How the “Three-Legged Stool” Protects MSPs from Legal & Cyber Risk | Charles Weaver Artwork

TalkTech With Rob Scott

Talk Tech with Rob Scott is the podcast for MSP owners navigating the next era of managed services.

Each episode, Rob sits down with industry leaders, operators, and experts to unpack what's actually working in the field. Topics span AI transformation, cybersecurity, M&A and exits, sales scaling, community-led growth, and the operational shifts reshaping the MSP channel.

Hosted by Rob Scott, founder and CEO of Monjur, the show pulls real lessons from real MSPs and the experts who serve them.

Brought to you by Monjur. Attorney-Supervised Contract Intelligence for MSPs. We write, update, and protect your MSP contracts so you can focus on running your business.

New episodes weekly. Subscribe to stay ahead of where managed services is going next.

All Episodes

TalkTech With Rob Scott

How the “Three-Legged Stool” Protects MSPs from Legal & Cyber Risk | Charles Weaver

May 19, 2026 • Rob Scott • Episode 14

0:00 | 44:06

"Legal and cybersecurity risks are rising fast for MSPs."

In this Tech Talk Live episode, Rob Scott, CEO of Monjur, and Charles Weaver, CEO of MSP Alliance, break down how to protect your business with the “three-legged stool” of MSP success:
✅ Insurance
✅ Strong contracts
✅ Certification

Learn how Monjur + CyberVerify help MSPs reduce risk and scale confidently.

SPEAKER_01 0:03

Welcome to Top Tech with Rob Scott.

SPEAKER_02 0:07

Hello, this is Rob Scott with Tech Talk Live, and today we have an amazing show for you. My buddy Charles Weaver of the MSP Alliance and Cyber Verify is going to come on with us and tell us all about his concept for risk mitigation for managed service providers. He refers to it as a three-legged stool involving insurance, great legal agreements, and his Cyber Verify control frameworks for MSPs. And it's going to be a great show. Looking forward to it. And buckle your seatbelts, because here we go. We continue the discussion, you know, in a very similar vein to you guys might not know what's going on out there in the real world, but if we told you, you wouldn't even believe us. That's the impression I got from watching the clips from the last one.

SPEAKER_00 1:04

I yeah, not scaring people off. Just be aware that there's some crazy stuff and and make sure your ship is aligned and it's it's uh watertight, you know. But it's it can be achievable. That's the point.

SPEAKER_02 1:16

Yeah. And I think we can talk about um how we think the combination of Cyber Verify and Monge agreements will help address some of the craziness and and why, you know, drawing a connection between what this new partnership will bring to the table and what we're seeing in this real world scenario.

SPEAKER_00 1:47

Let's do it. I just talked to WatchKeep this morning, and they they use you, they've been certified with us for a number of years. So I think I think those are good examples, maybe not by name, but you know, we can throw those out.

SPEAKER_02 1:58

Oh, I'm sure there's a number of overlapping clients. I I could think of a handful just off the top of my head, right? Um, but yeah, what what value they get when they combine the services together? But let's let's spend the first 10 minutes or so just focusing on uh a mini version of what we did last time about what's happening with litigation. Stuart. All right. My friend Charles Weaver, welcome to the show. Thanks, Rob. Good to see you as always. Always good to see you, my friend. And uh especially at a time when so much interesting and crazy is happening in the channel. Uh, for those of you who don't know, uh, anytime one of my clients says we need an expert witness in a managed services case, I tell them, you should see if Charles Weaver will do it. Because if Charles Weaver will be the expert in your case, you got a really good chance of winning. And I can say that in our recent experiences, that's certainly been the case. We just had a really nice victory and an arbitration in New York. Uh, and that was very gratifying. And uh, we had one case settled within just weeks after Charles's deposition, and that wasn't a coincidence. So we've had a string of good success here in cases against MSPs that people normally wouldn't expect, arguing over technical issues with experts that you wouldn't dream of. So, Charles, tell me what this experience has been like for you.

