DFW SMB leaders discuss ransomware and BEC cyber insurance coverage with Fulcrum Group in Keller TX, highlighting cybersecurity and managed IT services.

By Steve “The Doctor” Meek | Talk To Th3 Doc Podcast | The Fulcrum Group, Inc.

🎙️Doctor’s Diagnosis: A Podcast Doc-umentary: Cyber Insurance That Actually Works — Episode 133

Justin Reinmuth from TechRug joined me on Talk To Th3 Doc for a conversation that every SMB executive needs before the bad day, not during it. We talked ransomware, business email compromise (BEC), and the part nobody loves, the carrier’s assessment and renewal questions.

Here’s my takeaway, in plain terms: Cyber insurance is worth getting, but it rewards grown-up behavior. If you treat it like a burden or a “set it and forget it” purchase, it will treat you like a “claim denied” headline.

Introduction – Lead with Why

At The Fulcrum Group, Inc., we provide advisory and strategic services to our SMB and government clients and leaders across the Dallas Fort Worth area to make technology decisions that reduce drama and increase momentum. That’s why we built SPOT Managed IT Services, and then complemented it with SPOT Managed Security Services, because consistency in execution beats heroics.

Episode 133 reinforced something we say internally all the time: executives have to lead the technology initiative. Not in a technical way, but because you know the business, the risk tolerance, the cash flow realities, and what “down” truly costs. Your team and or MSP can bring the technical playbook, but you’re still the coach calling the game.

The Problem or Question – Why do smart SMBs still get burned?

If you’re like most SMB leaders, you’ve heard about ransomware and BEC so often they start to feel like the Texas weather. “Yep, might rain, might not.” Then one Tuesday somebody gets a payment change request that looks normal, or a user clicks something that wasn’t supposed to be clickable, and suddenly you’re starring in a movie you didn’t audition for.

The real question isn’t “Should I get cyber insurance?”

The real question is:

How do I get the appropriate cyber insurance, that actually pays, and how do I keep improving so underwriting doesn’t become a yearly surprise?

Here’s the part that stings: carriers are not making assessments for fun. They’re following the claims. The forms keeps increasing requirements and expectations because attackers keep getting better at attacking, and because too many organizations “implemented” controls the way I “implemented” my keto diet  and exercise when things get too busy, with optimism and late night snacks.

The Fulcrum Way – Insurance is a partnership, not a product

Justin’s perspective lined up with how we run Fulcrum: you get the most out of cyber insurance when you treat it like a program you participate in. In trying to protect themselves with specific requirements based on trending attacks, they are helping you protect yourself by pointing out good ideas.

That is why we push a rhythm through our STARPower Framework and our service management approach (inspired by ITIL v4 continuous improvement, CIS v8, and practical execution discipline). The goal is simple:

  • Know where you are now
  • Define what “better” looks like
  • Match appropriate tools or processes to your business context
  • Improve in small steps
  • Measure what matters
  • Repeat without drama

If you do that, your cyber insurance experience gets better in three ways:

1) Your application answers match reality

Underwriters and claims adjusters don’t love surprises. We help clients standardize environments so the business can answer confidently on things like MFA, backups, admin access, logging, and response steps. Our base offering includes several of the usual suspects from cyber insurance applications. Our cybersecurity add-on fields even more of security “usual suspects”.

2) The carrier’s assessment becomes a checklist, not an accusation

Many SMBs treat carrier assessments like a pop quiz they didn’t study for and guess. We help our clients by helping them review them, field questions accurately and help you see them as a possible roadmap. We cannot fill out the application for our clients due to the implied liability, but we can advise you and you answer in the way that makes sense for you.

3) Your incident response is calmer

When a cyber incident occurs, you don’t want to “figure it out live.” You want practiced steps, roles, and documentation. In our industry, we hear horror stories at tech conferences about organizations that were compromised. The speakers tell of the manic urgency, the overwhelming, the stress, the workload, the late nights and the emotion of not being prepared, missing elements and pure loss. You can see where it impacts them for life. This is where STARpower points to continuous innovation, because calm beats chaos, respect beats blame and attacks are only getting worse with the advent of AI.

And let me give you my Monty Python moment: if your incident plan is “we shall shout ‘Run away!’ and hope the ransomware respects our personal boundaries,” you may be in for a long week. Beware the rabbit.

