The cybersecurity software developer SentinelOne has recently announced a $1 million reimbursement for customers that are hit by a ransomware attack. However, many have described this coverage as good marketing opposed to good insurance. Mike Buratowski, vice president of cybersecurity services at Fidelis Cybersecurity, explained, “It’s good that they are standing behind the capability of their product with this guarantee. The guarantee program is a novel idea with some credibility to it, however there is also a bit of marketing gimmickry in it as well.” The full reimbursement would only be rewarded if a thousand user machines with the latest SentinelOne software were affected, and if the ransom was over $1,000 for each machine. This is problematic, as most ransomware attacks do not hit dozens of machines, but instead focus on just a few before spreading across networks to encrypt other files, a breach that SentinelOne does not cover.
Additionally, SentinelOne does not offer to pay for any of the other costs associated with a breach other than the ransom, which often exceeds the price of the demanded ransom. According to IBM’s 2016 Cost of Data Breach Study, the average cost of a data breach is around $4 million. Once inside a network, for example, cybercriminals have access to personally identifiable information (PII) and health information that can be used for identify theft. While cyber insurance will most likely cover these secondary costs, SentinelOne’s $1 million reimbursement will likely fall short. This is not the first software developer to offer insurance for its product. KnowBe4 packaged $500 reimbursement into its product since 2014, and have recently raised the payment to $1,000, all within the purchase price. Cybersecurity experts warn that while this is a good marketing tactic, cyber insurance is a far safer form of risk mitigation. Insurance can help thwart an attack on the front end, while also providing recovering assistance if an attack were to occur.