Sure.
Floating static routes for the VPN endpoints and floating default routes with route-maps
For IPSEC VPN are you talking about mobile users or site-site VPN? Assuming you mean site-site VPN:
ip route 192.168.0.0 255.255.0.0 <wan A next hop>
ip route a.b.c.d 255.255.255.255 <wan A next hop> <=== this is the remote peer IP address
ip route 192.168.0.0 255.255.0.0 <wan B next hop> 100
ip route a.b.c.d 255.255.255.255 <wan A next hop> 100 <== same routes with higher cost for failover
ip route 0.0.0.0 0.0.0.0 <wan B next hop>
ip route 0.0.0.0 0.0.0.0 <wan A next hop> 100
Since you can only have 1 default gateway on the router, it's going to be a little more difficult to serve mobile VPN clients due to not knowing their public IP addresses, and your primary default will be to ISPB.
Here's a way around that:
ip route 0.0.0.0 0.0.0.0 <wan A next hop> <== default to A will allow remote users to connect VPN
ip route 0.0.0.0 0.0.0.0 <wan B next hop> 100
access-list 101 deny ip <local network> <imask> 192.168.0.0 0.0.255.255
access-list 101 permit ip <local networ> <imask> any
route-map ISPB permit 10
match ip address 101
set ip default next-hop <WAN B Next hop ip>
interface xxx
descript inside LAN interface
ip policy route-map ISPB
If WANB is down, route-map traffic will automatically take the default out the other ISP
