By Ryan Windt | Head of Growth Marketing | Updated June 2026
Most businesses think about a cyberattack as something that happens to their data. The records get stolen, the systems get locked, the operation grinds to a halt for a while, and then it comes back. What far fewer businesses plan for is the attack that does not give the hardware back. A bricking attack corrupts the firmware or operating software on a device so thoroughly that the device is no longer recoverable. The laptop, the server, the point-of-sale terminal still sits on the desk looking exactly as it did the day before. It is just permanently inoperable. And here is the part that catches businesses off guard: the policy you assumed would pay for it often does not.
This post explains what bricking coverage is, why standard cyber and property policies leave a gap around it, and what to actually check in your own coverage so you are not the business that discovers the gap during a claim.
What Bricking Is
Bricking is a cyberattack that renders a physical device permanently unusable by corrupting the low-level software it depends on to function: its firmware or operating system. The name comes from the result. The device becomes about as useful as a brick. It retains its physical form, shows no visible damage, and is completely dead.
There is a meaningful distinction between two outcomes. Soft bricking is a malfunction the device can recover from, often through a factory reset or a firmware reflash. The device is down, but not gone. Hard bricking is the irreversible version, where the firmware is corrupted badly enough, or a hardware-level change is triggered, that no software fix brings it back. A hard-bricked device has to be replaced. Bricking coverage is fundamentally about the hard cases, where replacement is the only path forward.
The devices at risk are not exotic. They are the ordinary hardware a business runs on: laptops, servers, point-of-sale terminals, routers, and increasingly the Internet of Things and operational technology devices that have crept into everything from building systems to manufacturing lines. Any device that depends on firmware, which is to say nearly all of them, can in principle be bricked.
The Coverage Gap That Catches Businesses
Bricking sits in an awkward seam between two policies, and that seam is exactly where businesses get caught.
Commercial property insurance is built around direct physical loss or damage to property. A bricked device presents a problem for that definition, because nothing physical happened to it. No fire, no water, no impact. The metal and plastic are intact. Courts have split on whether loss of functionality counts as physical damage, but many property policies, and many carriers interpreting them, take the traditional view that there has to be a physical alteration. Under that reading, a device that was destroyed by corrupted code rather than a physical event is not a property claim.
Cyber insurance, meanwhile, was historically focused on the consequences of a breach: data restoration, notification costs, business interruption, liability. The cost of physically replacing destroyed hardware was not always part of the base grant. Many cyber policies either excluded hardware replacement or addressed it only through a specific enhancement.
The result is a genuine gap. The property policy says this is a cyber loss, not a physical one. The cyber policy says this is a hardware cost, not a data one. Without bricking coverage explicitly addressing the hardware replacement, the business can end up holding the full cost of replacing every dead device, plus the labor to swap them and the downtime while it happens. Bricking coverage exists specifically to close that seam.
What Bricking Coverage Actually Pays For
When properly structured, bricking coverage, sometimes written as computer or hardware replacement coverage, reimburses the cost of replacing devices that a cyberattack has rendered permanently inoperable. A complete version of the coverage goes beyond the hardware itself.
- Replacement cost of the hardware that cannot be repaired or restored, from laptops and servers to point-of-sale and IoT devices.
- Installation and labor to swap out the dead devices and stand the replacements up, which on a large fleet can rival the hardware cost itself.
- Proper disposal of the bricked equipment, which matters more than it sounds when the devices held sensitive data.
- Speed of access to funds, which is the underrated benefit. The faster you can replace bricked hardware, the less business interruption you absorb. Coverage that makes replacement capital available quickly is worth more than its limit suggests.
One condition runs through almost every bricking grant: the device generally has to be permanently inoperable. Coverage applies when replacement is genuinely necessary, not when a device can be restored through a software fix. That is why the soft-versus-hard bricking distinction matters in practice, not just in theory.
The Fine Print That Decides Whether You Are Actually Covered
Here is where a broker earns their keep, because bricking coverage is rarely a simple yes or no. Even when a policy includes it, the terms around it decide how much protection you actually have. These are the points worth pressing before you bind.
Is it included or an endorsement? Many carriers do not include bricking in the base policy and offer it only as an add-on endorsement, sometimes for additional premium. Do not assume it is there. Ask the specific question and get the answer in writing.