SPEAKER_00 3:38

Surreal to think back 20 years ago, Rob, when you and I and other MSPs were getting around gathering, and the chief complaint of MSPs was nobody knows who we are. Whoa is us. We we need to get more notoriety, we need to get our brand out there as a profession. And you know, you and I remember those days quite well to now fast forward to today where the brand we've succeeded in that original uh purpose, but now we are facing a secondary uh kind of objective, which is to rapidly accelerate the maturity of MSPs so that they, you know, you know, you can't stop litigation from happening, but you can radically change your odds of success or you're radically change your odds of being able to successfully negotiate, you know, pre-litigation, pretrial, whatever, uh a successful outcome for your MSP practice if you're taking certain steps. And I think that that's what I heard, you know, along with you in seeing some of these claims are just ridiculous, in my opinion. I I didn't know these types of claims were being made, but I guess they are.

SPEAKER_02 4:54

Well, look, uh, the case we just finished in New York. I now have a case in Texas identical fact pattern. The client sues the MSP in state court, claiming some sort of emergency temporary restraining order that requires the MSP to continue to perform services without getting paid. And then it's the MSP's obligation to push forward with an arbitration on a separate track. Um, and it just is not a coincidence we're seeing so many of these crazy cases. But what I want to know from you is what is it that surprised you the most in terms of what you've seen in these recent cases?

SPEAKER_00 5:39

Well, I I I guess it it wasn't so much a surprise as a validation of how deeply embedded the MSP business model is in global infrastructure, including US infrastructure. To for those of you, you know, the non-legal minds out there, right? When when a client goes, when a party goes to a judge and says, I want a temporary restraining order to stop an MSP from service to stop an MSP from not servicing me. So they the the restraining order is, I'm assuming in this Texas case as well, to force the MSP to stay the MSP, not getting paid, right? Because the client at this point is not paying the MSP, but they're saying they're so valuable that we need to go to a judge to prevent the MSP from walking away. That says a lot about the role of the MSP in modern society. And I think we are I think the way you handled the litigation, your firm, um, your your uh some of the redirects uh on me, right? I mean, where where we're trying to get out what the best practice is, those are some of the things that uh to your to your question are need to happen. I mean, and I'm I guess I'm shocked that you know you and I are in this position that we're actually setting the record straight, but maybe that's what we were destined to do.

SPEAKER_02 7:08

Well, I'm I'm I have no doubt that we're on the right side of that, and we wouldn't be on any other side than that of the MSPs. Uh, for those of you guys who haven't read Charlie's books, you know, Charlie is one of these guys that had a vision many, many years ago uh that the MSP community needed to be a professional organization like uh a legal bar association or a medical society and and has worked his whole career to protect MSPs and elevate managed services on a global basis. And for that, we all owe you a debt. Let's be honest, Charles. I'm benefiting tremendously from the the groundwork that you laid, you know, uh all those years ago, because now I have a SaaS business that's servicing that community. And if it wasn't for you, that community wouldn't exist. So thank you for everything that you've done. You know, I want to get back to this question about the role of expert witnesses and how um the standard of care or um uh best practices would get determined. And in one case, there was a dispute over SEAM and whether or not SEAM was uh required such that if an MSP did not recommend and implement SEAM, that that somehow is negligence that is actionable under uh uh a relationship between an MSP and a customer. Talk us through you know your thought process on that and and and ultimately where you landed on that issue and why.

SPEAKER_00 8:51

Yeah, so the as I recalled the the uh the facts here in that situation, Rob, were that an MSP was brought in to do non-managed services work. Uh, I think that's the one you're talking about, or is maybe it was the the the New York case.

SPEAKER_02 9:07

Um the New York case on the question of whether or not for the 37-person financial services firm, uh, as the expert, so-called expert, uh, concluded that SEAM uh should have been in place and wasn't, and in and of itself, the absence of SEAM is negligence on the part of the MSP.

SPEAKER_00 9:29

Yeah. So, okay, so so in that fact pattern, I would boil that down to application of enterprise and yesteryear's enterprise IT guidance, applying it in a managed services scenario. Now, there may be some people out there that say, well, they should there should be no daylight between what the enterprise IT community follows as best practice and what the MSPs do. I would challenge that. I I would say that not only is that not true, but it's diametrically opposed. There are very big differences to how the enterprise internal IT community works and operates compared to how MSPs operate. And just for the set the record straight, we're, you know, I certainly don't have this opinion. I don't think you or your firm has this opinion that MSPs are perfect, right? They are made up of people who are fallible. They can make mistakes, MSPs do make mistakes, but these are situations where they are crazy claims like if the MSP doesn't have a SIM tool or recommended the SIM tool to a client, that that somehow was negligent. We have EDR, we have MDR, XDR, we have a lot of different technologies that kind of replace the need for a legacy enterprise SIM of you know 15, 10, 10 years ago. And there's just a lot of people who don't have that awareness, right? It's it's it's a different asset class, a different tool class for MSPs. So I think that gets to your question, Rob.

