Cyber Insurance in India
Cyber Insurance is a specialty insurance product intended to protect businesses from Internet-based risks, and more generally from risks relating to information technology infrastructure and activities. Risks of this nature are typically excluded from traditional commercial general liability policies or at least are not specifically defined in traditional insurance products. Coverage provided by cyber-insurance policies may include first-party coverage against losses such as data destruction, extortion, theft, hacking, and denial of service attacks; liability coverage indemnifying companies for losses to others caused, for example, by errors and omissions, failure to safeguard data, or defamation; and other benefits including regular security-audit, post-incident public relations and investigative expenses, and criminal reward funds.
As per the Data Security Council of India (DSCI), in 2018-19, cyber threats are on a constant rise and the associated risks are pushing organizations of all sizes to get cyber insurance cover to offset potential financial liabilities that may arise due to any breach. As per the report, the cyber insurance market is expected to grow globally at around 25% to around ₹1.59 lakh Crore in 2024.
The most dangerous aspect about cyber threats is that they are difficult to detect until after they have happened. A cyber stalker/criminal cannot be seen.
What is Covered under a Cyber Insurance Policy?
- Legal Expenses: Consultation fees with a lawyer up to the mentioned sum, costs incurred due to a false criminal charge against your company or while defending or pursuing legal actions are covered. This is covered for both First and Third Party and includes Monitoring Costs
- Damages and Defence Costs as a result of any claim by affected party including Data Administrative Fines and Penalties
- Prosecution costs against a third party for identity theft
- Costs of transportation to court and photocopying of documents
- Pro-active Forensic Costs
- Cost incurred for repair of Company’s and Individual’s reputation
What are the Risks Covered under a Cyber Policy?
- Network Security :Insurance for loss derived from a cyber or hacking event.
- Identity Theft and Fraud :Covers loss of monies (or similar monetary instrument) resulting from the theft of such assets by a malicious actor(s) whose fraudulent activity, primarily the unauthorized access to the policyholder's systems, allows such actor to gain such assets by fraudulent transfer. Identity theft is any fraudulent and unauthorized access to usage, deletion or alteration of your personal data stored in your computer system including your digital devices. It’s just as real a possibility as it is a scary one.
- Forensic investigation :Covers the legal, technical, or forensic services necessary to assess whether a cyber attack has occurred, to assess the impact of the attack, and to stop an attack.
- Business interruption :Covers lost income and related costs where a policyholder is unable to conduct business due to a cyber event or data loss.
- Cyber Extortion :Provides coverage for the costs associated with the investigation of threats to commit cyber attacks against the policyholder’s systems and for payments to extortionists who threaten to obtain and disclose sensitive information. The plan will cover expenses incurred during the prevention of a threat, for restoring data, forensics and the cost of hiring an IT security consultant to manage the threat.
- Reputation Insurance :Insurance against reputation attacks and cyber defamation.
- Computer data loss and restoration :Covers physical damage to, or loss of use of, computer-related assets, including the costs of retrieving and restoring data, hardware, software, or other information destroyed or damaged as the result of a cyber attack. The insurer will cover costs for data restoration due to any cyber threat, extortion etc. to your computer system, given it was reported within 30 days.
- Malware Attack :Coverage for infiltration and damage to digital devices without your knowledge or consent with the help of a computer program spread through SMS, internet downloads, file transfer and more. In case of data loss or damage or any lost wages due to corruption, the insurer will cover the costs of restoring data.
- Cyber Stalking :Cyber stalking is a worrying trend online these days happening to many persons spending time online. It’s the repeated use of digital communication to harass or frighten a person. It makes one feel attacked and unsafe all the time, no matter where they are. Policy covers Costs incurred by you for prosecution of a criminal case against a third party for cyber stalking.
- Phishing :It’s any attempt to obtain your sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by appearing as a trustworthy entity/person through electronic communication.
When should an Organisation buy Cyber Insurance?
- Companies having an online presence – ecommerce business model - especially if online revenue is significant for the company
- Business of the company involves dealing with Third Party Data
- Companies which store or use confidential information and data in large numbers
- Companies with Global Operation across multiple foreign locations.
- Companies which do not have a large online business, but are still interested in protecting their own data
What are some of the Exclusions under the Cyber Policy?
- Bodily Injury or Property Damage
- Unlawfully Collected and Stored Data
- Criminal Acts - Any wilful or fraudulent act of any law, rules or regulation by an insured
- Patents & Trade Secrets - Breach of trade secrets, trademarks, registered patents, actual or alleged plagiarism, copyrights or other intellectual property are not covered
- Loss in value, theft or disappearance of cryptocurrency or tangible property is not covered
- Securities Claims
- Ongoing legal proceedings from before the policy was purchased
- War / Terrorism