With the aim to take precautionary measures to prevent high liability caused by online data theft and cyber crime, companies are demanding cyber liability insurance. The incidents of online data theft and cyber crime are on the increase in India, so corporates are not only taking efforts to tighten online security, but are also looking to take precautionary measures to prevent high liability caused by these incidents.
“Cyber liability can be covered under our professional indemnity policy as an extension. Globally, as well as in India, we are seeing that information technology/information technology enabled service firms have an appetite for these policies,” said Gisha George, head-liability insurance, Bajaj Allianz General Insurance.
She added this would cover third party claims arising due to negligent transmission of a computer virus, misrepresentation, defamation, confidentiality breach, intellectual property infringement and related exposures. Cyber crimes caused by the insured’s employees also get covered under the policy but would exclude the actual perpetrator.
Cyber crime liability refers to risks arising from fraudulent behaviour by a party (s) online, that can cause financial and reputational loss to a company and its clients. General insurers said that while there has been a 30-35 per cent increase in demand for these products, the number of pure cyber liability covers were few in the Indian market.
Sanjay Datta, chief-underwriting and claims, ICICI Lombard General Insurance said that cyber liability is a new age cover, which can be offered as an extension under errors and omissions policy or as a standalone cyber liability policy. “We are receiving enquiries, which are currently coming from the IT space. It is a matter of time before other sectors such as banking, financial services and insurance, hospitals, travel companies, educational institutes, retail majors start feeling the need of such covers,” said Datta.
Globally, cyber liability policies cover privacy breach liability, cyber extortion, business interruption losses, liability from multimedia and public relations costs, legal expenses and data theft liability. The premiums, said Datta, generally range between $5,000 per $1 million to $15,000 per $ 1 million. However, the distribution of unsolicited email, wire tapping, eavesdropping, fraudulent acts, failure to maintain standard computer security are major exclusions under this policy.
Companies said that premiums for these products though, could be 10-20 per cent higher than other policies. They added that it was reasonable, considering the risks involved. Since this product is at a nascent stage, insurers informed that the claim ratios were also presently low.
While standalone policies are still not a norm, customised covers are offered. Rakesh Jain, chief executive officer of Reliance General Insurance, said that though most of the D&O policies don’t cover the entity against cyber liability, in some customised liability products it may be offered as an extension
“Since cyber threat is global in nature, it is very difficult to keep pace with it and it is not inexpensive to upgrade security. Hence, an appropriate liability cover can at least protect the insured against any unforeseen third party liability,” he said.
Certain insurers have already taken a lead to introduce specific policies. Mukesh Kumar, member of executive management & head – strategy planning, human resources and marketing, HDFC ERGO, said that they offer a standalone policy, CyberSecurity, that addresses cyber liability risks. He said that first party losses such as computer theft, extortion and business interruption are also covered by their policy.
Subrahmanyam B, senior vice president & head – health, commercial lines and reinsurance of Bharti AXA General Insurance said that apart from companies, even government of India is quite serious on this matter and is working with various industry bodies like NASSCOM. “Department of electronics and information technology is working on a proposal to mandate hardware vendors to provide cyber security awareness brochures along with the products they sell in India, which will go a long way in creating awareness on cyber threat,” he said.
As per KPMG’s annual electronic crime report of 2011, cyber liability insurance is still to gain currency with businesses, despite the rising risk. It indicated that 78 per cent of the 200 senior security managers from global businesses indicated that their companies either did not have insurance or that they were not aware if their companies had any cyber insurance, despite more than half seeing an increase in cyber crime risk over the past 12 months.
Insurance Regulatory and Development Authority has proposed to permit insurance companies to deal with financial derivatives with 10 years duration. As per existent rules, insurers are permitted to enter Forward Rate Agreements (FRAs), Interest Rate Swaps (IRS) and Exchange Traded Interest Rate Futures with a maximum tenure of one year.
Hedging interest rate risk of investment in fixed income securities would cover fixed income derivative positions that are designed to offset the potential losses from existing fixed income investments of them. Companies enter into these agreements to hedge the interest rate risk on investments and the forecasted transactions.
Hedging for forecasted transactions would cover positions in fixed income derivative contracts that are designed to mitigate projected loss due to probable change in interest rates on investment of policy premium income receivable for 10 years. It would also include positions on homogeneous group of assets and liabilities, provided the assets and liabilities are individually permitted to be hedged for a term of 10 years.
IRDA has said that an insurer dealing in fixed income derivatives under these guidelines shall in aggregate not exceed an outstanding notional principal amount equivalent to 100 per cent of the book value of the fixed income investments of the insurer under the Policyholders Fund and Shareholders Fund taken together.
The insurance regulator, in the draft, said that there was a need to review the old guidelines in view of the changes in investment environment, product structures and changes in guidelines by Reserve Bank of India (RBI), which is the sectoral regulator. Further, insurers had also made representations to permit them to hedge interest rate risks with longer term financial derivatives.
The IRDA draft has said that no contracts should be entered with promoter group entities either directly or indirectly. “Further, exposure to derivative instruments with underlying infrastructure instruments shall be treated as exposure to infrastructure norms,” it said. It has added that to settle the mark to market profit/losses and maintenance of collateral, suitable Credit Support Annex (CSA) agreements shall be mandatory to mitigate counterparty risk. CSA is an agreement between counterparties on the types of collateral and posting mechanism.
Insurers have been asked to submit a quarterly report to IRDA if they undertake any Rupee Interest Derivatives. The stakeholders have been given 30 days to present their views on the draft.