome. Phyllis, any others from you? No, I, I think, um, you know, I'm done.

I just, uh, I'm very fascinated by this whole entire topic, because as you all know, if you're familiar with me, we support a lot of end organizations. And so I often hear from them, um, where they just think the MSP is going to solve everything for them, right? And we often say, as security practitioners, or as people who come to us, well, company or small government or whatever school system, go to an MSP because they know more than you. So, right.

So it's oftentimes we are recommending MSPs, they can support you. The expectation is, you know, that, that MSP is gonna provide that security for you. They're gonna be able to do everything that you need. I mean, I'm educated now that I've been working with you all. But, um, you know, that often is a misunderstanding. Um, certainly you know more about it than, um, you know, any local government or, or small, you know, district.

But it is that cybersecurity, um, part that, you know, um, I think there's confusion around. Very good. Thanks Phyllis. Ready to kick us off too? You're awesome, Gary. Over to you, my friend. So, I, I just have to say next week is our peer meetings, and, you know, for over a decade, I've been trying to get MSPs to understand their cost and charge the right amount, which is always more than they're charging.

And they worked so hard and made so much progress, and now I have to deliver the bad news. Whatever price we were working towards, it's further off than it ever was. We are living in a $300 per seat minimum right now range. If you wanna support a customer and you want to, and you wanna be able to do, and actually s you know, have the controls in place, uh, for, for what we're talking about, that's just how the math works out right? Now, they, that's a big problem, right? It sure is.

And, and you know what? I I, I tell you, I haven't gotten my hands around it yet, but I agree with you. I, I don't know exactly what that number is, but I mean, heck, in the last year, our, our, our own seat cost has, has gone up 70, 80 bucks and, and I'm, I'm looking at it going, it's only, it only got us up to some basic tools. It, it hasn't, it hasn't gone into the people and the process side that we need to actually be on point where I believe we need to be.

I, I, I think you're right at 300 bucks a seat. I mean, if I had another a hundred bucks a seat, I've got, I can pay for the, for the people that I'm gonna need to be able to do that. I mean, that's the bottom line. That's how you have to look at it. It's not, it's not tools anymore, it's, it's people. Great. And that's, You've already had all your tool costs go up and you're trying to pass that on. Now you have to do the real work of security, right?

Gary, just real quick, I mean, to your point, you know, people are like crazy. You know, this, this price, that price. But you know, when you take, when you bridge back and you look at, you know, the really successful MSP supporting hedge funds for years, they've been in the three 50 to 500 range. Four, 500. Yep. And the, the, so you ask yourself why? Well, here it is, all the things that they've had to do around security, compliance, risk, it, you know, here it is right in front of us.

There's Only two reasons. One is they've had more regulation longer, but two, they understand the risk. They value what would happen for an incident. And most MSPs aren't good at getting their customers to really accept that risk. Because if they valued that risk, they wouldn't care if you were 200 or 300 to three 50. Like, they wouldn't care 5,000 a month, 7,000. I mean, it would be literally for most of their businesses, it, it's not even a 0.001% of their costs, right?

So, so let's take a look at this then real quick, because I, I can just, I, I can kind of feel it from all the people on the call. They're going, what? Our clients would never pay that. And you know what might Absolutely, except you and me, both, both C deals come over. They're that, that, that, that, that our friends are getting, are getting that now. So, so this thing, And so at what point do you say it's us?

So, so, uh, so it begs the question, well, an uneducated consumer may not pay for that, and I get that. So how are they gonna become educated? How are they gonna understand what they need? Well, I, I, I don't have all the answers. I will tell you this. Every single time a customer gives me a call to say, Hey, can you fill out the cyber liability insurance policy? I'm just gonna tell you, they just handed you an opportunity for you to start that conversation with them.

And folks, this is really simple. This is, this is the low hanging fruit of what we're talking about. I mean, I, I, I got on the phone with Eric two, three, four weeks ago. I forgot Eric when it was, and said, you know what? I think we're going about all this. Oh, this all wrong, right? 'cause we're filling this stuff out for our clients, but we don't have any, any, any liability exposure limitation, right?

