A warranty is a representation from a manufacturer or seller that the product purchased is free of defects or flaws for a specific length of time. In the case of technology M&A, warranties are often used to mitigate risks associated with cybersecurity and data availability.
Data security guarantees are becoming more popular with distributors. With ransomware expected to cost businesses $265 billion in 2031 and the potential to attack every 2 seconds, it’s no surprise that they offer this new assurance to their clients. These guarantees help reduce the economic risk related to cyberattacks by shifting the legal responsibility to the seller. They are usually offered as a complement to cybersecurity insurance to cover gaps where coverage may not be sufficient.
The specifics of a security assurance vary extensively, but they usually include shortage of business revenue along with additional costs incurred and reputational damage that results from a breach. They could also include a policy meant for legal responsibility, which covers the costs of allowing individuals impacted by an attack to be identified as as any fines or charges received from potential lawsuits.
But while the underlying idea behind a data safety assurance is good, many of them have serious shortcomings. Consider the example of Rubrik which provides the “Recovery Incident Warranty.” This warranty pays for what they call “Recovery Incident expenses.” But this doesn’t mean your employees are paid for the hours spent on a recovery incident. Rubrik will only pay if they have receipts for the expenses. This is a tiny red signal.