If you are running a business or are related to the ‘field’ of business in any manner, you are probably aware of how the insurance industry is helping businesses to mitigate risk. Cyber insurance is one such ‘safety net’ coming from the insurance industry to help businesses threatened by the increasing growth of both external cyber threats and insider cybercrime. In this article, we will discuss what cyber insurance is, why you need one and other related topics.
Table of Contents
What is cyber insurance?
The cyber insurance market: Global and Indian
Why do you need cyber insurance?
What does cyber insurance cover in India?
What does cyber insurance does not cover?
What are the procedures involved in registering a cyber insurance claim?
Important tips to get the best out of cyber insurance?
Here we go!
What is Cyber Insurance?
Cyber insurance is a policy with a liability insurance cover, designed to mitigate the financial risk exposure of businesses and individuals. It does so by offsetting the costs associated with the damages and recovery, resulting from a data breach, a cyber security incident or a ransomware attack. It also covers the costs of compliance fines, forensics, crisis communication, lawsuits, investigations, customer refunds and even extortion payments.
Until recently, cyber insurance in India was considered as an additional liability insurance that could be added to your standard business insurance. Such traditional insurance policies were designed to cover breaches of physical assets or business interruptions due to cyber-attacks. However, insurance for cyber security has evolved of late as dedicated insurance coverage and can now cover different types of losses originating from different types of cyber-attacks and threats. Businesses have also started to acknowledge the need for cyber insurance and are now willing to invest in it.
Now that you know in brief about what cyber security insurance is, let’s dig a bit deeper into it. It’s important for you to understand the dynamics of the rapidly changing market of cyber insurance. This will help you make informed decisions while seeking cyber insurance coverage or negotiating your insurance policy renewal.
Get Free Quote in Minutes
The cyber insurance market: Global and Indian
The rise of cyber insurance will be evident when we have a sneak peek into the global cyber insurance market during the period 2020 to 2025. As per a recent report by GlobalData, the global cyber insurance market is expected to grow to $20.6 billion by 2025, from $7 billion in 2020-thanks to the rising threat of cyber attacks over the past few years. The year 2021 saw a 50% rise in cyber attacks over what it was in 2020. As threat actors continue to exploit new vulnerabilities, the threat of cyber-attacks does not seem to be diminishing, at least in a foreseeable future.
In the Indian context, cyber insurance policy is fast becoming the 'need of the hour' for businesses. Cases of online fraud through ad-fishing, emails and malware are increasing every year. As digital payments spread their wings to every nook and corner in India during and after the Covid-19 outbreak, a quantum jump was observed in such cases. This has made cyber security breach an important cause of concern for businesses and this has led to a rush in demand for cyber insurance in India. No wonder, it is one of the fastest-growing insurance sectors in India at this moment.
The cyber insurance market has grown by 40% in India over the last two years, according to a latest research by the Data Security Council of India. This rising market trajectory can be confirmed by looking at a recent report from HDFC ERGO which said, their cyber insurance products have grown at a CAGR (Compound Annual Growth Rate) of 21% over the past four years. They have also witnessed a 100 % increase in claims for cyber insurance products during FY 2021, predominantly from the auto, IT, pharmaceutical, services and other manufacturing sectors. This also confirms the recent rise in cyber attacks in India. No prizes for guessing why more and more businesses from across industries are adopting cyber insurance products. In such a scenario, we can expect that the need for cyber insurance in India will grow by 30-40% in the coming years.
Why do you need cyber insurance cover?
Just like most businesses these days, we can safely assume that you are also relying heavily on internet-based technology to reach out to your customers and pursue your digital marketing goals. Let us tell you that all digital tools can potentially expose your business to cyber threats. While financial inclusion and transparency have been made possible by digital payment systems, growing security risks and data breaches have been witnessed as a result. The most frequent risks in the year 2021 included malware and ransomware assaults, along with compromised credentials, business email penetration, phishing, cloud misconfiguration and vulnerability in third-party software. The evolution of cyber attacks is continuously changing as well. It has also included attacks on supply chains and double/triple extortion into its ambit.
Fraudulent funds transfer due to a cyber attack, business interruption costs and data breaches can create a dent in the fortunes of any business. To give you an example, the Play Station Network of Sony experienced a cyber breach in 2011. In this, the personal information of as many as 77 million user accounts was found to be compromised. Immediately after this breach, users failed to access the online services and it stayed the same for 23 days. As a result, Sony had to incur about a whopping $ 171 million in costs. A major part of this cost could have been avoided if Sony had a cyber insurance policy in place. Sadly, it had an insurance policy that only covered damages to physical property. It did not have a dedicated cyber insurance policy when the breach occurred.
By now, you would surely agree that data security should be one of your primary responsibilities if you are running a business and are having access to the users'/customers' confidential information. Therefore, considering everything discussed above, you should adopt a cyber insurance policy, if you have not yet opted for one.
What does cyber insurance coverage includes?
