Cyber insurance vs. cyber warranties: What’s the difference?

Cyber insurance is one of the fastest-growing industries on the planet. Even relatively conservative estimates predict the industry will be worth close to $85 billion by 2030. However, the cyber insurance industry has had its challenges, most notably rising premiums and a growing threat landscape, leading to other products popping up alongside it. One such product is cyber warranties. But what is a cyber warranty? And how does it differ from cyber insurance? 

WHAT IS A CYBER WARRANTY? 

We’ll keep this brief, as you can read a more detailed explanation of what a cyber warranty is here. But, in simple terms, a cyber warranty is a guarantee from a vendor that they will cover customers’ costs in the event of a breach, provided a set of criteria is met.

Typically, cyber warranties come in two forms: 1) A vendor guarantees that their product or service will remain secure against cyber threats. If a breach occurs due to a vulnerability in the vendor’s product, they must cover costs related to investigation, notification and recovery.

For customers, this provides a guarantee that the provider takes security seriously and regularly reviews and patches their software. Meanwhile, for the vendor, it acts as a way to differentiate themselves from competitors and gain customers’ trust.

2) A vendor guarantees against a set of cybersecurity controls or practices. To illustrate, let’s say a vendor decided to do this using the Cyber Essentials controls. Provided the purchaser of the warranty can prove that all five controls were in place at the time of the breach, the vendor would be required to cover the costs associated with recovering from the attack. 

This approach has the advantage of encouraging customers to be proactive in adopting security best practices, as well as offering them protection from threats.

HOW DOES CYBER INSURANCE DIFFER VS. CYBER WARRANTIES?

After reading this far, you may well be wondering what the difference between warranties and insurance is. After all, both shield organisations from the costs associated with a successful cyber attack. So why does the cybersecurity sector have space for both? Despite the similarities, once you delve a little deeper, it becomes clear that cyber insurance and cyber warranties have a few key differences:

• Cyber insurance typically offers more comprehensive protection while warranties cover a limited set of risks
• Insurance offers the option of both first and third-party coverage (the claims of someone other than the policyholder). Warranties are limited to first-party incidents only
• Insurance is a financially regulated product whereas warranties fall under consumer protection laws
• Insurance policies can, in some cases, be customised with optional covers whereas warranties tend to be more standardised
• Obtaining insurance is often subject to a detailed application process in order for the underwriter to fully assess the risk, warranties often have a far simpler process which requires agreeing to the product or service terms and conditions 

IS THE BEST APPROACH TO USE BOTH?

Given the differences between them, is the most comprehensive approach to risk management to take out both a cyber warranty and cyber insurance? In short, yes. But let’s dig a little further into why. 

Cyber warranties have several perfect use cases, for example: 

• You’ve just purchased a cybersecurity tool or software and the vendor offers a warranty alongside it
• You want to cover a limited set of cyber risks that are either tied to a specific product or set of controls
• You’re considering cyber insurance but want some protection in the meantime. In this case, the second type of warranty mentioned above is perfectly suited

However, cyber warranties’ use cases aren’t endless. And, this is where cyber insurance steps in. For comprehensive cover, customisation and a wider range of recovery services attached, cyber insurance is the best bet. 

But that’s not to say the two don’t work well in concert. Here are just a few examples of scenarios where it’s beneficial to use both: 

• You want to cover against a specific set of cyber risks (for example those associated with a product) but still want general protection
• You’re using warrantied software or products but need a higher coverage limit than the warranty allows for
• You want to use a warranty to cover you against some basic risks and insurance for the more complex ones

These are just a few examples of how warranties and insurance can work well together, we could list plenty more. In fact, it’s plausible some combination of the two could become the norm for most businesses in the next few years.

Forward-thinking insurance providers are beginning to offer bundled cyber insurance and warranty solutions tailored to SMBs. With the number of threats to small businesses only growing, it’s increasingly likely this will become the standard in cyber risk transfer as the decade progresses.

Confused about cyber insurance? Check out guide for everything you need to know.