And so Eric helped us draft a, a, a a, an alternative terms on our sal, but actually modify what's in our MSA. So, you know, your SAL is under your MSA. First thing we did is say, we're not taking any liability for this. Let's have a conversation. So what my so now says is, is this, Hey, Garrett, I'm happy to fill this out for you. In fact, I'm gonna do it at a cost. Uh, just pick a number.

I'm gonna, I'm gonna charge you 250 bucks for my hour of doing this, but Garrett, I'm gonna give it back to you for free. So it's not gonna cost you anything. So you're not gonna b***h in the moan saying, but you should do this, Dave. And I'm gonna have some terms for the style that says it's all up, up to my MSA, except I'm not taking this liability and I'm not doing this. And if you want some more help on that, talk to Eric.

But basically, I've got a, I, oh, and by the way, for me to deliver this to you, we're gonna have to have a meeting, Kara, where I'm gonna go through this with you and talk to you about it. Now, all of that, this is different. Dave's asking, Dave's saying he's not taking liability on something, and I'm gonna have a meeting with Dave. And when we have that meeting, what are we gonna talk about?

Well, all these different things that the insurance company's talking about, let's talk about what they're talking about and what that, how that impacts you and why they would be asking those kinds of questions. Because it's an opportunity for me to go ahead and get Gary a bit educated. This could be the start of his security journey. He's never had it before. Because to Phillips's point before, up until now, Gary's whole response has been, Hey, my IT guy does that. And you know what?

He's been right. 'cause my IT guy does my backup, my IT guy does my av, my it, my IT guy does that stuff. Well, now it's not, He does your IT guy doesn't do IG one. There's, there's a full stop here, right? The full stop is no g I'm not doing this. In fact, you, the statement of work I handed you says, I'm not doing this. I'm not liable for this. Whoa, Dave, I thought you did everything. No, I don't. Let's have a conversation now.

We're having a, now we've started a conversation and I can explain to Gary that security is a journey that you're gonna be on. I think we've all heard the talk here more than enough. Time security's a journey, and then find out where did they want to be on that journey. And this is an opportunity to keep talking to 'em. Every year you're gonna have an opportunity at least at one place to talk to 'em.

But you've got your QPRs and whatever other, whether, whatever touches you've got, folks, this should be, this should be into a constant theme of conversation. And you will have some folks who will just, I just want you to handle it. You can't. The first step is you can't handle it. I don't think, I don't think, I don't think any of us, maybe a few of us, most of us are not capable of just handling it right now. B, the liability and the risk, unless we're charging enough.

You can't to, to, to the point before, which might mean the customer has to take ownership of this, and the customer's gonna be like, but I don't know how. It's another opportunity for you to consult with them. Yeah. So it's not real bad. Yeah. So Eric, and that's awesome, Dave. So Eric, you deal with a lot of different people in Dave's spot. You've seen people that are struggling and some that are making and, and catching on.

Like Dave is, for someone who's listening today, they might be a little overwhelmed. Can you tell me, Mm-Hmm. Like, what are some of the common things to get moving and where should you start to start if you're somewhere where you need to change your relationship with your Customers? Yeah. So, so as it relates to, to these cyber liability applications, start with making it a service, right? Whether you charge your customer for it or not, right?

And, and, and a lot, I'm seeing about 50 50 with, with MSPs who charge their customers for it or not, but make it a service. Don't just do it. Because when you just do it, you lose all your protections. As soon as you make it a service, it's now covered by your MSA, right? And hopefully your MSA is a good one. That, that, that, that protects you from the appropriate liability and make your customer be responsible. This is not your application, it's their application.

You're helping them to fill it out, but you're not filling it out for them, if that makes sense, right? You can provide draft answers to them, but at the end of the day, they're signing the application. You aren't signing the application. Now the liability would flow from, from your, your customer back to you. Um, but at the end of the day, this is their responsibility.

And once you make sure, like Dave said, once you sit down with them and go through all the answers together, and once they understand it, then the next step is making sure that once insurance is bound, they agree in writing with the signature to comply with the application throughout the term of the policy. Because if they're not gonna do that, then well, yes, they're gonna be on the hook, but at the end of the day, so are you.