SPEAKER_02 11:05

I think it does too, and it's a fascinating issue, and it raises the more nuanced issue of the basis that sometimes we challenge the other side's experts. Because we've been in cases where they've brought people who admit on the stand that they're not experts in managed services. And I go through a litany. Do you consider yourself an expert in cybersecurity? Do you consider yourself an expert in uh um managed services? Uh and if there's this nuanced issue now of if you bring someone who's a cybersecurity expert to a case involving managed services, if you bring someone who's been in enterprise IT their whole life to a case involving a 37-person uh managed services client, then it really raises the question of uh what is the appropriate type of expert and how um what is the weight of that expert testimony? And you know, when you challenge an expert in court, there's two issues. There's basically the admissibility question, can this person testify? And then there's also the weight question, you know, what weight should I give it? In arbitration, they almost always let them testify, even if your objection is well founded. Because they say, well, just let it go to the weight. I thought it was interesting in one of those cases where they they recognized you as an expert in IT managed services and made the point that the other expert was not. I'm curious, you know, to hear how you felt when you read that. It struck me as very validating when I saw it. But I'm curious, you know, when you finally read that award where the client had such a good outcome. I'm I'm wondering what your thought process was as you were reading it.

SPEAKER_00 13:02

No, I was happy for the for the customer, right? The the client, uh, your client, right? Uh I was happy for them because, and I was happy for the industry because it it validated everything that we've been trying to do. The, you know, and it's not that these the the opposing experts are stupid people. They're very intelligent people. But I I think that we're we're trying to reconcile and have a seat at the table for the the total the global MSP community out there to say, look, this this is we're fighting for you, right? You're your firm, Scott and Scott. There, you're out there taking on really difficult litigation arbitration cases. You're you're winning them. And we are getting the MSP's point of view not just presented, but it's winning. It it actually can win. So I I think if I was an MSP, I would take great comfort waking up today saying we we have a shot. Now, if I was a break fix company, I'd be running for the hills and saying, how how do I get into managed services like yesterday? Because I don't I think that that's a uh still a very perilous thing. That that's a topic for another episode, maybe. But yeah, it's it's it's validating, Rob.

SPEAKER_02 14:15

I got three words of advice on the topic of break fix and anything that's not recurring. And my three words of advice are make it recurring. Whatever it is, whether it's project services, whether it's hardware refreshes, uh, make it recurring. So that's my three words of advice on that. Um, Charles, shifting gears, you know, you you say that there should be some optimism. Unfortunately, uh there's an access and affordability issue. And with any idiot with a with a filing fee able to drag these MSPs into court, you have this idea of a three-legged stool. And I'd like to hear more about you know what your thought is on this three-legged stool and how it protects MSPs from these crazy types of claims.

SPEAKER_00 15:10

Yeah, so the three-legged stool of MSP risk mitigation, lowering your risk as an MSP business. Umsurance, good contracts, and internal controls, or put differently, certification as an evidence of the internal controls. This the insurance, right? You and I again were at the forefront of that in 2007-2008 when we went to the insurance industry and said we we need something for MSPs, right? So that you need something that protects the breakdown, the fault of the MSP, something that protects the MSP business in that scenario where the MSP is at fault. Contracts, right? What you guys are doing over at Monger, making sure and and you remember this, Rob. For like 10, 15 years, we had MSPs who were pulling up late 90s web hosting contracts. And using those, right? They cross out the the one party's name and they put their MSP business name in there, and they'd use that as their as their as their service agreement. And it had SL, you know, uh SLAs and uptime guarantees. It was like you put a stop to that pretty quickly. And so I think Mongire and what you're doing with getting managed services, managed services first, contracts, um the second leg of the stool, and then get certified. Make sure that your internal controls can be evidenced and communicated so that if you're ever in a litigation situation, your contract, your your insurance policy, and your internal controls all support you and don't weigh you down.

