Transfin.
HomeNewsGuidesReadsPodcastsVideosTech
  1. Reads
  2. Lite

Fortifying Against Cyber Crime: Everything You Need to Know About Cyber Insurance Policies in India

Editorial Intern, TRANSFIN.
Sep 11, 2020 11:39 AM 4 min read
Editorial

On September 3rd, one of Prime Minister Narendra Modi’s Twitter accounts associated with his personal website got hacked.

Unauthorized tweets, supposedly posted by a South Korean group identifying itself as ‘John Wick’, asked for Bitcoin donations to a relief fund claimed to be linked to the “PM National Relief Fund”.

Despite being one of the World’s most influential and implicitly most protected political figures, the PM was not spared from the menace of cyber attacks.

 

Between 2016 and 2018, India was the second most affected country in the world from cyber attacks, costing it an average of $1.7m per data breach. In terms of “most significant” cyber attacks, that is, on the country’s government agencies, defence assets, high tech industry or economic crimes with losses amounting to more than a million dollars, India witnessed 23 such threats between May 2006 to June 2020, placing it just behind the US and UK.

 

 

Organisations and exposed persons are more and more treating cyber insurance as a must to safeguard themselves from such threats.

 

What is Cyber Insurance and Why Do We Need it?

Cyber insurance is an insurance policy that protects individuals and organisations from the risk of fraudulent cyber activities and data breaches.

The ubiquity of the internet has made the threat of cyber crime imminent. Whether its the use of social media or ordering of food through digital wallets, personal data breaches which can lead to financial and non-financial consequences are one attack away from becoming a reality.

This threat is even more pronounced for organisations managing thousands of customers and clients at once, potentially leading to significant financial liability and long term reputational damage.

 

What Does Cyber Insurance Cover?

Cyber insurance covers expenses causally related to the party at loss, that is, first-party spends like business interruption costs.

Third-party expenses like spend on litigation due to breach of confidentiality may be added.

Recurring charges originating from major investigations and lawsuits, often a consequence of severe customer data breaches, as well as data recovery and IT consultation costs are a few more contingencies which can be protected against under a bespoke cyber insurance policy.

While the extent of coverage is determined by how comprehensive the policy is, basic individual coverage (view sample policy from Bajaj Allianz to get a sense) typically focuses on threats such as identity theft, cyber stalking, malware, phishing attacks, email spoofing, IT theft, cyber extortion etc.

Corporates opt for policies that cover both first and third-party expenses including notification costs and costs due to damage/destruction of data. Intricate policies may extend coverage to all employees on their office devices to prevent any losses occurring from data breaches.

Companies maintaining robust IT practices are likely to be gauged as a lower risk counterparty by insurance underwriters.

 

What does India’s Cyber Insurance Landscape Look Like?

Many of India’s well-known general insurance underwriters such as ICICI Lombard, Bajaj Allianz and Tata AIG  offer cyber insurance.

According to a report by the Data Security Council of India, there was a 40% increase in the number of cyber insurance policies purchased between 2017 and 2018. This is indicative of two things. Firstly, there is an upward trend in cyber attacks in India. Secondly, companies are beginning to opt for insurance to hedge against future losses resulting from such attacks.

Banks and financial institutions were amongst the first to insure against cyber threats. HDFC Bank and SBI recently disclosed having cyber insurance covers of $100m each in their annual disclosures. Since the onset of COVID-19, enquiries for cyber insurance have increased by 60-70% and their sale has spiked by 20%. This increase can be attributed to the vulnerability of unsecured home networks with more and more employees working remotely.

Personal cyber insurance was introduced in India in 2017, allowing individuals above 18 years of age to purchase policies for themselves. Providers like HDFC Ergo and Bajaj Allianz have taken the lead for this retail-oriented underwriting.

 

Fortifying Against Cyber Crime: Everything You Need to Know About Cyber Insurance Policies in India

 

What are the Concerns Surrounding Cyber Insurance?

Simply put – cyber threats are still evolving. Since the cyber insurance field is nascent, underwriters are figuring out how to account for all possible risks and damages. There is limited data on the history of cyber attacks and their financial impacts. Moreover, it is not mandatory to make information regarding cyber attacks public in India so companies do not do so in all cases.

As novel threats arise in the cyber space, insurers and reinsurers are facing difficulties in finding frameworks to predict and anticipate high loss events.

From the perspective of buyers, there is little awareness of what a suitable insurance policy is.

 

What to Keep in Mind When Purchasing Cyber Insurance?

When acquiring a policy, organisations will do well to think about whether they prefer cyber insurance as a standalone policy or as an endorsement, where it is an addition to the business’ general liability policy. Other nuances included limits of coverage like “deductibles”, that is, the amount to be borne first by the policyholder over and above which the insurance company actually starts paying, and whether there are pre-breach risk assessments which can help organisations make a more educated choice on their cyber security insurance policy.

Insider attacks should also be insured against as they are becoming more common in India.

The high volume of online transactions during COVID-19 has drawn the government’s attention to the financial sector’s vulnerability to cyber attack. The Indian Computer Emergency Response Team (CERT-In) which currently manages cyber threats, has recently announced plans to set up an agency dedicated to overseeing the security of the financial sector. A revised cyber security policy to strengthen existing frameworks is also in the works.

Insurance may not be the panacea of all cyber security threats, but it is instrumental in keeping these looming threats at bay.

FIN.

Interested in more fun facts and trivia that can nudge you towards stimulating conversations? Subscribe to our Podcast Newsletter to keep them coming!