And so, so making sure that that, that this is not just something you do as a courtesy to your customer. Make sure it's something that you do as part of your managed service to your customer. And for those customers that aren't managed services customers, today's point, it's a great time to make a managed services customers if they're asking you to do this. 'cause if they're asking you to do this, it's for a reason.

It's not because they woke up one day and decided they wanted cyber liability insurance. This is a well thought out process and they need help. Some of them don't even know that they should have it. And we know from our polls here that not enough MSPs are even having those conversations. So some of these people, you gotta explain why they have to have it, then why you can't do it for 'em. Right, Exactly. And make them contractually bound to have it. Yeah.

Listen, when I see people here, like, what do you charge and 250 bucks? No, you don't charge 250 bucks. You do it for every customer and it probably since two years ago, it means you're charging 'em 50 to $80 more per seat. Yeah. Like that's what it costs to do the things. So you can answer that. Yeah. And make sure that the answers are still true in a quarter and two quarters and three quarters. Andrew almost fired up today. Yeah. Which raises the whole point.

Again, we, we talked about this of will we see control validation, and I think we will too. Not to go off on a tangent, but you just literally said it. Are they still in place? Yeah, we will see continuous, we will see control validation, we will see things like cowbell, cyber and others. Uh, Wes is doing stuff in that area where you, you're going to see continuous monitoring in this space. Yep.

Alright, well, with that, I'm going to, I want to make sure Wes has his time because both with cybersecurity and insurance, like this is, uh, Wes' wheelhouse. So I wanna make sure he is got plenty of time to sink his teeth into this. I, I don't know. Gary, you're used because we're way off right now. Gary, Before we hand over, could we just, could we just, Wes one second. Yeah. Gary, how do you, an MSP comes to you in your peer group or you do a special project role responsibility.

Can, can you just give us what your thinking there, what your advice is gonna be, et Cetera? From a high level, I always ask when something has to change in the business, how do you know where's the accountability and, and, and are you gonna deliver it with a role? Because if you don't do those two things, Andrew, it's impossible to cost it into your model. There's no way to cost it in. And if you don't cost it in, you're not really gonna do it.

Because everything else we have to do, we have to do that project that they signed. We have to answer their tickets, we gotta deal with alerts, we gotta push out patches. We got, we have to do all those other things. So if there isn't a role that it's assigned to and accountability and a process with it, it just doesn't happen ever. I mean, nothing happens in business, but including specifically this. Cool. Alright.

We'll have to do a special, I I think we need to do a special webinar, a quarterly one, which we haven't done in a while. You know, we scare is on, you know, all these nuanced things that are being put in the MSP's wheelhouse and how to do costing margin role, micro, macro economics, if you will. Yeah, That'd be immensely helpful. I, because I think the game has shifted so much that I think we all need a fresh look at that again. Yeah. Yeah. I'd love for you to do that, Andrew.

That that sounds awesome. That sounds awesome. Yeah, we'll do that. Okay, cool. Go ahead. Alright, Eric, so question. Last time you joined us, and I don't remember which cyber call it was, I wish I I could go back so people could go and listen, but you talked to MSAs and it was really, really valuable to hear a whole bunch of, uh, I guess we can't call it legal advice, right? But thoughts from a lawyer around MSAs and just how important they are.

So let's recycle that conversation a little bit in this new era of concern over cyber insurance questionnaires. You mentioned a good MSAA minute ago. Walk us through that. Yeah, so the, and, and that's a great question because ideally, your, your MSA is gonna cover everything you do for a customer. It's gonna cover your, your professional services, it's gonna cover your managed services, it's gonna cover your, your resold products and resold hardware, things like, like that, right?

So the important thing here that, like we talked about, is to, to just make this another service that you offer and not do it outside the realm of your MSA. Well, why is that? Well, because your MSA talks about all of the things that help you as an an MSP survive in the event something goes wrong, right? In a perfect world, you sign an MSA with a customer and you, you stick in a drawer and you forget about it, right? In an imperfect world.