SPEAKER_02 16:57

So one of the things that I'm so proud of, Charles, is that we have this new partnership between Monger and MSP Alliance to cover two of those legs of the stool. And MSP Alliance, as you mentioned, has had an insurance program since 2008 when we launched the first managed services professional liability product in the United States. Um, something that at the time I thought was cool, but I never thought it would be as ubiquitous as it is today. Um, it's almost like if you're in IT managed services, you'd be an idiot not to have a professional liability policy. And in fact, we review the professional liability insurance of all of the Monja subscribers as part of our service. We think it's so important. Um, but let's put that to the side because I think a lot of the listeners know that they need professional liability. And um there's a number of uh options there, although affordability and availability continue to be big challenges. We'll save that for another episode. Let's talk about how Cyber Verify and Monger's contracts as a service can cover those other two legs of the stool.

SPEAKER_00 18:17

Yeah, I I think uh you have stated it uh and summarized it pretty accurately, which is it's risk mitigation, risk transfer. Um the the recent cases uh really told me that there is a belief that belief amongst the customers and the lawyers that represent them that the MSP is some bottomless pit of risk absorption. That if you have an MSP, that's all you need to behave badly, to behave in any way you want, recklessly, in a cyber in a non-cyber hygienic manner. And as long as you have that MSP, you can throw, toss, transfer, whatever word you want to call it, all your risk into that MSP organization. I think that needs to stop. I think that that's that's crossed the line from the trusted advisor to the the abused. And I think we've had some initial success with these cases, as you mentioned. Um, but I think that the contracts are the first. I think the contracts are the first um defensive measure against this, right? Is there even a claim here? And and the opposing counsel looks at a claim, uh, at a contract and says, either it's a really porous document, it was poorly designed, and it really doesn't guard the MSP, let's attack, versus a Monger agreement, set of agreements, you know, master services agreements, service attachments, really designed to say, yeah, if it's the MSP's fault, sure, there's some, you know, you have you have uh access to uh you know redress, but don't look to just transfer everything to that MSP. That's what I like about it.

SPEAKER_02 20:13

And and and I and I think that that's critical as well. And that's why I've spent the vast majority of my career trying to make our legal services more available and more affordable. And that's the one thing I'm most proud of Monger for being able to do. We leverage technology to drive affordability and cover more MSPs with comprehensive legal protections. I think less people know the nuances of certification and how the program works and how it interacts with third-party accounting firms to create that SOC interplay. Talk to us a little bit more about the risk mitigation value of Cyber Verify and the various offerings that it has.

SPEAKER_00 20:59

Yeah, so uh back in 2004, you know, when our industry was still relatively new, uh, MSP Alliance was only about four years old at the time. Um, we had a group of members, uh, enterprise, mid-market, and SMB, who uniformly came together and said, we want our own standard. And that was the genesis of what today is um the unified certification standard, the UCS for MSPs. And that's the standard that we use as the foundation for Cyber Verify. So it's a it's a certification, but it's not like ISO or CIS or CMMC or some of these other frameworks where you it's a search certificate. You're getting an actual report, right? You're getting a report that is signed by a third party auditor. And it's a communication and transparency vehicle to say to a customer or prospect these are all the ways that we are behaving in a cyber hygienic way. And this is evidence that you can trust us. It's not that different from your law degree, right? That says, hey, you don't have to test me on all the you know contracts and constitution laws.

SPEAKER_02 22:12

You don't need to send me an NDA. I got a confidentiality requirement by virtue of being a lawyer. Yeah.

SPEAKER_00 22:18

Yeah. So that's that's the the kind of status symbol uh and purpose of certification that and by the way, you know, ours, because it has long held uh a section just dedicated to contracts, right? Do you have written contracts between your MSP and your customers? Those are really critical elements of evidencing that you know you're doing things the right way and not just being a break fix provider.

SPEAKER_02 22:48

Yeah, and soon we'll have to adjust the the standards for contracting to ask questions about if you offer AI, do you have you know appropriate terms and conditions to cover the risks that are unique to AI? Because we both know that train wreck is around the corner too.

SPEAKER_00 23:07

It's uh I can't wait for that one. That's gonna be a that's gonna be a sight to see.

SPEAKER_02 23:12

Yeah, so so um who benefits the most from Cyber Verify? Is it the little guys? Is it the medium-sized guys? Like what is the the the the revenue range? And I'll confess that for me, I've recommended it to my more mature clients because I felt like they had an opportunity to reach into enterprise and government when my littler guys you know probably had other priorities for the money and the time. So I'm wondering, is that true? You know, has that just been a fallacy on my part? Who what kind of MSP from a revenue or operational maturity perspective should consider certification?

