Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Business Impact

Get Hacked and Your Cybersecurity Company May Pay

A small but growing number of cybersecurity companies are introducing warranty programs that can serve as insurance against the cost of a potential data breach.

The hackers are winning, so the market for cybersecurity insurance is booming. Today businesses accept that they are likely to be breached no matter how much they spend on defenses, and they’ve begun looking for someone to share the cost. Pricing the risk is difficult, however (see “Insurers Scramble to Put a Price on a Cyber Catastrophe”). And that has created a new opportunity for security companies confident enough to warranty their products.

Companies will spend $7.5 billion on cybersecurity insurance in 2020 (up from an estimated $2.5 billion in 2015), according to a recent projection by PricewaterhouseCoopers. The ballooning market reflects how common cybercrime has become—and the fact that cybersecurity companies are not financially accountable when something goes wrong.

Jeremiah Grossman, chief of security strategy at SentinelOne, which sells antimalware systems, says that should change. To align its financial interests with its customers’, SentinelOne offers a warranty that puts the company on the hook for up to $1,000,000 if the customer falls victim to a ransomware attack, in which hackers break in and encrypt data before demanding a ransom to unlock it. Other cybersecurity startups, as well as big players like Symantec and McAfee, now similarly promise to pay up if their product or service fails.

Grossman says his 10-month-old warranty program has already given his company a leg up on its competitors.

Sign up for The Download
What's important in technology and innovation, delivered to you every day.
Manage your newsletter preferences

It is too early to say whether cybersecurity warranties will amount to anything more than marketing ploys, says Steve Durbin, managing director of the Information Security Forum, a nonprofit organization that develops recommendations for the best way to manage information security risks. But some vendors have gathered valuable information by monitoring the performance of their products over the years, and that potentially puts them in a strong position to “plug a little bit of a gap” in the insurance market, he says.

In evaluating these risks, cybersecurity firms have an advantage over traditional insurance companies, because they have crucial data that can only come from analyzing real events like the data breaches they themselves have experienced. Traditional insurers, by contrast, are just beginning to assess the full risks of doing business in cyberspace.

That helps explain why insurers, including AIG, are getting behind these new warranty programs. (AIG declined to comment for this story.)

Grossman’s company has its own data on the risk that its system will miss a ransomware attack. Those numbers helped convince an established liability insurer (as part of the arrangement, SentinelOne does not reveal this company’s name publicly) to back its warranty.

Many of the data breaches we have seen could have been avoided if businesses had patched their systems adequately. For example, the WannaCry ransomware attack that began in May takes advantage of old, unpatched Microsoft operating systems. Companies that sign up for these programs will get a payout only if they follow proper security practices.

AsTech Consulting, whose service entails analyzing a business’s source code to identify vulnerabilities, working with the company to fix them, and training employees not to reintroduce them, recently began offering a guarantee that customers who follow the process and still suffer a breach will be compensated up to $1,000,000.

If a company’s risk is “measurably going down,” a result AsTech says its process has been shown to achieve over the past 20 years, that will attract insurance companies because they will better know and manage their risk, says CEO Greg Reber. “That’s a pretty good market.”

Cut off? Read unlimited articles today.

Become an Insider
Already an Insider? Log in.

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

More from Business Impact

How technology advances are changing the economy and providing new opportunities in many industries.

Want more award-winning journalism? Subscribe to Insider Plus.
  • Insider Plus {! insider.prices.plus !}*

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

    Bimonthly digital/PDF edition

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special interest publications

    Discount to MIT Technology Review events

    Special discounts to select partner offerings

    Ad-free web experience

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.