What is the sublimit? Bricking is frequently capped well below the policy’s aggregate limit. A business with a $2 million cyber limit might find hardware replacement sublimited to a fraction of that. If your device fleet is large or specialized, a low sublimit can leave most of the replacement cost uninsured even though you technically have the coverage. For more on how these caps work across a policy, see Cyber Insurance Sublimits Explained.
Per-device limits and mass-event triggers. Some policies apply a limit per device, which can quietly cap a large-fleet replacement. Others only respond to mass bricking events affecting multiple devices, leaving a single critical server out in the cold. Read how the trigger is defined, not just the headline limit.
Which attack vectors count? Coverage definitions vary on what kind of attack qualifies. Malware and firmware corruption are commonly covered. Supply chain attacks and certain insider scenarios may not be. The narrower the definition, the easier it is to fall outside it.
Waiting periods and notification requirements. As with business interruption, a waiting period can apply before coverage engages, and missing a notification deadline can jeopardize the claim. These mechanical terms are easy to overlook and expensive to discover late.
Who Should Pay the Most Attention
Bricking risk is not evenly distributed. The businesses with the most exposure share a common trait: they depend on a lot of hardware, or on hardware that is expensive or slow to replace.
Retailers and hospitality businesses run fleets of point-of-sale terminals, any of which can be bricked in a coordinated attack, and a dead register is a closed lane. Manufacturers and businesses with operational technology face the worst case, because specialized control systems and industrial devices can have long lead times and high replacement costs. Managed service providers carry a layered exposure, since a bricking event can hit their own infrastructure and their clients’ at once. Any business leaning into IoT, from connected building systems to fleet sensors, is expanding the number of firmware-dependent devices that could be turned into bricks.
If your business would face a significant capital outlay to replace a meaningful share of its devices, bricking coverage moves from a nice-to-have enhancement to a line item worth negotiating deliberately.
How to Review Your Coverage for Bricking
The practical move is to look at your cyber and property policies side by side rather than in isolation, because the gap lives in the space between them. A few concrete steps:
- Inventory the hardware that is critical or costly to replace: servers, point-of-sale systems, specialty IoT and control gear. That list is where your bricking exposure concentrates.
- Ask directly whether your cyber policy includes bricking or hardware replacement coverage, and whether your property policy would respond to a cyber-caused hardware loss. The likely answer to the second is no, which is the point.
- If coverage exists, pin down the sublimit, any per-device cap, the attack vectors covered, and the trigger definition.
- If it does not, ask what a bricking endorsement would cost and weigh that against the replacement bill for your critical hardware.
This is the kind of coverage detail that is invisible until a claim, and by then the terms are fixed. Reviewing it while you still have negotiating room is the entire value of doing it early.
Frequently Asked Questions
Is bricking coverage included in standard cyber insurance? Not always. Some cyber policies include limited bricking or hardware replacement coverage in the base grant, but many offer it only as an endorsement that must be added, sometimes for additional premium. You should confirm rather than assume.
Will my property insurance cover bricked hardware? Usually not. Most property policies require direct physical damage, and a bricked device shows no physical alteration even though it is permanently inoperable. That mismatch is the reason bricking coverage exists as a cyber enhancement.
What is the difference between soft and hard bricking? Soft bricking is recoverable, often through a factory reset or firmware reflash. Hard bricking is permanent, where no software fix restores the device and replacement is the only option. Coverage generally applies to devices that cannot be restored.
Does bricking coverage pay for downtime too? Hardware replacement and business interruption are typically separate coverage parts. Bricking coverage addresses the cost of replacing the devices, while lost income during the outage falls under business interruption. See Cyber Business Interruption Coverage for how that piece works.
Is bricking the same as a ransomware attack? No. Ransomware typically locks or encrypts data and demands payment, with the goal of getting paid to restore access. Bricking destroys the device’s ability to function, with no key to recover. They can occur together, but they are distinct losses. See Does Cyber Insurance Cover Ransomware Payments?
Related Resources
- Cyber Insurance Sublimits Explained
- Cyber Business Interruption Coverage
- Does Cyber Insurance Cover Ransomware Payments?
- Cyber Insurance Requirements: The Minimum Controls Checklist
- How Much Does Cyber Insurance Cost?
SeedPod Cyber works with businesses across every industry to place coverage that fits the risk, including the enhancements like bricking that are easy to overlook until they matter. Contact us to review where your current coverage stands.