providing the quote. At this time, the
information security status will have to be
evaluated. At present, the companies are
trying to develop a model for assessing a
proposal and take the necessary decision,”
says he.
Jayant Saran describes the process
starting with the assessment of the kind of
data an organization holds and within this
data, understand what can be classified
as critical data or applications. “This
should be followed by understanding the
ownership of the said data and the security
infrastructure in place surrounding
the usage, dissemination, transfer, and
retention of the data with organizations,
as well as any third parties involved
(in safekeeping the data). Known gaps
during the process should be highlighted
and various forms of breach should be
simulated in a testing environment, to
gain an understanding of how the security
infrastructure reacts,” he explains.
Arjun Bhaskaran believes cyber
insurance underwriting can be done
effectively through cooperation /
partnership between insurance companies
and cybersecurity expert organizations.
“Insurance companies need to take the
help of cybersecurity experts for (a)
conducting a detailed risk assessment of
potential cyber insurance B2B customers
and cybersecurity experts will be able to
conduct a comprehensive analysis of all
IT and Security assets, devices, services,
etc; (b) cybersecurity experts are required
to conduct a forensic investigation into
complex cyber insurance claims and provide
an independent and comprehensive cyber
investigation report; and (c) during the
life of the cyber Insurance policy contract,
if there is a cybersecurity incident or loss,
the insurance company may engage the
cybersecurity partners to immediately
assist the customer in quelling and
minimizing the cyber losses / damages,”
says he.
A VIABLE BUSINESS?
Finally, is cyber risk insurance a viable
business proposition for Indian insurers?
Anurag Rastogi: With the exponential
increase in the rate of cybercrimes, there
is great potential in the Indian cyber
insurance segment, which has grown by
about 30% to 35% in the last one year.
Over the last 4 years, we have seen large
and mid-sized corporates purchasing
commercial cyber insurance products.
Sasikumar Adidamu: Insurers are in
the business of paying claims and with
correct risk selection and proper pricing
any business can be a viable proposition.
Cyber insurance is one of the fastest
growing segments in the Liability LOB
and I expect it to continue to grow
exponentially. Therefore, it presents an
exciting opportunity for Indian insurers.
Na Vijayashankar: Yes. At present,
insurance companies are charging up
to 0.75 % on the underwriting amount
as premium without making any risk
assessment. If a proper risk assessment
is done and the policy conditions are
properly structured, it is possible to make
the business viable even at a lesser rate.
Jayant Saran: Yes, and the future of
businesses depends on the evolution of the
cyber environment and understanding
the risks associated with it. This will be
the driver for cyber insurance in India in
the near future.Arjun Bhaskaran: The central
premise of cyber insurance is that the
cyber risks must be transferred to the
agent who can handle or mitigate the
cyber risks in a most optimal manner.
Therefore, organizations which are most
competent in handling and mitigating
cyber risks must be in the forefront
of cybersecurity exports and in cyber
insurance / reinsurance. India is among
the top 10 countries that have strong
cybersecurity management capabilities,
along with USA, UK, Australia, Israel,
Russia, France, Germany, Japan, Korea
and China.PROSPECTS FOR INSURERS
For insurance companies offering
cyber insurance, forensics will play an
important role in determining the data
loss and measures to be taken to mitigate
the damage. In third-party related suits,
the extent of loss will be determined
basis the confidentiality of the data.
Although insurers have the services of
claims, legal and IT experts on standby
for any eventuality, with few policies in
the market and fewer claims, the biggest
challenge is a lack of experience. As the
number of claims increases, the expertise
will nevertheless grow.
Cyber insurance covers do not
prevent frauds from happening. Buy, they
definitely reduce the financial impact
caused by such risks. Experts believe
these policies are of great assistance as
India is on its way to digitization and
the internet is becoming the preferred
medium for financial transactions. A
attack can therefore cause irreparable
losses to the corporates, especially banks
and financial services institutions. At
least part of the loss can be recouped as
some of the expenses incurred post-attack
like third-party liabilities, counseling and
service restoration are paid by the cover.
This is besides consultant fees, court
expenses and legal fees.
Finally, what is there for insurance
companies? Will cyber insurance business
be a profitable one for them given the
extent of frauds and heists and cyber
attacks these days? It will be difficult to say.
[email protected]Arjun Bhaskaran advocates
TPAs in cyber insurance for
creating better trust and
confidence in the minds of
retail, SME customers