#33 - From The Trenches - Cyber Risk, Claims & Coverage (Bill Haber)

In this From the Trenches episode of the BMK Vision Podcast, Josh Peterson sits down with Bill Haber for a wide-ranging, executive-level conversation about a topic most MSPs and small businesses dramatically underestimate until it’s too late: cyber risk is not a technology problem—it’s a business survival problem.

This is not a tactical security discussion or a checklist of tools. It’s a sober look at how cyber insurance, risk assessment, and operational discipline actually intersect in the real world—especially when a claim is filed. Josh and Bill unpack why most cyber policies are purchased backwards, how attackers quietly “camp out” inside environments before striking, and why MSPs lose credibility when they sell fear instead of clarity. The discussion ties directly to the execution and accountability framework behind the BMK Vision operating system, where risk, finance, and operations must align if growth is going to be sustainable.

Why cyber insurance fails when it’s needed most

Most businesses believe cyber insurance works like other policies: answer the questions, pay the premium, and you’re covered. Bill explains why that assumption collapses during a claim.

Insurance applications are often completed optimistically. Underwriters may accept the answers—but claims are paid based on evidence, not intent. When controls like MFA, backups, or endpoint protection can’t be proven in practice, coverage erodes quickly.

• Policies are often sold without matching risk size to coverage size.
• Applications reward confidence—not operational truth.
• Claims expose gaps leadership never wanted to confront.

Event, incident, or breach: why language matters

One of the most practical sections of the episode centers on vocabulary. MSPs routinely use “event,” “incident,” and “breach” interchangeably—often triggering the wrong response at the wrong time.

Bill draws a clear hierarchy: events are signals, incidents are confirmed abnormal activity, and breaches involve malicious actors actively causing harm. Once the word “breach” is used, legal, insurer, and regulatory machinery engages—sometimes before the facts are fully known.

• Rushing to label something a breach can remove control from the business.
• Minimizing real incidents delays containment and magnifies damage.
• Clear taxonomy enables calm, defensible decision-making.

The uncomfortable truth: attackers wait and watch

This episode dismantles the myth of smash-and-grab cybercrime. Modern attackers are patient. They sit quietly inside systems, observe transaction patterns, watch cash balances fluctuate, and strike when the payout is maximized.

For MSPs, this reframes security conversations. Basic controls aren’t about perfection—they’re about being inconvenient enough that attackers move on. You don’t have to outrun the lion; you just have to outrun the next business.

Why fear-based cyber sales no longer work

Bill is blunt: most cybersecurity sales conversations talk past business owners. Technical jargon, horror stories, and compliance theater create avoidance—not action.

Instead, he advocates a “give value first” model: lightweight, independent risk discovery delivered in business language. When owners can see their specific exposure—and its financial impact—decisions become rational instead of emotional.

• Fear creates short-term motion, not lasting discipline.
• Risk discovery builds shared reality.
• Shared reality converts resistance into ownership.

Episode highlights

• 00:05:47 – Why most cyber policies are structurally misaligned
• 00:15:21 – “It’s not if—it’s whether they’re already there”
• 00:26:43 – Event vs. incident vs. breach explained
• 00:31:12 – Why attackers target small businesses first
• 00:46:54 – Scalable risk assessment without human friction

About the guest: Bill Haber

Bill Haber is the founder of TechRisk (TEKRISQ), a cyber risk firm helping small and mid-sized businesses assess, remediate, and insure risk based on operational reality—not assumptions. With a background spanning telecom, data platforms, and sensitive-data environments, Bill brings a business-first lens to cybersecurity that resonates with owners and advisors alike.

Connect with Bill on LinkedIn →

About the host

Josh Peterson is the CEO of Bering McKinley and host of the BMK Vision Podcast, where he helps MSP owners replace intuition with clarity, discipline, and execution.

Connect with Josh on LinkedIn →

Frequently asked questions

Why do cyber insurance claims get denied?
Because controls described in the application can’t be proven during investigation.

Is cyber risk mainly a technology issue?
No. It’s a leadership, finance, and governance issue that happens to involve technology.

Should businesses always pay ransomware demands?
There are no universal rules—decisions depend on backups, restoration readiness, legal guidance, and insurer involvement.

How can MSPs sell cyber without fear?
Start with independent risk discovery in business language, then prioritize remediation.

Return to the BMK Vision Podcast main page →