Cyber Insurance

Cyber attacks are now perceived as the global risk of highest concern to Business leaders globally.An analysis suggests that the takedown of a single cloud provider could cause $50 billion to $120 billion of economic damage.

With the provisions of the draft Personal Data Protection Bill, 2018, many companies that hold an enormous amount of data, such as Banks, Fintech, and E-commerce players, will need to re-evaluate their processes, technologies, and contracts to ensure the entire ecosystem understands and abides by the new law.

Hackers are not the only threat – today’s businesses rely on the internet for services such as online marketing, administrative functions, inventory management, credit card processing, and distribution controls. Any intrusion that disrupts delivery of these services can lead to brand and reputation damage, regulatory scrutiny, stakeholder dissatisfaction, and financial losses.

The analysis of Cyber Insurance claims indicates that human error/employee negligence is the single biggest cause of data breaches followed by hacker attacks, social engineering frauds, etc.

Indian IT/ITeS firms have been early adopters of cyber insurance to fulfil their contractual obligations and to cover their exposures around cyber liability. Next in line was the BFSI sector, with all major private and public sector banks, insurance companies, fintech firms, and others. Now there is a huge demand for Cyber Insurance emanating out of Manufacturing firms, where the fear is cyber-induced Business interruption losses and Regulatory actions.

Today, many Indian firms are buying cyber insurance, with insured limits ranging from US$1 million to US$300 million. The early adopters and those with existing cyber insurance programmes are increasing their cover with some of them contemplating increasing the limits to US$500 million. If a firm already has a cyber-insurance cover, it is advisable that the firm review the cover in light of the evolving cyber-risks.

Today, sophisticated Cyber Insurance covers can include cover for the firms’ Loss of profits and Business Interruption caused due to a cyber-attack, even if the cyber-attack happens at a third party’s system. The cover can also include Reputational loss of revenue, where firms hit by a cyber-attack suffer reputational damage and in turn loose customers and future business. Cyber-insurance can also cover costs associated with the voluntary shutdown of systems as a precautionary or mitigating measure following a cyber-attack and most importantly, affirmative insurance coverage for regulatory fines and penalties.