And that's the world that, that, that I live in every once in while we have to take it out and see what it says, right? What does it say in terms of your warranty, right? Is are you filling this, this application out in a professional and workman-like manner according to industry standards, right? I hope so. Right? It it, it'll speak to your limitation of liability, right? So, so if you're charging your customer for this and something goes wrong, you, you do a bad job, right?

And, and it happens, right? We make mistakes, but what happens, we look at your limitation of liability clauses, right? Things like your indemnification provisions. What are you agreeing to indemnify your customers for? Are you agreeing to indemnify them every time you, you breach a warranty or every time you make a mistake? If that's the case, then that's something that you have to pay attention to when you're, when you're looking at the, the actual terms and conditions of your MSA. Hey Wes.

Yeah, Wes, quick, can I just throw in a quick caveat or question? Mm-Hmm. Because Eric, you've joked around with me a little bit and it's not funny, but Ms. P is saying, oh, I sure I I'll review my ms, I review my MSA every X amount of years on the decade on the whatever, the millennia, when, what should they, what should the regularity be?

So, so, so, so to Phil, everyone on the, the conversation Andrew and I had the other day, and I, I was recounting to him a conversation I was having with, uh, a prospective clients and they told me, you know, I, I don't need to you to look at my MSA 'cause I had a, a lawyer review it about 10 years ago, and I thought they were joking. I really, really thought they were joking, and I kind of laughed, but it turns out they were serious. And, but It's not constant though.

Like if it's fairly up to date and it's done right, only your SOW should really change it. It should not have to be updated constantly. That that's right. I mean, if you're updating your MSA every 12 to 18 months, um, that's probably more than enough. Um, if you're taking on a new service offering, right?

If you're going from a, a break fix shop or a systems integrator or a VAR to an MSP, then, then yeah, you've gotta, you've gotta look at your, your MSA, you know, if you never resold product before, but now all of a sudden you're reselling product, you need to look at your MSA. Other than that, if you're on a cycle of 12 to 18 months with an attorney who knows what they're doing, right? I don't mean your brother-in-Law who's a divorce attorney, right?

I don't mean your next door neighbor who's gonna do this for free. I mean, someone who really spends their time helping MSPs and other IT service providers with their MS A, if it's done right, um, that then it's not that often. You know, I can tell you that, that of the MSAs that I look at for my clients, and usually it's the very first engagement I have with a client is, is just doing a pretty thorough review of their, their MSA.

Um, I can't think of an MSA where I had to rewrite any less than 25% of it, right? I'm not change, I'm not talking about changing. Happy to glad, right? I'm talking about really material errors that were made by attorneys, um, who, who were trusted by their clients. Okay. That's good. That's good. I have an anecdotal question for you, Eric. Um, so we talk a lot about, well, first if, if we're concerned like we are of these big questionnaires mm-Hmm.

Some of them are vague, some of them are ultra specific in really scary ways, like privileged account management like we talked about. Yeah. Are you seeing just anecdotally any kind of subrogation happening and in the aftermath of, of the B word, the breach where the client did not know that the MSP did not set up privilege account management correctly or something like that, and that was a component of this? Are you seeing any of those kinds of things happening?

So I haven't seen it, but I think it's gonna happen, right? I think if you look at this traveler's case and how it's gonna shake out, I guarantee the customer is gonna be pointing their finger at the MS P saying, Hey, look, I relied on the MSP's expertise to, to help me fill this out. I realized that I signed the bottom of it, but at the end of the day, it's, it was the MSP.

Now that's not gonna win 'em anything with the insurer, but in the subsequent litigation with the MSP that will happen, then all of a sudden it, it, it becomes an issue. And, and that's why it's all more important to tie it back to your documents to make sure that it's a, a client function.

Because look, if the MSP makes a mistake in filling out the application, then, then maybe, hopefully that mistake is gonna be covered by your professional liability coverage, not your cyber coverage, but your professional liability coverage for, for doing something improperly. Dave, what's your thoughts about all that as an M Ms P? Right? I mean, that's kind of scary to hear from Eric, right? Don't you think?

