The Cyber Warranty Program certifies ComplySec360™ – cybersecurity and compliance platform providing financial protection and remediation support in case of cyber incidents faced by its subscriber customers.

The cyber warranty provides direct reimbursement for specific cyber events, while cyber insurance offers broader coverage, including legal liability and regulatory penalties.

Any ENGAIZ customer leveraging ComplySec360™ that meets control conditions outlined below. Customer enrolled, must be a current subscriber of ComplySec360™, in good standing (all subscription fees paid as on date) for the portion of their environment in which the event occurs.

• Antivirus Industry-standard and up-to-date antivirus or comparable prevention tools are installed on endpoints
• MDR /SIEM Managed SOC or network monitoring tools on endpoint devices.
• MFA Multi-factor authentication enabled for all email accounts.
• Backups Immutable backups (secure copies of data for recovery).
• Data Privacy / Encryption Participants must comply with applicable national, state, and federal privacy and security policies, as well as encryption standards if regulatory conditions apply, such as PCI, HIPAA, GDPR, SEC or other regulatory standards required.
• Patch Updates Commercially reasonable maintenance of software patch updates must be made within 60 days of their release.
• Security Awareness Training Continuous security awareness training delivered to employees.
• Business Controls Out-of-cycle wire transfers and invoice routing information changes must be verified and documented prior to action taken .

ENGAIZ customers leveraging ComplySec360™ automatically qualify and can enroll subject to meeting control conditions and the Cyber Warranty Terms and Conditions.

No, it is a subscription-based warranty that embeds to your ComplySec360™ compliance solution. You do not need to apply for coverage through underwriting or pay premiums. In the event of a breach incident, we will manage the recovery process for you as per the terms and conditions of the warranty program. Simply verify the incident through supporting log/event data, confirm the required control measures were applied and start the recovery process to fix the problem.

The warranty covers the following events. For more details, please see the CyberWarranty360™ Program Terms and Conditions. The following event types are available for reimbursement:

• Ransom/BEC: ransomware, including remediation and ransoms, or a business email compromise (BEC) resulting in funds transfer or invoice fraud, including remediation and lost funds ($100,000 / year).
• Compliance Event: a cyber breach that triggers HIPAA, PCI, OSHA, and/or state related violations and results in a regulatory penalty, fine, or related expenses ($100,000 / year).
• Legal Liability: a suit arising out of a cyberattack, including loss or misuse of data, or a
  media peril related to your website where legal defense and settlement costs are incurred ($250,000 / year).
• Business Interruption: a security breach that results in the loss of business income (net profit or loss before income taxes), and/or any continuing operating expenses affected by it. ($50,000 / year).

Claims can be submitted through ComplySec360™ platform or by sending claim request to [email protected], with documentation or log data required to verify the incident.
We must receive proof of the event and that the threat detection solution was installed and current with updates within 48 hours of discovery. Approved payments or agreed remediation begin 48 hours after verification. Continuing costs such as legal fees or fines will be reimbursed in accordance with an agreed remediation timeline.

Business interruption loss is the net profit or loss before income taxes that would have been earned or incurred had no loss occurred, and/or continuing operating expenses affected by the breach, as calculated in the reasonable discretion of our warranty plan provider. Depending on your agreement, business income is calculated as 90-180 days of average revenue multiplied by the number of days of network downtime.

Each enrolled customer is covered for one cyber incident per year under the warranty program.

It does not change coverages or terms of a cyber insurance policy, but it may increase your insurability and reduce premiums. Many insurers are aware of our program’s ability to eliminate or reduce potential cyber insurance claims. We are happy to coordinate with your carrier to ensure proper notification of, and credit for, this additional protection.

Warranty programs are designed to react first and can coordinate with cyber insurance as a deductible buy-back covering the deductible fees within the cyber insurance policy.

There are no deductible fees associated with warranty programs, however there is a minimum of $5,000 loss required before the warranty responds.

Warranty programs do not replace or augment cyber insurance. Depending on the size and nature of your company, you may need broader protection and/or higher limits that cyber insurance can provide.

Yes, the warranty can be used independently or alongside certified cyber insurance for broader coverage and deductible reduction.

Proof of breach refers to electronic records that confirm a cyber incident affecting a customer. These records must clearly demonstrate unauthorized access, compromise, or data loss. We accept at least one reliable electronic record, typically found in log files. If log files are unavailable, screenshots, system alerts, forensic reports, or other recorded evidence may be submitted for review.

You need to submit details about the incident, including:

• The strain of malware or cyber threat.
• Data logs showing traits of the affected device.
• Information on the covered software impacted.

Yes. The covered software must have all system patches and updates applied within 60 days of release. Failure to maintain updates may affect claim eligibility.

You may submit an itemized invoice for remediation services, but the cost must not exceed $250 per hour. If using a third-party service, we must approve the Scope of Work before reimbursement.

Each subscribed customer is entitled to one valid event claim per year.

If verification data or responses are insufficient within 15 days, the case may be closed without reimbursement.