Bricking Coverage
Cyber coverage for the cost to replace hardware and IoT devices rendered permanently inoperable by a cyberattack.
What It Is
Bricking coverage pays for the replacement cost of computer hardware, firmware, and IoT devices that are rendered permanently inoperable, or bricked, by a cyberattack. When malicious code overwrites firmware or corrupts embedded software beyond recovery, the affected devices become useless and must be physically replaced. Standard cyber policies typically cover data restoration but not hardware replacement, creating a gap that bricking coverage fills.
This coverage has become increasingly important as more businesses deploy IoT devices, industrial control systems, and embedded computing devices that are vulnerable to destructive malware. Attacks designed to brick devices, such as wiper malware that targets firmware, have been observed in attacks on industrial systems, retail point-of-sale terminals, and networked medical devices.
Bricking coverage is typically offered as an optional endorsement with a separate sublimit. Limits are usually modest, ranging from $50,000 to $500,000, reflecting the hardware replacement cost rather than the broader business interruption impact. The coverage may be limited to devices directly owned by the insured and may exclude leased equipment or devices under warranty.
Why It Matters for Brokers
For clients with significant hardware investments, particularly in manufacturing, healthcare, and retail, a destructive cyberattack that bricks devices can result in hundreds of thousands of dollars in replacement costs that fall outside standard cyber and property coverages. Property policies typically exclude cyber-caused damage, and standard cyber policies cover data restoration but not hardware. Bricking coverage fills this specific gap.
Real-World Example
A hospital's network of 340 IoT-connected patient monitoring devices is hit by wiper malware that corrupts the firmware, rendering all devices permanently inoperable. Replacement cost is $2,800 per device, totaling $952,000. The property policy excludes cyber-caused damage. The cyber policy's data restoration coverage does not extend to hardware. The bricking endorsement with a $500,000 sublimit pays the maximum, leaving $452,000 uninsured. Without the endorsement, the full $952,000 would have been uninsured.
Common Mistakes
- 1Assuming the property policy will cover hardware destroyed by a cyberattack when most modern property forms exclude cyber-caused physical damage.
- 2Not requesting bricking coverage for clients with significant IoT or embedded device deployments because the coverage is not included in base cyber forms.
How brokerageaudit.com Handles This
brokerageaudit.com's Submission Intake module asks about IoT device counts and hardware dependencies, flagging the need for bricking coverage when the client's hardware exposure exceeds $100,000. Policy Checker confirms whether bricking coverage is included in the placed cyber policy and compares the sublimit against the estimated hardware replacement cost.