Well, that's why I talked to Eric about this three or four weeks ago and, and he, we just finished restructuring this because I, I told my team who the, the, the, the people who are v who are taking the role of VCIO engaging with our clients, is that full stop. We're not doing it this way anymore. Here's the way we're doing it. And, you know, from, from a process standpoint, it's get the freaking get the, get the statement of work out there. We can answer it. I, I'll still answer it.

I don't have a problem with that, but get that statement to work out there and then follow it up with that conversation to start. And, and, and Dave, let, let's, let's talk for just a minute. And I, and I don't want to, you know, throw you under the bus especially 'cause you're one of my favorite clients.

But you know, when you called me a couple weeks ago and said, Hey, Eric, and I don't, I dunno if you remember this, but you said, Hey Eric, can you put together a couple sentences that we can send to a client that, that says we're not responsible, right? And I said, no. I said, no, we're not gonna do that. Let me show you how we're gonna do this and here's why we're gonna do this. And, and that's why we started this, right? Yep. That's, if you could Do it, that would be great. Yeah, exactly.

Exactly right. It's Dave, I'm gonna punch you in the face, but you're gonna agree that I'm not responsible for punching you in the face. Right? Right. Same Concept, Wes, just to one Eric's point, you know, I talked to Spencer P*****k, who, for those of you who don't know, is a great breach attorney. Mm-Hmm. And literally every, you know, and there was a, we were catching up.

He's like, look, if an MSP's involved, they're gonna get named and they're gonna be the, they're gonna get pointed at the finger at he goes, it is just, it is what it is. So he's like to, for an MSP to think they're not what, even if they, they're doing a solid job, have everything in place, he goes, that's why it's so important. And Eric, can you validate that to have everything in place because you are going to, the breach attorney is going to come after you. Yeah. Yeah.

Like I said, it, it's always best when you sign a contract to put it in a drawer and forget about it. Right. That, that, that's how it's gonna work 99.9% of the time. But in that point, 1% of the time when you do have to look at, look at at it and see what it says, and, and, and I have this conversation with my clients all the time, right? I can look at an MSA and, and you guys can look at an MSA or a statement of work and you understand what it means and you understand what it says.

But here's the problem with that. If, if something ever goes bump in the night, it doesn't matter what I think. And it doesn't matter what Dave thinks or what Andrew thinks or anything else, it matters what this 78-year-old guy behind the bench with the white hair who can't even find the on switch on his computer in the morning, thinks about what it says and tries to interpret what it means.

That's why it's gotta be crystal clear for when, for when that happens, when the breach attorneys do implicate the, the MSPs. Uh, uh, uh, I I have a question. How can a, um, let's say you did have those controls in place, like how can you, but you still got breached. How does an MSP show reasonableness? It's a great, you know what I mean? Um, duty of care or whatever. Like, are there, this is something that we've been working on internally at CIS 'cause we have been mentioned in legislation.

So I'm curious with your experience, the MSP is doing the best they can. They've done it. Mm-Hmm. There's still a breach. It happens. What can they do to help defend themselves to show that person who has zero cybersecurity experience, who's probably applying, you know, not a cybersecurity law, but like Yeah. You know, other Transport. No, and it's a good question. And, and at the end of the day, it's a question for the trier of fact, right?

It's, am I as an MSP behaving in a manner that is consistent with other MSPs in the community, right? And each side is gonna have their experts, right? And, and my expert's gonna say, well, absolutely they are. And the other expert's gonna say no, absolutely they are not. Um, and then it's a matter for the, the, the trier effect, right?

And, and that's why it's another reason why, you know, it's so important to have your MSAs looked at because what it, you have to look at what's the standard you're gonna be held to, right? Is it the highest standard? Is it the best standard? Is it a commercially reasonable standard? Right. Tho those are all words that I see in, in, in, in my clients' MSAs before I start to, to work with them.

Um, you know, how do you, I mean, I can have Gary and Wes you know, debate till they're blue in the face about what is the highest industry standard, right? What is the best industry standard? It's easier to say what's a commercially reasonable standard, but it's really difficult to say what's the best, what's the highest, right? But, but MSPs are agreeing to this all the time. They're, they're agreeing to hold themselves responsible, hold themselves to the level of, of the best of the highest.

