Cover Story
EVOLVING CRIME PATTERNS
How are insurers keeping pace with the
fast-changing cybercrime patterns?
Anurag Rastogi says insurance
companies are taking cognizance of
the ever changing cybercrime patterns
and creating covers for safeguarding
individuals and corporates alike. “There
exists is a huge gap,” he admits, “in the
form of optimism bias, which means
they think they will continue to remain
unscathed by cyberattacks. Hence, the
onus lies on the insurance players to
create more awareness about the rising
threat of security in the virtual space.”
Sasikumar Adidamu emphasizes
that insurance companies are regularly
training their cyber underwriters along
with constantly analyzing cyber incidents.
“At Bajaj Allianz General Insurance, we
also review various study papers and
research published by analysts and
insurers/reinsurers on the topic to ensure
that we are aware about the constantly
evolving cyber risk landscape,” says he.
Jayant Saran of Deloitte feels
although insurers are making efforts to
keep pace with evolving cybercrime risks
and patterns, these risks are increasing at
a much faster pace.
Na Vijayashankar says while an
attempt is being made and the polices use
some broad terms such as identity theft,
impersonation etc, it does not matter if
the modus operandi changes.
Arjun Bhaskaran is of the view that
Indian insurers have just begun to wet
their feet in the cyber insurance markets
and the real challenge will come when
large volumes of policies are issued, and
high volume of claims and complexity
begin to hit them. “The ability of the
Indian insurers to assess and settle cyber
insurance claims in a professional and
speedy manner, will be tested.”
CREATING AWARENESS
There is need for creating more awareness
about cyber insurance and corporates
adopting it. Arjun Bhaskaran says most of
the potential customers in B2C and B2B
segments are unaware about the concept
of cyber insurance and its features. Once
they get to know about it, most of them
show serious interest in buying cyber
insurance. He cites how at a seminar of
cybersecurity for cooperative banks held
in Palakkad, Kerala, most of the audience
consisting of management members from
over 90 cooperative banks, showed serious
interest to procure cyber insurance. He
says there is a need for advertisements
and promotion, in a joint manner by
insurers and brokers to evangelize cyber
insurance especially among B2C and B2B
segments.
One way of creating more awareness,
according to Jayant Saran, is to undertake
a thorough study on why an organization
may be targeted, various types of sensitive
data being held and the likely outcomes of
a data breach. Predictable consequences
may help automatically create the required
awareness to push organizations to secure
themselves with cyber insurance.
Na Vijayashankar too says a
substantial effort at awareness creation
and more particularly making the user
industry understand the nuances of cyber
insurance is required. “I am trying to work
out an arrangement with some academic
institutions to develop an outreach
program for the purpose,” says he.Anurag Rastogi concurs, and says
this is mainly on account of the optimism
bias existing among consumers. “In doing
so, insurers are using various channels
like social media platforms, newspapers
and magazines, radio, road shows,
kiosk activity as well as partnering with
cybercrime department and cyber experts
to drive the importance and create
awareness among consumer of cyber
insurance among consumers,” he says.
Says Sasikumar Adidamu: “In fact,
not many people are aware that cyber
insurance for individuals even exists.
Many institutions and individuals don’t
know how to protect their information
from being misused by others because of
lack of awareness towards security. I feel
that corporates can train their employees
on cybercrime and cyber security, both
on corporate and individual fronts.
Campaigns across all platforms about
the risks one is susceptible to due to
usage of internet and steps one can take
to avoid falling prey to cyberattacks, can
also help increase awareness about cyber
security. The more people are aware
about information security, the less they
become targets to cyberattacks, says he.RISK UNDERWRITING
What goes into the risk underwriting in
cyber risk insurance?
Says Sasikumar Adidamu: “For
corporates, the underwriting is done
on a case to case basis since any two
corporates are hugely different from each
other in terms of their cyber risk profiles.
For Individuals, on the other hand, we
have simplified the process and have
predefined premiums for different limits.”
Anurag Rastogi says for corporates,
the parameters considered are the
availability of well-defined IT, BCP and
DR policies, type of PIII, PCI and PHI
data stored by the company, security
measures in each location (low, medium,
high) etc.
Na Vijayashankar believes the
underwriting process should start with a
proposal form from the insurance seeker
with relevant details. “The insurer has
to ask for documentation and conduct
a pre-underwriting assessment beforeJayant Saran avers cyber
insurance premiums are
calculated on the basis of
accurate analyses of risks an
organization may face