Endpoint security solution provider CrowdStrike announced yesterday that they will be offering a new security breach warranty that will cover up to $1 million in post-breach expenses. These expenses can include legal consultation, forensic services, and notification expenses. CrowdStrike will only be offering this security breach warranty only to customers that select their Falcon Endpoint Protection Platforms (EPP) Complete service; this service is CrowdStrike’s top security offering.
CrowdStrike is not alone in offering a security breach warranty as part of its solution; endpoint protection platform vendors Proofpoint, Symantec, SentinelOne, and Trustwave offer similar guarantees with similar payouts. Yet while security breach warranty offerings are gaining popularity and attention from enterprises looking for assurances in uncertain economic times, they are still quite rare.
In a press release, CrowdStrike said “other industries have long offered product warranties to assure customers that the products they purchase will function as advertised. This has not been the case in cybersecurity, where customers generally have little recourse when security products fail to protect them.”
CrowdStrike’s security breach warranty raises questions that enterprises and solution providers will grapple with in the near-future:
- What is the responsibility of the latter to the former?
- Who is responsible if an enterprise selects a solution but still suffers a breach?
- Does it matter how the breach occurred—whether a phishing attack tricked your employees, whether there was a security patch your IT security team didn’t deploy, or whether there was a legitimate security failure?
CrowdStrike already states that the warranty only applies to the Falcon Endpoint EPP Complete service’s duration and does not apply retroactively.
We here at Solutions Review still argue strongly in favor of finding endpoint security solutions that best fit with your enterprise’s digital needs. However, these questions are inescapable, and we don’t pretend to have clear answers as yet. What we do know is this: as of right now, you are responsible for taking every step necessary to ensure your enterprise’s cybersecurity.
What are you doing to make it strong?