SPEAKER_00 24:00

Yeah, you're not you're not wrong that you know, 10 years ago, the overwhelming majority of companies going through Cyber Verify would have been more mature companies that had pressure from customers to get something on the books for compliance, right? They're in banking, they're in legal, they're in uh insurance, uh, they're in you know federal government. Um, they're doing something where the customer is attuned to the uh risk of the third-party relationship with the MSP, and they want certification as a either check the box component or as a method of their internal risk assessment. Today I would say it's radically shifted. It's not that we don't have the, we have some very you know, large, you know, over a billion dollar in revenue MSPs, you know, global MSPs who come to us for a certification. We have mid-market MSPs, we've got you know 50-person MSPs. But there is an MSP that just started yesterday. And this is back to your comment about Monger being an accelerator for legal services that you know you used to deliver in a very different, maybe more manual way 10, 15 years ago. Monger has now accelerated that. We built Cyber Verify to automate and to accelerate the ability for an MSP that started yesterday, like 24 hours ago, and they're 37% done with their certification in a 24-hour period.

SPEAKER_02 25:30

So it's they have no data.

SPEAKER_00 25:35

Well, no, yeah, that could be, but I no, I think I think they're a pretty established company. But maturity acceleration is now the new paradigm. So it's not just compliance, it's I need to know where my leaks are. I need to know, and this is particularly relevant to that younger MSP that just started. Maybe they they went to Munjar, they they have their contracts, but they're still trying to figure out process delivery. And they say 10 years ago, they would have said, I'm not ready for compliance yet. Today they're coming to Cyber Verify and saying, I could hyper-accelerate my my trajectory in a matter of days. Now, it doesn't mean that you're going to become mature immediately overnight, but you're going to have the building blocks there, you're going to know what you're missing, and you're going to have a defined roadmap of what you need to do to change that. So that's kind of the new model.

SPEAKER_02 26:33

That sounds amazing. And it's incredible what you learn by being a podcaster. Um, and so if uh you haven't told me what you're up to lately, uh come on my podcast, I'll learn something. Um but but Charlie, you know, in in at Monger, we learned that many MSPs and many of the consultants in the managed services space are recognizing the opportunity for MSPs to offer managed compliance services. Oh, yeah. And you know, the Monger platform empowers the ability to do that with uh statements of work for cybersecurity risk assessments and the service attachment for managed compliance. And one of the things that I understand about Cyber Verify is that you not only have a sell-to concept with MSPs, but you also have a sell-through where you can help MSPs offer GRC-related services to their customers that they greatly need. Talk to us about how that works and how MSPs can get involved in learning about and delivering GRC services for their customers.

SPEAKER_00 27:45

Yeah, um, completely by um the demand of the MSPs that we were servicing. Um, and by the way, I do agree that they should get the Monger compliance uh service attachment because that's really critical to give the appropriate protection to the MSP if you're gonna get into vCISO, VCIO, compliance as a service. Um our approach is not a GRC approach. Let me be very clear. Our approach is an MSP first approach. What does that mean? It is bad, reckless, whatever word you want to apply to it, but I think it's it's not a sound approach for an MSP who isn't first certified to jump into compliance. And we've seen a lot of that. And there's a reason why I feel that way. Because all the major compliance frameworks that you find now globally, anywhere in the world, and I'm talking CMMC, SOC2, ISO, uh, UK Cyber Essentials, Australia Essential 8, uh you name it, it's it's they're all following the same direction, which is vendor risk. And vendor risk is another way to say supply chain. And you guessed it, MSPs are embedded. They are very the very lifeblood of the supply chain for their customers. So you cannot start offering compliance if you yourself are not, you know, you're the upstream entity. If you're if you're dirty, if you're if you're not cyber hygienic, that is gonna wash off downstream and it's gonna impact all your customers and their customers and so on and so on. You first have to get your house in order. When you do, amazing things happen. You now get to use what we refer to affectionately as managed controls, right? The controls that you deliver as a managed service provider now can be inherited or or utilized by a customer, and their compliance endeavors become a lot easier because they get to say, uh managed backup? Yeah, we don't do that, but our MSP does. It's already been tested, in fact. There you go, check the box, move on. And so those types of relationships become, you know, the traditional managed services relationship becomes uh extended to the compliance relationship, if that makes sense.

