This question seems to be coming up more and more, so it makes sense to clarify what it actually is. Protecting your company’s digital assets is not just important—it’s essential. Think of it this way: If you bought a new car, you’d want a warranty, right? A promise that if something goes wrong, you’re covered. Now, imagine that for your business’s cybersecurity. That’s what a cyber warranty is. Let’s dive deeper.

  1. A cyber warranty is an addition to cyber liability insurance, not a replacement.
  2. Cyber liability insurance is sold by insurance agents/brokers and is delivered by insurance carriers (i.e. Chubb, Travelers, The Hartford…).
  3. Cyber warranty coverage is sold by Managed Security Service Providers (MSSP’s) and is delivered by privately held or publicly traded firms.
  4. One of the main differences between these coverages is that Cyber warranty is only offered to clients that can prove (with their MSSP’s help) that they have the necessary protections in place. For instance, if you don’t have MFA enabled to access your computer and email, you CANNOT get cyber warranty coverage.  Same goes for Next-Generation endpoint protection, email security, employee security awareness training and backup and disaster recovery.
  5. In addition, a cyber warranty can provide instant cash availability to begin the recovery process when needed. Unlike your cyber insurance policy which will reimburse you after the fact, proceeds can be immediately available to you when you need them most, during a breach.
  6. This type of protection does NOT come with large deductibles – it is payment from dollar one and without the substantial red tape that is all-too-common with large insurance policies. Additionally, the money that you receive from the cyber warranty can be used to cover your insurance policy deductible.

A cyber warranty can be a vital piece of your cyber security program offering you instant help when a breach occurs.  It does not replace having a proper defense in depth security program, and actually will not be issued unless you have the proper cyber security tools in place.  As there is no 100% guarantee that you will not be breached, this type of policy rewards the diligent people who made a best effort to protect their organization, but something still managed to get through their defenses.