And that's really, really dangerous. Let, let me, let me chime in on one thing here. 'cause most of this conversation has been about the, the, the MSAs and the paperwork and how you can limit your liabilities on paper. There's a, there's a really fundamental look that we have to do on our own just internal processes. What we do, let me give you an example. If I tell all my clients, you should have MSA, okay? The customer says, Wes does not even said, it says, yes Dave.

I want to have MFA make it. So I say, okay, well, we're gonna roll MFA out on Office 365, and that's gonna be on your email and on your desktop. We're gonna cover MFA with duo. So we have two solutions that we're gonna implement that. And I could say, duo for all of it I wanted doesn't really matter. Let's go with that duo for all of it. Fine. And one of my guys puts Wes in bypass mode to do a test, and they forget to take it out of bypass mode. Here's my question for you.

What mechanism do you have in place in your MSP to find those holes? A, do you have something that's searching and finding anything that's a violation of the policy? And bringing it up, creating a ticket to where you can then document what you did to mitigate that? Or you brought it to the customer and the customer said, yes, I don't want MFA on that particular account. Now the customer owns that and you've got it documented and you can close that thing out, because guess what?

If you don't have that, if you're not doing that for everything that you're doing with your customers, you may have been ignorant before. If you're continuing to do it after we just had this conversation, I'm gonna tell you, you're probably stupid. We shouldn't be stupid. This is a real issue for all of us if we don't have a control or some mechanism to watch that Good stuff. And, and I think you're hitting on change control and change process there, Dave. Yep.

Wes, I, I wanna make sure you have some, some more time. So please Continue. No, yeah, no, this is great. I'm ha I love where the conversation's going. Yeah, it's awesome. Um, Dave, Dave, you're talking about something, um, that I think that's what's gonna happen is insurance is gonna go into measurement. They need to go into measurement. They're already doing it with auto.

You know, you pop the little beacon in your car and it says you drive this this way and this much and this fast and this, you know, braking, whatever. You get these discounts because of that. That's where we're going. We will, we are not far off from insurance saying in seeing, I want to know when MFA's turned off, and I'm going to notify you when it's turned off. And you may not, you may be unclaim able if you do not rectify this within three days or whatever.

It's, I'm just making up particulars, but that's the way we're going for sure. Um, how, how does that, what's your reaction to that, Dave, of like this idea of like insurance over top watching over and measuring certain things. Do you welcome that? Does it scare you? Is it a necessary evil? It doesn't scare me. There's a, uh, a, a site I found the other day that I hadn't, hadn't seen before. I'm trying to find it 'cause I thought I stashed it here on my desktop, but I didn't.

Uh, Andrew, if you remind me, I'll share it with you and you can share it with everybody else. Uh, at some point, compliance something or other. Basically it's, it's an, it's a service to insurance companies, kind of, it seems like to me, like it's part of that whole supply chain portion of what Cowbells doing, where they are doing external scans of your environment and they're rolling all this stuff up.

So now as soon as Eric goes to apply, they've already got all this information on that IP space and, and Eric's domain, and they've already got a report of with depth going back six months to a year of stuff that's been there exposed, how long it's been exposed and everything else. That kind of information is now available to the insurance companies. They're buying into it. Why?

'cause they can already see, Hey, Eric, you said that you don't have any RDS open, but I found one open, not only open, but it's been open for five months and, and you haven't done anything about it. It's not like this is a new thing, that kind of historical stuff. It's already here. So all you're really going is maybe, maybe penetrating one step further, like, you know, uh, tie into for an API into duo to be able to look at some stuff or into a seam or something else.

I it's gonna be happening or they're gonna require it, or they'll offer you discounts if you expose that information. I mean, it's just, just get creative. It's not rocket science. So Andrew, I'm gonna close and, and Eric, if you have any follow-up comments, I'd love to hear, but I'll close my segment on this. I think just to channel my inner Ryan Weeks, you know, he is always giving like, homework out or whatever.

