Article
How Bricking Coverage in Cyber Insurance Safeguards Your Business
Crucial coverage for businesses that rely on technology to operate
The damage of cyber attack can take many forms. We often hear about attackers stealing company data and personally identifiable information (PII), but there’s another potential target of cyber attacks that isn’t talked about as much: hardware.
Threats designed to abuse IT systems, break through defenses, and inflict maximum damage can leave computer hardware in a state beyond repair. Cyber insurance can help victims recoup the cost of replacing destroyed hardware — provided they have bricking coverage, which is often included as an enhancement to base policies.
What is Bricking in Cyber Insurance?
Bricking happens when a cyber attack turns a piece of computer hardware into a “brick” — i.e., renders it unusable to such an extent that it requires replacement. Cyber liability insurance can cover the cost of replacing destroyed hardware, provided that bricking coverage is included in the policy or has been added.
Examples of Bricking Incidents
Any company that relies on (or sells) computer hardware could potentially be a victim of bricking. Here are two examples:
- Princeton Community Hospital Ransomware Attack: A 2017 ransomware attack left this West Virginia hospital unable to save data onto hard drives, prompting it to replace 1,200 of these devices. The final costs included both the purchase price of the hard drives and the time/labor to install all of them, before even accounting for the lost revenue and extra cost when the devices were down.
- Widespread Malware Attack on IoT Devices: In June 2019, a teen coder developed malware that intentionally bricked Internet of Things (IoT) devices with weak passwords. This attack rendered thousands of IoT devices useless within hours, affecting many organizations and consumers.
What Industries and Business Types are Vulnerable to Bricking?
It only takes one computer, device, or drive going down to throw an organization reliant upon these electronics into chaos. Any organization that uses technology to operate could see critical hardware suddenly go down for good, causing deep and lasting turbulence.
Industry: Though the risk of bricking is universal among businesses that rely on devices, it’s higher for businesses and industries that are more technologically dependent, as they’re the ones most likely to encounter bricked devices and also the ones positioned to suffer the greatest losses.
The 2023 Cost of a Data Breach Report from IBM shows that the healthcare sector has the highest average cost for a data breach ($10.93 million), which is almost double the next entry. Bricking likely drives part of that high figure because medical devices are both expensive to replace and urgent to get back online. The financial, pharmaceutical, energy, and industrial industries follow healthcare for the highest data breach costs, and all can be affected by bricking for similar reasons.
Size: Larger companies have more devices that may potentially get bricked, which can add up to a higher replacement bill. That said, losses can still be high for small and medium-sized businesses (SMBs) despite having fewer devices, since the destruction of critical hardware can knock out most or all of their operations.
The Importance of Bricking Coverage in Cyber Insurance
Bricking cyber insurance coverage helps businesses protect against financial losses that are deeper and more dynamic than many realize.
For instance, IBM reported in 2023 that destructive attacks (defined as “attacks that render systems inoperable and challenge reconstitution”) cost $5.24 million on average. While data is often the thing being destroyed, hardware can be a target too. That target only grows larger as companies become increasingly dependent on hardware — especially devices that facilitate remote work. Replacing even a small portion of this hardware could require a major capital outlay.
Cyber insurance with bricking coverage can help cover this cost. Potentially more importantly, it can make the funds available to replace the hardware as quickly as possible to minimize the downtime and business disruption caused by bricked hardware.
When important IT breaks, it can put everything from contracts to compliance to customer relationships at risk, with potentially devastating consequences for revenue over the long term. Bricking coverage can supply the funds to put the destroyed pieces back in place and restore the status quo ASAP.
Key Elements of Bricking Coverage
Neither the insurance nor the tech industry uses a standard definition of “bricking.” Additionally, coverage details vary widely across cyber liability insurance policies and providers, making it important to evaluate what coverage options do and don’t include.
Key elements to consider:
- Device and System Bricking Scope: Does coverage apply to all devices? Does it also apply to disabled systems and software? What kinds of attacks are covered?
- Liability Coverage for Third-Parties: Is bricking caused by a third party with access to the insured’s IT covered by the policy? What about when the insured bricks the hardware of a client, supplier, or partner?
- Business Interruption Coverage: Does the policy cover lost revenue when bricked technology causes business interruptions, or does the policy only cover the cost of replacements?
- Legal and Regulatory Requirements: Are there any legal or regulatory requirements applicable to bricking coverage or liability for lost devices? Does the policy conform or conflict with those mandates?
Limitations and Exclusions
It’s important to note that bricked hardware rarely falls under the coverage umbrella of property damage insurance carried by most businesses. Those policies cover “tangible” damage to property. Changing the firmware of hardware to brick the device doesn’t qualify as tangible damage even if it renders the device unusable.
Cyber liability coverage doesn’t always automatically fill this coverage gap, either. Bricking coverage often isn’t included in base policy forms but can be offered as an enhancement option so that companies can better align their coverage to their particular needs. Companies in the healthcare, finance, pharma, and tech industries often seek this enhancement.
Bricking cyber insurance coverage may exclude certain types of attacks. For example, it may cover destructive malware that breaks the firmware but not cover ransomware attacks that wipe data from a disk without completely disabling the device. Likewise, the policy may stipulate limitations for which replacements it will cover and how much of the attendant costs (disposal, install, consulting, etc.) it will pay for.
Bricking Coverage From At-Bay
Hardware is the foundation that keeps today’s digital organizations running. When that foundation suddenly goes down, taking critical capabilities and data with it, resolving the situation becomes priority number one.
Bricking cyber insurance coverage keeps the cost of new hardware from stalling the pace of replacement or creating lasting financial losses. It’s an essential part of comprehensive cyber insurance coverage, and it’s included in At-Bay’s standard Cyber insurance quote packet at full limit.
Explore Cyber insurance from At-Bay, which includes bricking coverage among so much more →
About At-Bay
At-Bay is the InsurSec provider for the digital age. By combining world-class technology with industry-leading insurance and security expertise, At-Bay was designed from the ground up to empower businesses of every size to meet cyber risk head on. Our InsurSec approach provides end-to-end protection for modern businesses. It’s a force multiplier that includes security, threat intelligence, and human experts to close the SMB cybersecurity gap — all as part of their insurance policy.
