Yes, sometimes the liability clauses in contracts are negotiable if the customer is large enough. Often, it is not, as we’ve seen in the fallout from the recent Crowdstrike blunder that caused worldwide chaos where Crowdstrike has been invoking its EULA provisions re liability being limited to twice what the customer’s annual bill was.
Fair, but I’m not sure how much difference there is between “not negotiable” and “no rational large customer would ever choose to buy cyberinsurance from its security vendor by negotiating a liability shift in exchange for paying massively more.” This would be like buying pandemic insurance from an insurer who only sold pandemic insurance (and wasn’t backstopped by reinsurance or government support). If/when you needed to make a claim, everyone else would be in a similar position, and the claims would bankrupt the security vendor quite easily. That means everyone gets only a small fraction of their claim paid and holds the bag for the rest.
Yes, sometimes the liability clauses in contracts are negotiable if the customer is large enough. Often, it is not, as we’ve seen in the fallout from the recent Crowdstrike blunder that caused worldwide chaos where Crowdstrike has been invoking its EULA provisions re liability being limited to twice what the customer’s annual bill was.
Fair, but I’m not sure how much difference there is between “not negotiable” and “no rational large customer would ever choose to buy cyberinsurance from its security vendor by negotiating a liability shift in exchange for paying massively more.” This would be like buying pandemic insurance from an insurer who only sold pandemic insurance (and wasn’t backstopped by reinsurance or government support). If/when you needed to make a claim, everyone else would be in a similar position, and the claims would bankrupt the security vendor quite easily. That means everyone gets only a small fraction of their claim paid and holds the bag for the rest.