US cyber-security firm CrowdStrike announced yesterday a new warranty program for its customers, offering to cover up to $1 million in expenses if a customer protected by its top-tier endpoint protection solution (aka fancy word for antivirus program) suffers a security breach.

The CrowdStrike "Breach Prevention Warranty" will be offered for free to any customer who purchases a license for the CrowdStrike Falcon EPP Complete subscription, the company's top security software.

Based on the number of licenses a customer purchases, the breach warranty can cover costs up to $1 million for the duration of the Falcom EPP Complete subscription —which can be acquired for one year periods.

The warranty can be used to cover data breach expenses

CrowdStrike says customers can use the warranty to cover certain breach response fees and expenses incurred by the customer following the breach, such as legal consultation, forensic services, notification expenses, identity theft and credit monitoring, public relations and cyber extortion payments.

The warranty is offered on a "take it or leave it" basis, and CrowdStrike doesn't plan to allow customers to negotiate its terms and coverage.

The warranty will only cover security breaches during its duration, and pre-existing security incidents are not eligible.

The problem of inexistent security software warranties

"Other industries have long offered product warranties to assure customers that the products they purchase will function as advertised," CrowdStrike said yesterday in a canned presser. "This has not been the case in cybersecurity, where customers generally have little recourse when security products fail to protect them."

The company claims it's the first to offer such a data breach warranty protection to clients. This may be true for "data breaches," but not true for other types of security incidents.

Back in the summer of 2016, SentinelOne offered a similar cyber insurance plan but for ransomware infections. Through the "Ransomware Cyber Guarantee," SentinelOne offered to pay a ransomware's ransom fee if any of its clients suffered were to be infected while protected by its endpoint security product.