Uh, my goodness, this is probably one of the most important things your MSP can focus on, both in terms of pricing and packaging, as Gary has said, both in terms of business risk and shared risk between you and the client. This is really important. So if you're, you're, if wherever you are at, in your role at your MSP, this is something you need to bring up to the highest levels and you really need to put some time and, and mental muscle power into this.

Don't you think, Eric, you, any closing comments for us as, as we shift back to Andrew? Yeah, no, it, it definitely doesn't. And that's a great point because it's not just you as the business owner or you as the, the, the technical or security leader. Oftentimes, and, and I've seen this a bunch, the client's gonna call into the help desk and say, Hey, I'm filling out this application and, and it's asking me X, Y, and Z. Can you help me? Right?

And now we've got a help desk agent who's implicating your MSP on the answer that that, that they're gonna give whether it's right, wrong, or indifferent. That's, that's the case. So, so, so training is huge. Again, making sure it's a service, making sure it ties to your MSA, making sure your MSA is great.

Um, it's, it's super important because like I said, it, you're, and, and like I told David when he first called me, right, if you don't do it right, you're betting the company, you're betting your MSP on filling out a fricking insurance application. And that's just crazy to me, Eric, for those. Great job, by the way. Um, as we wrap up here, for those that might be interested in learning more about you, how do they get ahold of you? You can put it in chat.

Um, Dave, um, for MSPs, I want to get ahold of you and maybe have you No, I'm kidding. Uh, but, uh, it was awesome to see you. Um, good to be with y'all. Thanks for everything. Do, Dave, any closing thoughts from you? Uh, this was a great conversation. It was so good to see all the chat, the liveliness, uh, of it. My, my only statement is, folks, join the front of the line now and start to, to Wes' point and start figuring out how you're gonna get your head around this.

I, I, I'm, I'm, I'm heading up to, uh, uh, hang out with some of my peer group friends tomorrow, actually. Um, and that's part of the conversation I wanna be driving prior to us actually getting into our peer group meeting is what are the pieces, what we're, we're all, we're all trying to figure it out. The folks who figure it out first, our first to market, get there, we all have an opportunity to be that first to market. This is a new area that is not gonna be hit.

And I don't know how long we're gonna have on it, but go for it. Yeah, Gary, um, you always have some really good closing thoughts and, and I, and I, and I will work with you if it's okay, you and West on putting together a special project. I really think this is an important one. We'll bring in some, you know, insurance. Like we, we will kind of do some, you know, a four hour, three four hour thing where we have insurance panel kind of like we haven't done in a while. That would be awesome.

Um, my only thought on, on this is this recurring theme that overarching all this is the fact that every MSP business leader needs to focus on being a better business person. They need to have more command over their cost drivers. They need to have a business planning process.

Because even if you know some of the things that we're talking about today, if you can't set priorities, if you can't execute on them, if you can't understand how to translate this into what customers pay, you will not get there. Your intentions will be good, and you'll help some clients better than today, but you won't build a, a, a, a scalable model, uh, that, that, that where you understand and your customers understand their risk, it can't happen. Good, good stuff.

Gary, Phyllis, any closing thoughts from you? Got you on mute there. That mute button is Evil. Yeah. When you gotta whack it, it's hard and fine. Hear you. Yeah, I can't hear it. We got, we can hear you now. Oh, you can hear me now? Yeah. Okay. Yeah. No, this has been, um, a great conversation. And as you all know, you know, I work with a lot of end organizations, so any guidance or any tips I can give out to end organizations on how to help with the MSAs, et cetera, um, I'm happy to help.

But, um, it's always great to be a part of this. That's awesome. Bring 'em on and we'll, we'll, we'll have a, uh, and we'll have kind of a, a bidding war for MSPs in their area and, you know, A lot of jokes you could take. Yep. Yeah. Thanks to Zoes for everything. Um, again, everybody, Eric, awesome to have you on, hundreds on today. Thank you all so much for, um, being part of this great community. Um, and we'll look forward to seeing you all very soon, next week.

Until then, make it a fantastic day. Take care of everybody. Nice. Thanks everyone. See y'all.

Related Videos