CSPs Struggle with Expanding Cyber Threats, Limited Resources, and Insurability Gaps — Cysurance and ZirrusOne - December 12, 2024
By Lane F. Cooper, Editorial Director, BizTechReports - December 12th, 2024
Communications service providers (CSPs)—including cable operators, ISPs, and entertainment service providers—sit at the heart of the digital economy, delivering critical connectivity to millions of businesses and consumers. However, this position makes them prime targets for cyberattacks, with their interconnected networks and vast attack surfaces presenting significant vulnerabilities.
Adding to these challenges, CSPs often struggle to meet the stringent requirements needed to obtain comprehensive cyber insurance coverage. This dual threat of escalating cyber risks and limited insurability has left many in the sector vulnerable to both breaches and significant financial losses.
In response to this growing crisis, Cysurance, a leader in cyber insurance solutions, and ZirrusOne, a managed security service provider (MSSP) specializing in incident prevention and response, have forged a transformative partnership. Together, they are integrating robust cybersecurity measures with cutting-edge underwriting frameworks to protect CSPs from both cyber threats and the financial fallout of breaches.
“This sector is incredibly high-risk, which has made it difficult for CSPs to obtain meaningful cyber insurance,” said Kirsten Bay, CEO of Cysurance. “Through this collaboration, we’re helping CSPs not only improve their security posture but also gain the peace of mind that comes with being insurable.”
Nathan Vineyard, Chief Technologist at ZirrusOne
Nathan Vineyard, Chief Technologist at ZirrusOne, emphasized the urgency of the situation: “CSPs are uniquely targeted because they serve as the digital backbone for businesses, especially SMBs. This partnership equips them with the tools and resources to prevent incidents, respond effectively, and secure their financial stability in the event of a breach.”
Challenges in the CSP Sector
CSPs face a unique set of cybersecurity challenges. With sprawling networks of public IP addresses, countless endpoints, and interconnected systems, they represent a high-value target for cybercriminals. Recent breaches, such as the “Salt Typhoon” campaign, have highlighted the vulnerabilities inherent in CSP environments, demonstrating how attackers can exploit even minor weaknesses to cause widespread disruption.
These vulnerabilities are exacerbated by the industry’s interconnected nature. “The CSP space is inherently interconnected,” Vineyard explained. “If one provider is compromised, it can serve as a vector to not only go after customers and subscribers, but also offers a gateway to attack others in the ecosystem.”
Despite the growing awareness of these risks, many CSPs—particularly smaller and midsized providers—lack the resources to implement comprehensive cybersecurity measures. Limited IT staff, often juggling multiple roles, struggle to stay ahead of threats while managing day-to-day operations.
Kirsten Bay, CEO of Cysurance
On the insurance front, CSPs encounter additional hurdles. The complex and dynamic nature of their networks makes it difficult for insurers to assess and underwrite their risks. Compounding this issue, CSPs often fail to meet fundamental security requirements, such as regular patching and endpoint management, leading to high rates of claims denial.
“Across industries, nearly 45% of cyber insurance claims are denied due to inadequate compliance with basic security controls,” Bay noted. “For CSPs, this figure is often even higher due to their expansive attack surfaces and complex risk profiles.”
A Holistic Solution: Combining Security and Insurance
The partnership between Cysurance and ZirrusOne addresses these challenges head-on by integrating advanced security solutions with tailored insurance products. By certifying ZirrusOne’s security services, Cysurance ensures that CSPs meet the necessary standards to qualify for insurance coverage, effectively bridging the gap between security protocols and insurability.
“This collaboration completely changes the dynamic of insurability for CSPs,” Bay said. “With ZirrusOne’s security stack, assessments, and managed services, we can provide carriers with the transparency they need to underwrite these high-risk organizations confidently.”
At the core of this partnership is a three-pronged approach to cybersecurity in which ZirrusOne works with CSPs to: 1)design secure networks; 2) implement rigorous patch management schedules; and 3) enforce least-privilege access controls.
The MSSP monitors networks for potential threats, ensuring rapid detection and response to minimize the impact of incidents. In the event of a breach, ZirrusOne provides disaster recovery support, helping CSPs restore operations quickly and efficiently. These efforts are complemented by Cysurance’s innovative warranty and insurance model.
A Warranty-Backed Approach
One of the features of the partnership is Cysurance’s certification warranty, which offers immediate financial support for remediation in the event of a breach.
“This isn’t just a marketing tool—it’s a mechanism to ensure rapid recovery,” Bay explained. “The warranty dollars kick in immediately for ransomware, business email compromise, or compliance-related events. This helps organizations recover quickly while avoiding delays associated with traditional insurance claims.”
By providing this immediate financial support, the warranty acts as a bridge to the broader insurance policy, which covers more persistent or severe attacks.
“Everyone benefits from this model,” Bay added. “Organizations partnering with ZirrusOne gain access to a layer of financial protection that enhances their resilience. Meanwhile, insurers gain confidence that risks are being effectively managed and mitigated.”
Driving Change in the CSP Landscape
The impact of the Cysurance-ZirrusOne partnership extends beyond individual organizations. By setting new standards for cybersecurity and insurability, the collaboration has the potential to reshape the CSP industry’s approach to risk management.
“Our programs help CSPs understand and implement fundamental controls,” Bay said. “These measures don’t just improve security; they make CSPs more insurable and less vulnerable to severe attacks.”
Vineyard echoed this sentiment, highlighting the importance of ongoing collaboration and education.
“We’re not just an MSSP that sells services and walks away,” he said. “We work with CSPs on a continuous basis, helping them address vulnerabilities, implement best practices, and plan for future threats. It’s a lifelong journey to stay secure, and we’re here to guide them every step of the way.”
Changing the Insurance Conversation
Traditionally, securing cyber insurance has been a separate and siloed process, often handled by business or finance teams with little input from IT and cybersecurity staff. The Cysurance-ZirrusOne partnership seeks to break down these silos, fostering a more integrated approach to security and insurance.
“We’re seeing a shift in the dialogue,” Vineyard said. “Boards and C-suite executives are now proactively asking how security and insurance can work together to protect their organizations. This is especially true in the CSP sector, where downtime can have catastrophic consequences.”
Bay emphasized that the partnership also helps change perceptions within the insurance industry.
“By providing carriers with transparency into the controls and measures CSPs have in place, we’re demonstrating that these organizations are a good bet to underwrite,” she said. “This changes the narrative from one of risk aversion to one of informed confidence.”
The Road Ahead
As cyber threats continue to evolve, CSPs must adopt a proactive and integrated approach to security and risk management. The partnership between Cysurance and ZirrusOne offers a blueprint for achieving this, combining cutting-edge technology, rigorous standards, and innovative financial protections.
“Our goal is to create a secure and sustainable future for CSPs,” Bay said. “This isn’t just about reducing risk—it’s about ensuring that when incidents occur, CSPs can recover quickly and confidently.”
For Vineyard, the partnership represents a critical step forward.
“We’re not just helping CSPs protect their networks; we’re helping them protect their customers, their reputations, and their businesses,” he said. “This is about building resilience across the entire industry.”
With this holistic approach, Cysurance and ZirrusOne are addressing the immediate challenges of cybersecurity and insurability while also setting a new standard for how CSPs can thrive in an increasingly interconnected and vulnerable world.
###