Cyber insurance is commonly used by businesses to mitigate potential losses in the event of a breach. Although cyber insurance premiums have historically increased given an increasing amount of claims, in the past year, cyber insurance premium rates have actually decreased by 17%. This is despite a growing number of ransomware attacks and other cybersecurity-related incidents.
While cyber insurance may mitigate the financial impact of a breach event, it doesn’t reduce the likelihood of a major loss event occurring. This is largely because the cyber insurance claim process can be slow, frustrating, and often result in lower payouts than expected. Additionally, it doesn't expedite the initial incident response, forensic investigation, or return to business operations.
This is where breach protection warranties in an Managed Detection and Response (MDR) contract play a crucial role, offering additional layers of protection and support during a breach. However, these warranties come with specific conditions and limitations that can severely limit their effectiveness.
This process can be eye-opening for many who believed cyber insurance, or warranties would minimize the impact of a breach. Remember, data breach protection warranties and cyber insurance are not free; you are paying for them, and they should give you the exact coverage you need.
Therefore, it’s critical to understand exactly what’s covered and what’s not, before factoring cyber insurance or product warranties as part of the risk mitigation strategy for your organization.
Before you finalize your MDR provider, make sure you get clarity on your cyber insurance and breach warranty coverage. Here are some questions you should ask:
1. What qualifications are required for the warranty?
Before finalizing an MDR contract, make sure you’re having thorough discussions about warranty qualifications. Ask for a clear, written document outlining covered incidents, expense limitations, and any exclusions. For example, some MDR providers require every endpoint to be updated with the latest software to qualify for a warranty.
Other requirements may include:
- Signing multi-year contracts or additional services beyond MDR.
- The acceptance of additional T&Cs that are not negotiable.
- Specific warranty indemnification limits per event that restrict actual compensation.
Warranty qualifications clearly define the types of incidents covered under the MDR service's warranty program. This transparency prevents misunderstandings and ensures you know what expenses the provider will cover in case of a successful breach.
2. Has anyone ever been paid out the full warranty amount?
Knowing if existing customers have successfully activated the incident breach warranty provides insight into the provider's track record. A high activation rate suggests the qualifications are achievable in real-world scenarios.
If other customers have qualified, you have a benchmark for what constitutes a qualifying incident. This can help in contract negotiations to ensure the qualifications are fair and achievable. If the MDR provider is hesitant or avoids disclosing past warranty activations, it raises red flags indicating that they might be downplaying the difficulty of qualifying for the warranty.
3. What are the regional restrictions on the warranty?
Unclear communication about regional limitations can create mistrust and suggest that the MDR provider might be hiding unfavorable terms. If the warranty has regional limitations that don't align with your needs, you have leverage to negotiate for broader coverage during the contract phase. Understanding these restrictions upfront ensures that the warranty coverage aligns with your geographical risk profile.
4. What if the breach was caused by a device not managed by the MDR provider?
According to Microsoft, 80-90% of ransomware attacks over the past year originated from unmanaged devices. The reality is that most organizations will have a mix of managed and unmanaged devices. Therefore, knowing if the warranty covers unmanaged devices helps you assess your overall risk profile.
You might be able to convince the MDR provider to extend the warranty to some or all unmanaged devices, potentially for an additional fee.
5. Am I covered if there are secondary and tertiary incidents? Is coverage terminated once a claim is made?
It's very difficult to find cyber insurance once a claim has been made. Plus, most warranties and insurance policies do not automatically cover secondary and tertiary incidents.
Make sure you understand whether your MDR warranty will continue to provide coverage for subsequent incidents after an initial claim. Ensure that you know the terms and conditions surrounding multiple incidents to avoid unexpected gaps in your protection.
6. Does my MDR warranty protect my organization from claims if an attack pivots from my network to a third-party network?
Typically, MDR warranties won’t protect your organization in this scenario. So, if your organization plays any role in a third-party vendor supply chain, it’s essential for you to confirm this with your MDR provider. If your MDR provider says you’ll be covered, make sure the breach warranty specifically has it in writing.
On the other hand, cyber insurance coverage policies may offer either first-party or third-party coverage as part of the errors and omissions (E&O) insurance:
- With first-party coverage, any expense related to a data breach occurring on your network is usually covered.
- With third-party coverage, your cyber insurer may cover lawsuits you incur from a data breach that impacted your customers’ network or any systems that you worked on.
Choosing the right MDR provider involves more than just assessing technological capabilities. One critical, yet often overlooked, aspect is the warranty coverage that comes with an MDR contract. As a security leader, you must thoroughly understand these warranties to make informed decisions and ensure robust protection for your organization.
By gaining clarity on the warranty terms and asking the right questions, you can better evaluate the value and coverage offered by the MDR provider, ensuring that it aligns with your organization's risk management strategy and provides comprehensive protection.
To learn how we can help you choose the right coverage for your business and protect you from sophisticated cyber threats, connect with an eSentire cybersecurity specialist today.
