Insurance, points out that the penetration
of internet is growing at a rapid rate in
India with smart devices being an integral
part of our lives. “Owing to this and the
increase in cybercrimes and frauds, there
is a demand for cyber insurance among
corporates as well as individuals in
India and cyber insurance, therefore, is
constantly evolving to cover the growing
cyber risks across the globe,” says he.
However, he admits while there is a
rise in demand for cyber insurance, the
adoption is still limited.
TOP BUSINESS RISK
We cannot overlook the inherent need for
cyber insurance given the serious threat
cybercrimes pose to Indian corporations
as well as individuals. Sasikumar
Adidamu, CTO, Bajaj Allianz General
Insurance, cites the results of Allianz
Risk Barometer 2019 survey and says
cyber incidents have been considered as
the top business risk in India for 2019
with companies increasingly concerned in
the wake of mega data breaches, privacy
scandals and major IT outages.
“A couple of years ago cyber attacks
were elementary, but with the increased
interconnectivity and frequency of online
transactions and eCommerce, there has
been a substantial rise in the severity and
frequency of cyberattacks. At Bajaj Allianz
General Insurance, we would earlier
receive requests for cyber insurance from
large corporates and MNCs, especially
companies involved in IT related services,
but recently we are witnessing an increase
in inquiries from SMEs, startups and
smaller businesses across sectors. Cyber
insurance for individuals is, however, at a
nascent stage in our country due to very
little awareness about this cover. We only
see the demand for this cover increasing
as our cyber/virtual lives become as
elaborate, complex and important as our
real lives,” he adds.
According to Jayant Saran, partner,
Deloitte India, while the adoption of and
demand for cyber insurance has increased
tremendously over the past 18 months,
it has not kept pace with organizations
and their exposure to incidents involving
breach or vulnerabilities in cybersecurity.
This exposure has been much higher, says
he. He also mentions that organizations
primarily from the BFSI sector have been
early adopters/the first to adopt cyber
insurance, to secure themselves.DATA BREACH
Saran says the primary type of threat
covered in cyber insurance is data breach.
Data breach can occur due to a number
of risks such as insider threats and poor
security controls. Another frequent type
of attack is business email compromise,
triggered by phishing email or malware.
Ransomware finds it tough to receive
coverage, although it is highly prevalent
nowadays. This is because data once
compromised and held ransom, is too
complex to investigate due to the limited
footprint left by the perpetrator and/or
limited or no logging information being
retained by the organization.
Cyber insurance has made a beginning
in India, but it is yet to mature, feels Na
Vijayashankar, privacy and data protection
consultant and chairman, Foundation of
Data Protection Professionals in India. He
quotes a Data Security Council of India
(DSCI) study to say around 350 corporatepolicies have been underwritten in 2018
in the corporate sector and retail polices
have been introduced by 2 companies but
these are yet to make an impact though
there are some 15,000 retail policies in
circulation in the country.
Vijayashankar also says banking
is one sector which has adopted cyber
insurance because RBI has more or less
mandated it. The IT industry involved in
data processing is now slowly showing
interest in a limited way, he adds.TYPES OF RISKS COVERED
The types of threats and risk that are
covered in the cyber insurance policies
available in India include identity theft,
unauthorized transactions, reputational
injury, cyber bullying, cyber extortion,
malware intrusion, legal expenses,
data restoration costs, forensic costs,
consequential loss and psychological
counselling.
Arjun Bhaskaran, director -
Cybersecurity, GENLIFE-RE Insurtech,
is of the view that while cyber insurance
has a very high potential, it is in a
nascent stage, mainly because retail cyber
insurance is a low ticket size transaction,
and therefore, agents will not be spending
time and effort to promote and sell it. In
corporate cyber insurance, most of the
insurance brokers and their employees
are not conversant with the products,
features and nuances of cyber insurance,
says he.TPA SYSTEM NEEDED
He strongly advocates a system of TPAs
in cyber insurance, which he feels will
bring in better trust and confidence in
the minds of retail, SME customers about
independent and fair claim settlement.
Also, it will bring in (a) processing
capacity, (b) specialized knowledge to
handle cyber investigations, forensics in
handling volumes of claims and (c) fraud
prevention and control.
He says cyber insurance is relevant
for 3 layers of the Indian market –
enterprise, SME and retail. “The Indian
SME and retail markets can be among
the largest markets in the world for cyber
insurance, because India is the amongAnurag Rastogi insists the
onus lies on insurance players
to create more awareness
about the rising threat of
security in the virtual space