SPEAKER_02 30:20

Which is something that we've always talked about, the importance of MSPs elevating themselves to a colleague in the boardroom or an advisor in the boardroom versus a vendor in the hallway. And when you offer compliance-oriented or controls as a service-oriented uh deliveries, then you now are the advisor, the trusted advisor in the boardroom, and not a procurement vendor. Um, and so I think that the that that what you're talking about truly is a game changer. Um talk to us a little bit more about the options that MSPs have to engage with Cyber Verify. Are there plans, levels? Talk us through, you know, how an MSP considers, you know, how to engage with the MSP alliance around verification.

SPEAKER_00 31:15

Yeah, so we we have three three levels of certification, each one relating to a different um uh magnification power of testing, basically. Um there are there's an entry level that is price affordable for any MSP. I mean, three-person MSP shops should be able to afford this, should be able to use it and be able to get through it in a reasonable amount of time and have a complete roadmap for MSP scale, automation, and efficiency. Um, and then you have you know the the highest levels where MSPs are get coming to us to get, among other things, their Cyber Verify report. They're also getting SOC 2 reports, they're also getting ISO 27001 certifications, they're getting CMMC level one, level two, and and a growing, growing list of global certifications and/or audits. Um we we have you know five continents covered, and they're they're uh they're getting a lot of different a lot of different coverage of of uh controls and frameworks through us.

SPEAKER_02 32:25

And and then there's the third parties that are involved or uh primarily accounting firms, is that correct?

SPEAKER_00 32:33

Yeah, so we made the decision a long time ago that we were going to be the standards uh body and not the testing body. So we have separated by design um the the Cyber Verify platform is consultative and advisory by nature, by design. And then the third-party audit firms who are independent, they sit outside of that and they independently test. Although they, I will say this, they are they are trained and they are knowledgeable on the UCS, on Cyber Verify, and on MSPs. And so even when you see a CPA firm who can deliver a SOC2, we will get a lot of MSPs who say, uh, we'd rather have your SOC2 because it's we don't have to tell the auditor what we do. We don't have to tell them what an MSP is or how we operate or what a ticketing system is used for or how we handle remote access, right? Those are things that will confound an average auditor, you know, as part of a CPA firm who doesn't have a lot of MSP audit experience. So we bring that, we bring that audit um community to to the Cyber Verify system and program. Um, and and MSPs seem to like it.

SPEAKER_02 33:46

Well, the other thing that I think is important is that your whole platform, the UCS, that is the foundation, is based on a philosophy of managed services. In the same way that the Monger agreement structure is based on a philosophy of managed services. Where does the MSP fit in this relationship with the customer with respect to third parties, with respect to responsibilities for things that aren't its fault? And I think that's the greatest value of what you bring. You bring the world of knowledge and managed services, and you give the customer a SaaS platform that's affordable to give them that roadmap. And as they mature and as their um certification and operational maturity and customer base evolves, you're able to support them with an ecosystem of providers that truly understand not only the space, but the philosophy. And so that's why I think the Mondra platform and the UCS and the verification are so, you know, as you say, two legs of a very important stool. What do you see happening, Charles, um, in 2025 that's going to uh impact the industry? And what are some of the trends that you're watching uh that that might keep you up at night or are looking at optimistically that are game changers?

SPEAKER_00 35:36

Yeah, I I I uh I think that optimistically we're looking to see some movement, although you correctly pointed out that it may be a long time before it reaches fruition, but we're starting to see some of the states move legislatively on this topic that I refer to as cyber immunity, which is essentially a state legislature position of granting some amount of either immunity or some amount of uh lenience and and uh latitude for MSPs and customers, right? It's not just MSPs, it's any entity in that state that is observing positive cyber hygiene and and can demonstrate it, and to say that if they get hacked or compromised through no fault of their own, that they should be, you know, not treated so much as a victim, but they're not gonna be gone, they're not gonna go after them and say, well, now on top of that indignity of being breached, we're not gonna sue you, we're not gonna you know levy fine, civil fines or regulatory fines. Right. So I think that immunity or some variation of it is something that I think needs to happen. Um I think that would also impact the ability you know for insurance to be brought down. I think cyber insurance is way too expensive. It's um well, that whole nother episode right there, Rob, on on the accessibility of cyber. Um what keeps us up at night? Geez, um you know, the nation-state threats are still very present. And I think that the role of the MSP is whether they like it or not, the MSP is front and center on the front lines in that fight. And so what keeps me up at night are honestly the the underperforming, the the non-matured brick fix companies that present themselves as MSPs, but they're really not. Uh I I would wish them to quickly take seriously what what you and I are saying here and and get their contracts in order, start the process to get certified, or get out. Right? What they can't do is stay put.

