Citadel offers cybersecurity warranty

Citadel Security Software has introduced Hercules SecurePlus, which may be the first insurance policy against financial losses caused by cyberattacks.

“Software manufacturers can and should be in a position to demonstrate to customers that their product works as they say it does,” said Bob Dix, Citadel’s executive vice president of government affairs and corporate development.

“We needed to put our money where our mouth is to be part of the solution instead of being part of the problem,” Dix added.

If a Citadel customer running Hercules Security Compliance and Vulnerability Remediation software is successfully attacked because the company did not provide adequate protection, Citadel will reimburse the customer for data-restoration costs or the value of the information, up to the value of their Hercules contract, Dix said.

Citadel’s standard support agreement promises that the company will address high-risk security vulnerabilities within 24 hours, medium-risk vulnerabilities within 72 hours and low-risk vulnerabilities as time allows.

An AIG division is underwriting the program, Dix said.

The SecurePlus warranty is free and automatically applies to all Hercules buyers. It lasts for the first year of the license.

In addition to protecting clients’ computer systems, Hercules SecurePlus will help Citadel customers comply with federal regulations that require minimum cybersecurity controls, including the Sarbanes-Oxley Act of 1992, Health Insurance Portability and Accountability Act of 1996, Federal Information Security Management Act of 2002 and Homeland Security Presidential Directive 12, Dix said.

The warranty could increase liability protection by showing duty of care and due diligence, Dix said. It could also encourage investment in new IT systems, he said.