October 17, 2024
Spectra
Cyber insurance and cyber warranties are hot topics in the channel. Security vendors are looking to differentiate their solutions with performance warranties and insurers are increasingly investing in channel marketing in an attempt to access customers of IT and security service providers (MSPs/MSSPs). Meanwhile, others have suggested that cyber insurance is more of a headache than it is worth, and that cyber warranties could eventually replace insurance. This misconception feeds confusion as to what is insurance and what is not, creating potential liability risks for all involved.
At SPECTRA, we take a different approach. Our products are designed to ensure that both warranties and insurance deliver value to businesses in a complimentary, rather than competitive, manner.
Warranties guarantee the performance of a managed service. Insurers value this type of warranty because it provides reassurance that security best practices are in place and regularly inspected. This insight into the quality of services is then used to provide a much more sophisticated view of the risk when structuring and pricing insurance policies.
The analogy would be the purchase of a car where the dealership gives a warranty so long as the car is serviced by their certified garages for regular maintenance and repairs. In addition, the car owner takes out insurance coverage from an insurer, where the insurer clearly derives comfort and value from knowing that the car was purchased from a trusted dealership, servicer and manufacturer.
Over the last ten years, as competition ramped up across both security vendors (software) and providers (MSPs), businesses have considered warrantying their products or services, in order to differentiate in a crowded market.
There are two types of warranties; Product Warranties and Service Warranties.
Security (software) vendors have offered bundled warranties for a few years. Those typically have lengthy requirements for the end customer to maintain for the warranty to be valid if triggered. Those can sometime be subjective. Unfortunately, many product warranties impart significant requirements on the user of the product, giving the vendor an opportunity to avoid responsibility under the warranty if the user makes an error in configuration, deployment, monitoring, etc.
Service warranties are much more straightforward for the end-customer as most requirements are the responsibility of the service provider (MSP). From the customer’s perspective, these types of warranties are more focused on a business outcome: guaranteed cyber resilience, or a payment for a service not performing as expected.
SPECTRA delivers its vendor-agnostic certification of resilience to MSP partners, with a focus on the ability of the MSP to provide resilient and outcome-driven managed services to their customers. In addition to certifying the MSP (people, processes, and technology), SPECTRA also certifies the foundational and fully managed security solutions (Endpoint Protection, Business Email Compromise (BEC) defense, FireWall (FWaaS) with Distributed Denial of Service (DDoS) mitigation, Back Up (BaaS), and Disaster Recovery (DRaaS)) as those mitigate or block the vast majority of cyber incidents that lead to insurance claims.
SPECTRA’s certification of MSP Services is bundled with a cyber warranty providing an immediate service refund to the customer if the service fails to perform as designed during a qualifying cyber incident (Ransomware, DDoS, and BEC and other disaster events).
As SPECTRA warranties are simply tied to the value of the MSP service (and do not indemnify the customer for losses suffered as a result of the incident), there is no room for these products to be confused with insurance.
Cyber insurance differs from warranties on multiple levels. It is a regulated activity, MSP or vendors should not be involved in the solicitation, negotiation or offering of insurance unless they have the appropriate licenses in the relevant jurisdiction. Instead, security vendors and MSPs can refer customers to licensed insurance agents for access to cyber insurance products. Cyber insurance – which provides broad coverage for first and third-party indemnification - is typically sold in isolation, although some cyber insurers now offer combined managed security services and insurance products.
For more information on the availability of cyber insurance products for SPECTRA Partners and their customers, please contact: jp.kennedy@hubinternational.com.
Cyber service warranties, when tied to the service performance and the business outcome for the end customer, have value. That value is increased when a third party, who verified that the security solution follows best practices, is on the hook to pay if the security solution fails to perform as designed.
SPECTRA’s insurance partners recognize the value of certification and warranty (and the investment in time and resources by our MSP partners), making MSPs and their customers better insurance risks.
Spectra is a cyber risk platform. We partner with Managed Service Providers, Brokers, and Carriers to deliver tailored risk transfer solutions to channel partners and their customers.
Copyright © 2022-2024 SPECTRA – All Rights Reserved
SPECTRA 90 Pitts Bay Road, Hamilton, Bermuda
