Why The Kaseya Ransomware Event Will Forever Change the IT Industry Supply Chain 

One of the largest – if not the largest – ransomware events in history took place over the U.S. Independence Day long weekend. A recap:

• Kaseya, a software company that provides remote monitoring and management software for IT service providers, was breached- resulting in their clients and their clients’ clients being hit with ransomware.
• 1500+ companies impacted, ranging from small family run businesses to large national chains.
• Over 1 million devices affected.

• Initial ransom demand of $70M USD to decrypt everyone.  Lowered to $50M USD at the time of this writing.

The numbers are staggering.

It seems like everyone is talking and speculating about this event.  But with all of the articles, commentaries and videos, I have yet to see a single one talk about the future real-world impact to the IT services industry and every single business that uses an IT company.

One word: Insurance.

Just like the snow removal industry underwent a fundamental shift a few years ago when lawsuits from slip-and-fall insurance claims increased dramatically, resulting in astronomical insurance increases for companies that provide snow management; after speaking with a cyber-insurance industry expert this week, I expect the entire IT services industry to shift in a similar way.

The shift in insurance for the snow removal business resulted in many small companies shutting down or leaving the industry.  It used to be that anyone with a pickup truck could install a plow and be in business – any many people made a little extra side money doing just that.

Not anymore. Businesses can no longer take on the risk of using a snow removal company that doesn’t have adequate insurance to cover a slip-and-fall lawsuit.  And small snow removal operators can no longer afford adequate insurance.  Well-established larger players are the only ones who can afford it.

With this high-priced insurance comes significant additional cost for the operators. Which means that for every business needing snow removal, prices increased substantially.

Birmingham Consulting and our clients were NOT impacted by the Kaseya breach.  However, we’ve already been informed by our insurance provider that it will be much more difficult for us to obtain insurance and the cost will increase dramatically.

Sound familiar?

Will smaller IT providers be able to afford adequate insurance?  Probably not.  Businesses who depend on IT providers will no longer be able to take on the risk of an inadequately insured IT service provider – their own insurance companies will insist on it. 

What does all of this mean in the IT services industry?  Here are my predictions:

• We will see a “thinning of the herd” in the IT industry.  Small and/or financially unstable providers will be forced out of the market by increased liability and associated insurance costs.
• Insurance companies will force their businesses clients who rely on IT service providers to only partner with IT companies having adequate insurance.
• Costs are going to increase for everyone.  Substantially.

This is the first time I’ve gone out on a limb and publicly made a prediction like this.  If I’m wrong, no harm, no foul.  But if I’m right, every business needs to prepare for this changing environment.