In the digital age, cyber attacks have become a daily occurrence, with their frequency doubling since the pandemic. Major incidents, particularly targeting corporations, have highlighted the critical need for robust cybersecurity measures. For instance, Equifax, a US credit reporting agency, faced penalties exceeding $1 billion after a significant data breach in 2017 compromised the information of around 150 million consumers.
Cybersecurity Ventures predicts that global cybercrime costs will grow by 15% annually over the next five years, reaching a staggering $10.5 trillion by 2025, up from $3 trillion in 2015. These costs encompass various damages, including data destruction, financial theft, intellectual property theft, personal and financial data breaches, business disruptions, and legal investigations. The financial and reputational consequences of cyber incidents are severe.
Who Needs Cyber Insurance?
“Cyber insurance is crucial for any organization that uses digital systems and holds sensitive information,” explains Evaa Saiwal, Business Head – Liability, Cyber & Financial Risk at Policybazaar. This includes businesses of all sizes, government agencies, healthcare providers, educational institutions, non-profits, and even individuals such as financial advisors or consultants. Essentially, anyone at risk of cyber threats like data breaches, ransomware attacks, or phishing scams should consider cyber insurance to protect against financial and reputational damage.
How Does Cyber Insurance Work?
Najm Bilgrami, National Head – Financial Lines at TATA AIG General Insurance, explains, “Cyber insurance provides coverage for losses resulting from cyber incidents. Insurers often help mitigate the impact and offer resources to address the consequences effectively.” Here’s a breakdown of how it works:
- Restoration Assistance: Helps businesses resume operations quickly after an attack, reducing downtime and financial losses.
- Damage Compensation: Covers various damages from cyber incidents, supporting the company’s financial stability.
- Expert Support: Provides immediate access to forensic experts, legal professionals, and PR specialists to handle the situation.
- Critical Response Window: Ensures prompt, professional support during the first 48 hours after an incident, which are crucial.
What Does Cyber Insurance Cover?
Cyber insurance typically covers direct costs related to responding to and recovering from cyber incidents. This includes:
- Expert Costs: Expenses for IT specialists, legal counsel, and other professionals needed to manage the incident.
- Data Recovery: Costs to restore lost or compromised data.
- Notification Expenses: Fees for informing affected parties about the data breach.
- Regulatory Compliance: Coverage for professional fees during regulatory investigations.
- Business Interruption: Compensation for income lost due to system downtime.
- Third-party Liability: Coverage for legal costs and compensation claims from affected clients or partners.
- Cyber Extortion Support: Assistance with negotiations and payments in extortion scenarios.
What Plans Are Available?
Cyber insurance plans vary but often include:
- First-party Costs: Covering business interruption and breach-related expenses like forensic investigations and legal fees.
- Third-party Costs: Protecting against claims and liabilities from privacy or network security breaches, multimedia liability, and reputational damage.
- Cyber Extortion Coverage: Providing comprehensive support, including expert negotiation and potential ransom payments.
Insurance providers may offer additional options tailored to specific industries or emerging risks, such as social engineering fraud or incidents involving cloud service providers. Saiwal advises, “Policyholders should work closely with their insurance advisors to assess their unique risks and select appropriate coverage to protect against potential threats.”
How to Raise a Cyber Insurance Claim?
Raising a claim under cyber insurance can be unique due to the nature of cyber incidents. Here’s a step-by-step guide:
- Immediate Notification: Contact your insurer’s claims team immediately upon suspecting a cyber incident. Submit the initial report in writing.
- Access to IT Experts: Gain access to a network of IT professionals through your insurer for consultation and guidance.
- Local and Global Support: Your insurer’s claims team will provide support, understanding the local cultural and legal landscape with global backing.
- Experienced Claim Handling: Insurers with experience in numerous claims can provide accurate estimates for settlements and navigate the process smoothly.
- Rapid Response Protocol: Ensure prompt assistance to minimize damage.
- Ongoing Assistance: Receive comprehensive support throughout the claims process.
Cyber Attacks in India
India has seen a dramatic increase in cyberattacks, affecting businesses of all sizes, including startups. According to the Indusface Annual State of Application Security Report, Indian enterprises and government bodies faced over 5 billion cyberattacks in 2023 alone. Ranjeeth Bellary, a partner at EY India Forensic and Integrity Services – Cyber Forensics, suggests that many incidents go unreported or unnoticed.
Key trends include:
- Increased Frequency and Sophistication: Cyberattacks are more frequent and advanced, targeting all sectors.
- State-sponsored Attacks: There is a noticeable rise in cyberattacks sponsored by states, posing serious risks to national security and critical infrastructure.
- Vulnerability of Startups and SMEs: Smaller firms, often lacking robust cybersecurity measures, are increasingly targeted.
How Can Firms Protect Themselves?
“To bolster their cybersecurity defenses, Indian firms must adopt a proactive approach,” says Bellary. Key strategies include:
- Technical Measures:
- Robust security software
- Strong passwords and multi-factor authentication
- Data encryption
- Security awareness training
- Incident response plan
- Forensic resources
- Organizational Measures:
- Establish a clear cybersecurity policy
- Regular security audits and risk assessments
- Obtain cyber insurance
Additional considerations include cloud security, IoT security, and compliance with relevant regulations and standards, such as the Personal Data Protection Bill.
