Cyber insurance is one of the fastest-growing industries on the planet. Even relatively conservative estimates predict the industry will be worth close to $85 billion by 2030. However, the cyber insurance industry has had its challenges, most notably rising premiums and a growing threat landscape, leading to other products popping up alongside it.

One such product is cyber warranties. But what is a cyber warranty? And how does it differ from cyber insurance? 

What is a cyber warranty? 

We’ll keep this brief, as you can read a more detailed explanation of what a cyber warranty is here. But, in simple terms, a cyber warranty is a guarantee from a vendor that they will cover customers’ costs in the event of a breach, provided a set of criteria is met.

Typically, cyber warranties come in two forms:

1) A vendor guarantees that their product or service will remain secure against cyber threats. If a breach occurs due to a vulnerability in the vendor’s product, they must cover costs related to investigation, notification and recovery.

For customers, this provides a guarantee that the provider takes security seriously and regularly reviews and patches their software. Meanwhile, for the vendor, it acts as a way to differentiate themselves from competitors and gain customers’ trust.

2) A vendor guarantees against a set of cybersecurity controls or practices. To illustrate, let’s say a vendor decided to do this using the Cyber Essentials controls. Provided the purchaser of the warranty can prove that all five controls were in place at the time of the breach, the vendor would be required to cover the costs associated with recovering from the attack. 

This approach has the advantage of encouraging customers to be proactive in adopting security best practices, as well as offering them protection from threats.

Considering cyber insurance but unsure where to start? Download our guide to cyber insurance for everything you need to know.

How does cyber insurance differ vs. cyber warranties?

After reading this far, you may well be wondering what the difference between warranties and insurance is. After all, both shield organisations from the costs associated with a successful cyber attack. So why does the cybersecurity sector have space for both?

Despite the similarities, once you delve a little deeper, it becomes clear that cyber insurance and cyber warranties have a few key differences:

• Cyber insurance typically offers more comprehensive protection while warranties cover a limited set of risks
• Insurance offers the option of both first and third-party coverage (the claims of someone other than the policyholder). Warranties are limited to first-party incidents only
• Insurance is a financially regulated product whereas warranties fall under consumer protection laws
  
  
• Insurance policies can, in some cases, be customised with optional covers whereas warranties tend to be more standardised
  
  
• Obtaining insurance is often subject to a detailed application process in order for the underwriter to fully assess the risk, warranties often have a far simpler process which requires agreeing to the product or service terms and conditions 

Is the best approach to use both?

Given the differences between them, is the most comprehensive approach to risk management to take out both a cyber warranty and cyber insurance?

In short, yes. But let’s dig a little further into why. 

Cyber warranties have several perfect use cases, for example: 

• You’ve just purchased a cybersecurity tool or software and the vendor offers a warranty alongside it
• You want to cover a limited set of cyber risks that are either tied to a specific product or set of controls
• You’re considering cyber insurance but want some protection in the meantime. In this case, the second type of warranty mentioned above is perfectly suited

However, cyber warranties’ use cases aren’t endless. And, this is where cyber insurance steps in. For comprehensive cover, customisation and a wider range of recovery services attached, cyber insurance is the best bet. 

But that’s not to say the two don’t work well in concert. Here are just a few examples of scenarios where it’s beneficial to use both: 

• You want to cover against a specific set of cyber risks (for example those associated with a product) but still want general protection
• You’re using warrantied software or products but need a higher coverage limit than the warranty allows for
• You want to use a warranty to cover you against some basic risks and insurance for the more complex ones

These are just a few examples of how warranties and insurance can work well together, we could list plenty more. In fact, it’s plausible some combination of the two could become the norm for most businesses in the next few years.

Forward-thinking insurance providers are beginning to offer bundled cyber insurance and warranty solutions tailored to SMBs. With the number of threats to small businesses only growing, it’s increasingly likely this will become the standard in cyber risk transfer as the decade progresses.

Confused about cyber insurance? Check out our guide for everything you need to know.

Cyber insurance is fast becoming a necessity for modern business. In the last 12 months alone, 39% of UK businesses identified a cyberattack. And, as cyberattacks increase in number, the need for small businesses to access reasonably priced cover is only going to grow starker.

However, cyber insurance is not without its problems. As the number of businesses being breached continues to grow, the industry is struggling to keep premiums at a level that’s affordable for smaller businesses. In turn, this is pushing traditional ‘standalone’ cyber insurance (without monitoring or extra protection) out of reach financially for many SMEs. 

But cyber insurance isn’t the only game in town. Some software providers and cybersecurity companies are beginning to offer a complementary option – cyber warranties. Let’s dive into the what, the why and the how.

What is a cyber warranty and how does it work? 

A cyber warranty is a relatively simple concept. Essentially, a cybersecurity company or software developer guarantees that they will pay out if their customers suffer a breach. 

The conditions of the warranty can vary. For example, it could be that the customer has to prove they were using the company’s product when they were breached. Or, alternatively, some providers will expect the customer to adhere to a set of security standards – say the five basic controls that make up Cyber Essentials certification.

Again, the losses the warranty will cover vary from provider to provider but it’s typically a fixed amount, for example, £1m. 

This is useful to SMEs for two key reasons. First, and most obviously, if something goes wrong and your business gets breached, you’ll get some money to cover the damages. Second, it should theoretically provide vendors with a huge incentive to ensure their products are totally watertight.

However, it’s not just SMEs who benefit. A cyber warranty can also give managed service providers a cost-effective method of remediating breaches for clients. Most providers allow any company doing remediation work to bill for it to the warranty, covering the costs.

Want to protect your business but unsure where to start? Check out our free guide to cyber insurance.

Why are cyber warranties needed? 

Cyber warranties come with a number of benefits, both for small businesses and the cybersecurity sector. As we’ve mentioned, they provide any business offering one with a gigantic incentive to produce very secure products – which can only be good for users and the sector as a whole.

Alongside this, they give customers an extra layer of protection they otherwise wouldn’t have, simply for buying software or a cybersecurity tool. What’s more, some cyber warranties ‘fill in the gaps’ in instances that insurers won’t always pay out for. For example, when a breach occurs due to a failure in a vendor’s product.

Is a cyber warranty an alternative to insurance? 

While cyber warranties can function well with cyber insurance as a complementary product, they aren’t an outright alternative. This is down to some of the limitations cyber warranties have.

A cyber warranty will only cover you in the conditions outlined by the vendor. For example, the warranty might not cover ransomware or business email compromise attacks. This isn’t necessarily a big problem, after all, even cyber insurance coverage is limited. However, this could leave you exposed if you don’t have alternative coverage, such as insurance. 

In short, the safest approach is to view cyber warranties as a useful safeguard that works in tandem with traditional cyber insurance.

Confused about whether cyber insurance is right for your business? Check out our new guide, covering all the basics you need to make an informed decision.