Cyber Warranties Could Be Next Big Service Provider Differentiator

As worries about third-party risks continue to press on the minds of technology decision-makers within organizations large and small, many technology service providers are finding security to be a key differentiator for winning over prospects. Cyber warranties could be the next big way to help them signal to customers that they're serious about security risks.

Whether managed service providers, cloud providers, platform providers or SaaS providers, smart services firms are obviously always looking for ways to bolster their security postures. But even more importantly, they're seeking easier ways to tell customers about those investments. The biggest challenge is often proving and marketing to buyers that the service provider is committed to cybersecurity.

Tech service providers could potentially be getting a boost on this front from an unlikely partner: their insurance company. Insurers are growing increasingly savvy about how to measure cybersecurity risks so that they can underwrite new and creative cybersecurity insurance products. One of the emerging categories that should perk up the antennae of IT service providers is that of cyber warranties and guarantees.

Backed by an insurer's deep pockets, providers could potentially market to customers that they're so sure of their security if they cause a breach they'll cover remediation costs.

Usually this works by teaming up with an insurance company that validates the provider's risk posture. Then the insurer backs a warranty that covers a certain range of remediation expenses. The warranty is written into the provider's contracts and the provider then has a very visible way to promote their security competence.

For the most part, these kinds of warranties have been offered on a one-off basis. But a new insurance product out this week from one of the world's largest underwriting companies shows the direction this market is going. Maryland-based Victor O. Shinnerer & Company just established a formalized Cyber Warranty program specifically geared toward the technology solution provider market. The secret sauce to the program comes by way of Shinnerer's relationship with Guidewire's Cyence, which provides the risk analytics that give the underwriter a way to measure risk factors from the solution provider and the individual customer's internal environment.

The warranties offered by this particular program come with some pretty important limitations to keep in mind. At the moment it's geared only toward providers focused on the SMB market with annual service revenues to $40 million. And the warranty strictly provides coverage for the costs of remediating and updating systems--this isn't the kind of insurance that pays for consumer credit reports and the like.

Even with these limits, though, this kind of guarantee could achieve a lot of resonance with technology buyers for whom vendor risk management is growing in prominence.

According to a report out from Ponemon Institute last year, about 56% of organizations experienced a third-party data breach in the last year. That's a 7% increase over the previous year. What's more, only 17% of organizations feel they're effective in minimizing third-party risk and 60% of organizations say they feel unprepared to check or verify the security of their third-party vendors.  

Meantime, another report from security consultancy Protiviti last year found that over half of organizations reported that they're likely to end third-party relationships with the highest level of cyber risk sometime in the next 12 months. 

One factor that is upping the ante on third-party vendor risk management in 2018 is the effective start date of the European General Data Protection Regulation (GDPR) in May of this year. This massive data privacy regulation has pretty stringent requirements for third-party risk management and security experts have been on the conference circuit warning businesses not to overlook their third-party vendor risk postures.

This means that solution providers that want to do business with customers that need to comply with GDPR will find themselves under increased scrutiny this year.