Cohesity is pleased to offer the industry’s most generous ransomware warranty offer, one that will double the payout of any competing agreement, subject to equivalent terms. This offer is effective beginning April 1, 2024.
But there’s an unspoken truth I’d like to share with you. These warranties are intentionally designed to never pay out. Each warranty includes a series of requirements designed to be impossible to meet, as well as numerous escape clauses enabling the vendors to blame you for the occurrence of the cyber event you are experiencing and avoid liability themselves.
Even more cynically, these warranties often act as the ‘sole and exclusive remedy’ you have against the vendor. This means warranties function as a stealth way the vendor can get you to agree to actually limit the vendor’s liability. Do you want to be adversarial with your supplier in a time of great need for your organization, or do you want them engaged in open and transparent conversation, helping you recover and get back on your feet quickly?
Nevertheless, if you need to check a box, Cohesity is here to support that need by exceeding the coverage offered by any other competitor in our space.
Here’s the fine print
So what’s the catch? It’s in the fine print. The requirements of these warranty offers are nearly impossible for you to meet. Here’s a list of 11 common ways a vendor can avoid payment:
- It’s a preexisting condition.
- The damage happened while you weren’t in full compliance with every recommendation the vendor gave you on security.
- You weren’t running the latest software version and security patch on all your devices.
- Your restore environment wasn’t clean.
- You didn’t do everything else the vendor ever told you to.
- You didn’t notify the vendor within 12 hours of the incident.
- You didn’t maintain security in accordance with the then-current industry best practices (as determined by the vendor).
- Your expenses weren’t for recreation, recovery, or restoration of data.
- You didn’t get the vendor’s written approval for each expense and each third party to whom you incurred costs.
- You didn’t let the vendor exhaust every possible remedial measure before incurring expenses.
- The incident was caused by the customer introducing malware (which could happen e.g. in a phishing scenario).
These recommendations aren’t all bad. Many are best practices you should prioritize and will make your organization safer. But others are highly subjective, and vendors can easily cite them to avoid a payout. That’s why you’ve never heard of a vendor actually paying for damages in the event of an attack.
A guarantee that’s guaranteed never to pay out is, at best, a distraction and a gimmick—at worst, it’s false hope.
We’ll double the payout of any published warranty
The warranty offered by one of our competitors is twice as long as the Declaration of Independence. If you read that warranty out loud, it would take you approximately 18 minutes and 31 seconds.
There are better ways to spend both your time and your money.
If you want to know how certain we are of this, how about this? We’ll match any published warranty and double the payout with equivalent conditions to those our competitors require. Think of this as us accepting a competitor’s coupon.
We’ll tick that box. But we still maintain our position that in order to achieve cyber resilience, you need to invest in people training, clearly define the processes, and adopt the right technology. In short, you shouldn’t outsource your business’s resilience to any warranty.
Learn from your peers
At Cohesity, we’ve helped over 4,300 organizations like yours reduce their risk from cybercriminals. We invite you to learn more about how we can help you strengthen your resilience—how to upskill your people, modernize your processes, and upgrade your tools for the threats you face.
Let’s look at some examples of real world ransomware attacks and how Cohesity protected its customers, providing actual resilience instead of contrived warranty gimmicks.
If you’re just starting this journey, you can benefit by standing on the shoulders of giants and learning from those organizations well into their resilience journey. Here are three of my favorite examples from our library of case studies.
- Emerge IT Solutions: Paid $0.00 after a ransomware attack. This manufacturer restored 80% of their files in just three days.
- California Department of Finance: Paid $0.00 after a ransomware attack. This agency restored 100% of its M365 data in just 12 hours.
- Sky Lakes Medical Center: Paid $0.00 after a ransomware attack. This healthcare provider recovered in minutes instead of days, with no data loss.
These organizations didn’t rely on an unusable warranty. They trusted their people, carefully designed processes, and industry-leading tools to recover when it counted most.
Next steps: It’s time to accelerate your resilience strategy
Ransomware is a pervasive problem—striking institutions of all sizes at any time. We now know it’s not a matter of if, but when. Recent research commissioned by Cohesity found that 90% of those polled paid a ransom in the past two years. This lines up with a new report from blockchain analyst Chainalysis that said ransomware gangs took more than $1.1B from their victims in 2023. (Check out James Blake’s recent blog on this.)
In the face of these statistics, it’d be nice to have a safety net. The idea of a warranty seems like it can offer peace of mind, but don’t be fooled or let down your guard. A warranty isn’t a magic document that’s going to protect you in a material way. A warranty is no substitute for a rigorous cyber resilience strategy nor a replacement for obtaining cyber insurance.