A typical cyber insurance policy in India covers the following-
Malware attack- After a malware attack happens, the cyber insurance covers the restoration costs of the infected computer(s). It also covers the defence cost of a claim raised by the affected party, against any legal liability caused by the attack.
Identity theft- This insurance covers the defence cost of a claim raised by the party affected by identity theft. In addition, the cost of prosecution against the third party, the transportation cost to the court and the costs of photocopying documents are also covered
Loss caused by IT theft- The financial loss arising out of an unauthorised cyber intrusion by any third party is covered by cyber insurance. Moreover, the cost of prosecution against the third party responsible for the said loss and the legal expenses for lodging a claim against any financial institution/payment system operator are also covered
Cyberstalking- This insurance covers the cost involved in prosecuting a third party in a criminal case
Email spoofing- The cost caused due to email spoofing by a third party will be covered. In addition, if you file a case against the third party, the cost of prosecution is also covered by cyber insurance
Cyber extortion- The cost incurred by the insured in a cyber extortion act by a third party will be covered, along with the cost of prosecution, in case you file a case against the third party
Phishing- The cost caused due to an act of phishing by a third party will be covered. In addition, the cost of prosecution is also covered by cyber insurance, in case you file a case against the third party involved
Media liability claims- Covers the defence cost if a claim is made by any third party against the insured. Also covers the cost of prosecution against any wrongful media act, along with the transportation cost to the court and costs of photocopying documents.
Breach of privacy and data by a 3rd party- Covers the legal expenses incurred by the insured whenever there is any damage due to a breach of privacy and data by a 3rdparty.
What does cyber insurance does not cover?
You cannot claim cyber insurance in certain situations, mentioned as exclusions in a typical cyber insurance policy. These include-
- Physical injury caused because of a cyber attack
- Death, diseases or damage to a tangible item
- If an improper or intentionally dishonest conduct from your end has led to the insurance claim
- Unsolicited communications from your end
- Property damage caused by cyber attack
- Media failure or malfunction
- Loss arising out of standard depreciation, mechanical failure and electrical disturbance
- Loss due to willful violation of any law, rule and regulation from your end
- Damages caused due to negligence or inability to protect information related to bank accounts, credit and debit cards, internet connections and so on
- If you have deliberately ignored any circumstances or information that formed the very basis of the claim
- Any legal proceedings before the policy came to force
- Loss due to a Government order
- Any breach of registered patents, trademarks, trade secrets, intellectual property and copyright and alleged plagiarism
- Consequential loss or damage, including the loss that occurred to any 3rd party
- Disappearance or theft of cryptocurrency
- Loss related to deals in foreign exchange, currencies, securities and sovereign funds
What are the procedures involved in registering a cyber insurance for individuals and businesses?
Here are the steps involved in registering a claim under cyber insurance-
Intimation of the claim- Here, the insured should inform the provider as soon as he comes to know about the concerned cyber incident. The insured can also lodge the claim through any cyber security service provider with whom he is having a tie-up
Assigning of an investigator- In the next step, an investigator is assigned. His duty is to analyse the severity of the cyber incident and chalk out a temporary resolution plan.
Hiring of a cyber expert- If the concerned cyber incident is severe in nature, a cyber expert will be hired to perform the incident analysis. To avoid possible biases and to maintain transparency, independent cyber experts are engaged, instead of in-house experts
Internal liasoning- All the parties involved (including the insured) is engaged in this exercise. The 2nd opinion of the insured is obtained regarding the potential cost involved in mitigating the damage. If the insurance provider finds it cost-effective, he accepts it. Then, the final action plan is drawn and agreed upon
Final approval- All the details received thus far are reported to the claim department of the insurance provider. The department reviews the details and if satisfied, initiates the process to accord the final approval to pay the expense.
Important tips to get the best out of cyber insurance
Here, we are providing some important tips you should consider before purchasing cyber insurance coverage. By keeping these points in mind, you can get the best out of your cyber insurance -
1) Implement and maintain effective cyber security measures. Respond to cyber threats immediately and mitigate them
2) Delete access to sensitive data as soon as an employee leaves your organisation. If the insurance provider discovers a breach related to it, your claim may not be approved
3) You must have a well-documented information security/data protection mechanism in place
4) Make it a point to update your antivirus, anti-malware and anti-spyware software on a regular basis
The footnote:
We hope the discussion above will help you understand what cyber insurance is, why you need one and what it covers and excludes. We have also discussed other important matters related to cyber insurance. For the best recommendation on cyber insurance, you may contact BimaKavach. Here, you can get the best recommendation for any insurance product in just 5 minutes.
Recent Update
Cyber Criminals are Targeting Banks and Hospitals: Says Experts
According a latest report by the Centre, Telangana ranks fourth in cyber crime in terms of the number of people targeted per lakh population, trailing only Delhi, Chandigarh, and Haryana. While working people appeared to be the primary targets in the state for employment and investment fraud, which accounts for 60% to 70% of all such crimes, businesses such as as banks and hospitals have also been targeted in recent months, according to experts.