Real-World Reality Check: Two Questions That Tell You Everything

In our world at Fulcrum, ransomware and BEC aren’t “security headlines.” They’re the two events that turn a normal Wednesday into a CFO’s worst day. So here are two questions I use with SMB leaders in DFW—because they cut through the noise fast:

1) If someone spoofed your CEO or controller today… how quickly could a wire go out the door?
Not “eventually.” Before lunch. Sometimes before your bank even calls to confirm.

2) If ransomware locked your systems at 8:10 AM… what still works at 8:30?
Can you ship? Invoice? Run payroll? Answer customer calls? Or are you standing around doing the adult version of “turn it off and back on again,” while revenue leaks out like a busted hydrant?

Some cybersecurity estimates suggest that it is 50 times more expensive to resolve an issue after the fact, than it would have been to have the control deployed in the first place That’s why Justin’s point matters: cyber insurance can help soften the financial hit—but only if you’ve done the boring prep work that carriers expect, and only if you can keep operating long enough to file the claim without panic.

This is also why we tie insurance readiness back to service management. The more standardized your environment, the less “unplanned work” you suffer, and the less technical debt you carry. If you’ve read The Phoenix Project, you already know where this goes: unplanned work eats everything for breakfast, leaving not enough food for the business driven desired work that your organization craves (my stomach just growled).

Call to Action – Make cyber insurance part of your improvement flywheel

If you took one thing from Episode 133, I hope it’s this:

Cyber insurance is not something you buy. It’s something you earn the value from.

Here’s your next step, in order:

  1. Seek coverage if you don’t have it
  2. Review your current posture against carrier expectations
  3. Build a quarterly improvement rhythm so renewal stops being panic-season

Watch or listen to Episode 133 here:

If you’re an SMB or government leader in North Texas and want help turning cyber insurance requirements into a clear plan, connect with us through Fulcrum. We’ll bring the structure, you bring the business context, and together we’ll co-create the kind of “boring security” that keeps you out of the headlines.

About the Author — Steve “The Doctor” Meek, CISSP

Steve “The Doctor” Meek is a DFW-based IT strategist, cybersecurity leader, podcast host, and co-founder of a 24-year technology legacy in North Texas. A recipient of the 2024 MSP Titan of Industry Award for Community Impact, Steve brings decades of experience helping CEOs, city managers, and healthcare and manufacturing leaders navigate cybersecurity, AI readiness, and operational resilience. As host of Talk To Th3 Doc, he explores leadership and ownership topics to find practical insights for SMB decision-makers.

Founded in Keller, TX, The Fulcrum Group, Inc. delivers relationship-centered DFW Managed IT Services through its flagship SPOT Managed IT Services and SPOT Managed Security Services platforms. Using its proprietary STARPower™ Framework, Fulcrum helps businesses strengthen security, modernize operations, and plan technology with clarity and confidence. With a 100% Texas-based team and a “No IT Jerks” philosophy, Fulcrum has earned repeated national recognition on the MSP 501 and CRN Top 500, serving SMBs, local governments, and mission-driven organizations across North Texas.

Key Takeaways / FAQ – How to get cyber insurance and get the most from it

Should SMBs in DFW get cyber insurance?

Absolutely. Treat it as a financial backstop for ransomware, BEC, and recovery costs, not as a substitute for security. And note, there may be other options like cyber warranties, that may fit in certain places, like if you can’t get an insurance policy.

What’s the fastest way to improve underwriting outcomes?

Make identity controls boring and consistent, especially MFA for all privileged access and remote access. Note that MFA isn’t a yes or no question, MFA is across everything. Basic MFA covers your Microsoft tenant, there is MFA to login to your network, VPNs, SaaS applications and other areas.

How should I handle the carrier’s assessment?

Use it as a prioritized improvement list. Don’t argue with it, operationalize it. Ask your MSP to map findings to an action plan with pricing or hours estimates. Develop a roadmap to prioritize the most important things first, as you can cause new issues trying to do everything at once.

What causes “coverage gaps” in the real world?

Misaligned expectations, sublimits, exclusions, and application answers that don’t match your actual environment.

What’s one process change that helps against BEC?

A strict payment verification rule: any bank detail change requires an out-of-band confirmation, not an email reply. It’s also one of the cheapest security measures to implement for your organization, as it is just a process.

How does Fulcrum help beyond “tools”?

We use our structured cadence via STARPower Framework, delivered through SPOT Managed IT Services. Our quarterly planning tool pulls signals and information from our stack of tools to create a picture of how everything fits together. Our checklist of best practices is similar to cyberinsurance applications but covers more ground and sees the questions as current capability levels as opposed to simple yes or no answers.