Bricking coverage indemnifies the insured for hardware rendered unusable due to a cyber event. When hardware is corrupted to the point that it no longer functions, it is commonly referred to as a “brick” .
There are a variety of things that can turn hardware into a “brick”, one of the most common examples are changes to firmware (the software that enables computers to operate at their most basic level).
Bricking coverage only applies in the event hardware is damaged due to a cyber event. That means that coverage will only be activated if, for example, a covered computer gets hacked and its firmware gets altered.
Malware is malicious software intended to damage computers or gain access to private information. Whenever you see the terms “hacking,” or “cyber event,” in the news, they are usually referring to some form of malware infecting a system. Malware could simply collect information for hackers to sell, or it could permanently alter a computer’s firmware – resulting in bricking incidents.
A specific type of malware called a “Brickerbot” was designed to shut down IOT devices (IOT can refer to anything connecting to the internet, but in this case, it mainly targets smart devices) by exploiting factory default passwords. In 2017 an with incident with a brickerbot shut down millions of IOT devices by removing device safety settings, firewalls, and storage, and then instructing the device to halt. The incident resulted in permanent damage to many of the affected devices.
Bricking beyond firmware:
Devices arent considered bricks only when they can’t turn on. They’re bricks if a cyber event makes them permanently unusable. For example, if a device is permanently altered such that it serves as a “backdoor” vulnerability to a network, it’s effectively unusable and therefore a brick. As long as the device is unusable, it’s a brick and bricking coverage may apply.
Common types of malware:
Example Bricking claims:
School breach: A school district employee clicked a link in a phishing email exposing their network to a Trojan incident. As a result 200 PCs were compromised and no longer usable. The total value of the hardware was $125K. Luckily, the school district had a cyber policy with bricking coverage. Their policy’s bricking sublimit was $500k and they had no prior claims, After paying their $5,000 deductible the carrier stepped in and covered the rest of the bill.
Hospital Incident: A hospital system’s computers suffered a major breach. After the hackers stole patient medical data, they altered the computers’ firmware preventing them from turning on. The total value of the hardware was $200k. Luckily, the hospital system had a cyber policy with bricking coverage. Their policy’s bricking sublimit was $750K and they had no prior claims, After paying their $5,000 deductible the carrier stepped in and covered the rest of the bill.