SPEAKER_02 37:56

I like to tell people manage services is not a hobby. Your friends and family are entrusting you with their businesses, literally. This is not a side hustle hobby. You either need to be all in or all out. And so I think that's consistent with what you're saying.

SPEAKER_00 38:20

Absolutely. Yeah, I that that's a perfect way to put it. Yeah.

SPEAKER_02 38:24

Well, listen, I think security risks are keeping everybody up at night. I think regulatory compliance is an important topic for everybody. Um and I think that um economic protection, you know, what do your contracts say about the economic issues of cancellation and the effective termination and price increases and those types of topics or you know, commercial terms uh around risk in this environment are important as well. What are you most hopeful to see uh outside of cyber immunity uh from the just the technology in the channel? You know, I I predicted that 2025 would be the the year of the AI vendors, and I'm starting to see that. You know, last year you go to a trade show, there's one or two AI vendors, and you know, every show you go to now, you're starting to see every tool is AI powered, AI this and that. Um what are you hoping to see from the vendor community in terms of how the the technology stack can help the industry move forward?

SPEAKER_00 39:43

Yeah, I I think that I think there's a there's beginning to be a uh revolution of of uh new upstart challengers who are coming into the market and developing tools that are um what the MSPs want to see. And so it's it's applying some pressure to the legacy um companies out there. And there's the there look, the legacy vendors have been doing a fantastic job, but I think there's always there's always room for competition and to push the envelope. So I think AI is a proxy for automation and scale. If you are an MSP, if you're really an MSP and you are wanting to scale, you need process. If you don't have process, no AI is gonna help you, right? You're gonna have to come up with your own process and make sure that it can scale, and then you will be able to go out to those vendors and get the right tools that can automate. And that will be the difference between a 5, 10, 15, 20 person MSP shop behaving like a 100, 200 person MSP shop. Um, that's what's I think pretty exciting for me to see because that'll that'll that'll make the small MSP functionally equivalent to a lot of mid-market providers.

SPEAKER_02 40:59

Awesome. Well, yeah, that is that is important. And you know, we we learn about operational maturity and the OML model and the you know, evolved community that I'm involved in. And I just think that Cyber Verify is a way to turbocharge your journey for operational maturity. Absolutely. And I think that the best case to defend is the case that never happens. And I think that with Cyber Verify, you prevent a lot of cases and you give me the evidence that I need to defend the other ones.

SPEAKER_00 41:41

So well, if if people take one thing from this uh discussion, Rob, it's it's that because no one writes about it, right? The the major channel media are not talking about litigation involving MSPs. Or if they do, it's just the splashy headlines. They're not talking about the stuff you and I are seeing. So if you're if you're paying attention out there, the stuff is happening. The the suits are flying. We're winning, but if you want to win and not lose, you better you better listen to what we're saying and take some. It's preventable, Rob. These cases are winnable and they are preventable. But you you got to help yourself and participate in your own survival to a little, to a certain extent.

SPEAKER_02 42:24

And as Charles says, the three legs of the stool are the only way right now that we know to accomplish it. The right cyber liability and professional liability insurance, both for you and your customer, the right legal agreements that will continue to protect you so you can sleep well at night, that you have the right agreements for your business, and then the operational maturity acceleration and all of the value that the Cyber Verify brings. Now you've put yourself in a position to win. 100%. Charles Weaver, thank you so much for coming on the show. It's always a pleasure to have you, to hear your thoughts and perspectives. And we're so excited for the new partnership with Monja and Cyber Verify. And I think it's going to be wildly successful.

SPEAKER_00 43:18

No doubt. It's good, and we're looking forward to a fantastic year and uh supporting Monger and everything you guys are doing.

SPEAKER_02 43:24

Thank you so much, Charlie. Great to see you. Look forward to talking to you again very soon. See you, brother.

SPEAKER_01 43:31

You've been listening to Talk Tech with Rob Scott brought to you by Monger. Monger is the first mover in providing contracts as a service solution that's specifically designed for IT managed service providers. Visit Monger.com. That's M-O-N-J-U-R.com.