Request A Consultation

Cybersecurity Warranties? Absolutely!

By: Rob Hegedus, CHECKLIGHT® Program Director

Insurance is for something that might happen (a question of probability). A warranty is for something that will happen (a question of time). 

After thirteen years in the cybersecurity industry, I’ve come to one sobering conclusion: given enough time, everyone will suffer a data breach. It’s just a question of severity. 

Everyone’s familiar with the term “warranty,” but there’s a new class of cybersecurity tools emerging in the market that is filling the gap in cyber financial protection for the forgotten victims —  small and medium sized businesses. This cohort of our economic ecosystem, which represents over 43% of the United States’ GDP and employs half of the American workforce (per the U.S. Chamber of Commerce), has historically had trouble either being able to afford or even qualify for cyber insurance. 

Cybersecurity Warranties? Absolutely!

A warrantied cybersecurity technology is intended to provide significant technical defenses in support of securing your computing environment, and, just as importantly, it must provide a level of financial protection should the technology fail to perform as advertised. Unlike products with traditional warranties, the ramifications of a cybersecurity technology fail can be disastrous. If your washer or dryer stops working, your house isn’t going to collapse. If ransomware finds its way onto your laptop, your entire business (and possibly livelihood) is at risk. 

A true warrantied technology is indistinguishable from a financial services product. In other words, it is a form of financial protection against a data breach wrapped around a technology. I liken it to a fire alarm system that will reimburse you for damages if it fails to notify you of a fire. There’s a level of trust given to the vendor, and that trust is backed by a financial capacity (i.e. – putting their money where their mouth is). 

Unfortunately, there are some vendors that claim to offer a warranty, but all they’re really offering is your money back if things don’t work out. 

There are three things to consider when comparing warrantied technologies: 

First – What Is the Actual Warranty?  

Most technology warranties are limited to the total amount you’ve spent with that vendor. For example, if your total spend on license costs is $1,000, but the damage resulting from the software not catching the intrusion is $500,000, you’d be eligible (maybe) for a refund of a portion of the $1,000 you spent. That’s not very helpful.  

Bottom Line: Fewer limits on the warranty are better. 

Second – Who’s the Underwriter?  

Legitimate warrantied technologies will be backed by an insurance partner that has set aside capacity to cover losses should the technology fail to perform as advertised. This is a particularly important distinction from a simple “you get your money back” offer. In essence, the vendor is underwritten by an insurance carrier and that protection is passed on to the customer in the form of a technology warranty.  

Bottom Line: Actual underwriting by an insurance company is best. 

Third – What Are the Sub-limits?  

Warrantied technologies can be compared to First-Party coverage in that they should recompense you for actual damages incurred. Most traditional insurance policies have certain limitations on what is covered. These are important because even though a vendor may say they have a $100,000 warranty, the fine print will quickly reveal an insurmountable list of requirements and draconian limits based on the type of data breach.  

Bottom Line: Fewer restrictions on the warranty are better. 

It’s important to reiterate that Warrantied Technology is not a replacement for traditional insurance. It’s meant to fill an immediate gap in financial protection. There are other benefits as well, notably: 

The possibility of subrogation is an important distinction from pure-play technical capabilities. While the utilization of an EDR is sometimes a requisite for cyber insurance, and may be a consideration for premium costs, a warrantied technology’s subrogation potential will have a larger impact on the overall cost of that policy. This distinction is not lost on Risk Managers and Chief Financial Officers (CFOs). 

Which brings me to my last point – the Risk Manager and/or the CFO must be part of the EDR decision making process. IT Directors do not traditionally have visibility into the risk profile carried on the balance sheet…the CFO does. If a warrantied technology is indeed a financial services product, then the CFO and/or Risk Manager must be a part of that evaluation. 

If the last few years have shown us anything, it’s that cyber threats are not going away and the number of attacks against small and medium-sized businesses will continue to increase. This is leaving a large segment of our economy at significant financial risk.  While traditional cyber insurance is trying to address that exposure, the problem is just too big, and it will take time.  Warrantied cyber technologies can fill that immediate gap by protecting the SMB space with advanced technical capabilities and by offering a legitimate, and insurance-backed, level of financial protection in an increasingly complex and dangerous world. 

About the Author: Rob Hegedus is the Program Director for CHECKLIGHT®, a next-generation AI-based Endpoint Detection and Response (EDR) application that is partnered with the insurance industry to provide an unprecedented $250,000 of protection to its clients in the unlikely event that it misses a cyber threat that causes damage. 

CISO Global’s fully warrantied EDR solution, CHECKLIGHT® Endpoint Monitoring, features next generation signature, behavior, and machine learning (ML) algorithms which continuously monitor registered endpoints, providing near real-time threat detection. If you’re interested in learning more about endpoint detection and response (EDR) backed by a $250,000 warranty, read all about CHECKLIGHT® Endpoint Monitoring from CISO Global.