Cyber threats & growing importance of Cyber Insurance in India

Abstract:

Digital revolution is disrupting every sphere of life. While the technological progress is empowering the society, but there are risk & uncertainties that accompany such digital advancements. Cyber-attacks & crimes are emerging as one of the biggest challenges in the present scenario. The cybercrimes are becoming more & more sophisticated and the regulatory environment tries to develop holistic risk management strategy despite several preventive measures cyber breach is being reported. This prompted the development of “Cyber insurance”. It helps in mitigating risk exposure by offsetting the cost after a breach and helps in improving the resilience of the company. This article deals with the concepts of Cyber insurance, reason for growing importance and  future trends of  the cyber insurance in India.

The growing pace of digitalization in India is increasing the threat of cyber risk. There are more than 560 mn internet users, 294 mn social media users and India is the 2^nd largest market in terms of download of mobile applications. Report suggest that India is 2^nd most affected country in world by cyber-attacks during the period 2016-18.

 Businesses in India have rated cybercrime as the most important risk factors. Majority of them rely on digital tools for meeting their business objectives. Coincidently, fraudsters target these critical and sensitive digital assets.

Major Drivers for Cyber security measures:

• Raising digitalisation in business due to use of Internet of Things, modern banking channels, E-mails, internet etc.
• Evolution of critical cyber threats like malware and ransomware attacks targeting business houses.
• According to the report by Reserve Bank of India, the volume of cyber frauds especially in banks has doubled in a year. Total cases of cyber fraud reported in the year 2017-18 was 2059 amounting to Rs.109.6Crs against 1372 cases amounting to Rs.42.30 Crs in the year 2016-17.
• Lack of awareness about cyber space & the threats.

How to combat Cyber security threat:

Upskilling: Cyber security is not the sole responsibility of IT department of an organisation, rather each staff members must be aware of the cyber-attacks and act diligently. It is necessary to create awareness among the staff members about the crime-taking place in cyber space from time to time.

Organisational understanding: Every entity must try to develop a policy on cyber security and must work within the guidelines laid down in the policy. It may include measures like restriction on sharing of official data, restriction on access to sensitive information, data management system etc.

Continues monitoring: Continuous monitoring mechanism should be adopted to provide proactive and real time alerts of cyber security related events.

Responsive:  Appropriate measures to be implement immediately upon detection of cyber-attacks to prevent major loss.

Perpetual planning:Business Entity must be resilient to cyber-attacks. It must develop sound business continuity plans to overcome any cyber threats and recover after cyber breach.

Government initiatives: Government of India has taken several measures to strengthen cyber space. Some of the initiatives are launch of National Cyber Security Policy, setting up of National Cyber Security Coordination Centre (NCSCC), National Critical Information Infrastructure Protection Centre (NCIIPC) and Cyber Swachhta Kendra etc.

Cyber Insurance: Steps to improve cyber security preparedness alone cannot protect an entity, what is required further is insurance policies that can offset financial loss when breach occurs. Cyber insurance is proving to be a key tool in risk management and cost offsetting measure for business entity.

Cyber Insurance – Road Ahead:

Cyber Insurance is one of the fastest growing business in the Insurance industry. With the increase instances of cyber-attacks, it is no longer just the matter of IT industry. Several survey suggests that, cyber risks has emerged as one of the important agenda in board meetings of several corporates. The impact of cyber-attacks can be significant ranging from reputational loss to financial loss. CISCO 2018, Annual cyber security report stated that of all cyber-attacks resulted in financial damage of over USD 5.00 lacs, other risks include – loss of brand reputation, litigations, loss of customer base and market base etc.

The cyber insurance market globally is expected to grow at CAGR of approximately 25% in span of four years. It is designed to guard business from potential risks of cyber-crime, it is designed to cover fees, expenses and legal costs associated with cyber breaches that occur after an organisation has been hacked or from loss if information.

Key stakeholder in cyber insurance are insured (the buyer of insurance policy), broker (one who acts on behalf of the buyer- facilities the buying process), insurance provider ( one who provides the insurance), cyber security service provider  ( tech company who provides cyber risk assessment)

Why Cyber Insurance is important:

Though there are several measures to develop a secure cyberspace  but importance of cyber insurance cannot be ignored because of the following major reason:

• It will help in indemnifying loss incurred due to cyber-attack.
• The insurer may cover several risks that the business entity might ignore due to lack of awareness.
• Helps is complying with legislative guidelines.
• Insured can make optimum use of their resources as they enjoy a sense of protection.
• Insurer provides consultant services to the insured on cyber security.
• Prevent reputational loss

Types of Cyber risk covered under the schemes offered in India:

• 1^ST Party expenses like regulatory investigation charges &fines, lawyer fees, professional charges etc.
• Privacy & data liability
• Cyber theft
• Business interruption like income loss, system damage, and restoration costs.

What to consider while buying Cyber Insurance Policy?

• It is important to check what all threats are covered in the cyber insurance policy. It must cover malware protection; indemnify financial loss arising due to email spoofing, phishing, and fraudulent online transactions.
• Offer protection against reputational loss including alleging defamation and invasion of privacy.
• Cover restoration cost to retrieve data or computer program damaged by entry of malware.
• Claim for damages against third party for privacy and data breach.
• Before taking any insurance policy, it is essential to “ask right set of questions for better policies”. Some of questions are – what aspects are covered under cyber insurance? Is there any overlap with other traditional insurance? Does the policy provide full limit for all coverage? What are the exclusions? Does the policy offer pre-breach cyber risk assessment? etc.

What the insurer must consider for wider reach?

 Crisis management solution: Cyber insurance providers must invest sufficient time & money to develop a comprehensive crisis management solution. They must progress through waves. They must generate market intelligence to model risk effectively and enhance underwriting capabilities.

Expanding offers:They should expand their offerings such a physical cyber system damage, business interruption etc.

Target the untapped areas:The risk pattern and risk management skill may defer from company to company or industry to industry. MSMEs are highly vulnerable with lack of ability to identify the cyber risk and to bear the loss. In order to cater to such segment specialised policy along with handholding measure is necessary. Insurers must focus on segmentation of market.

Re -defining service process:often it is observed that upon happening of cyber-crime, the response to the incident from the insurer is not satisfactory. It is important that the insurer maintain transparency with the insured about coverage and process of indemnifying the loss at the initial stage of contract. Strong cyber response offering to maximize the customer experience.

While not to substitute the investment in cyber security and risk management, insurance coverage can significantly contribute to cyber security by facilitating responses to cyber-crimes, offering expert service, and creating awareness.

The industry is still at a nascent stage, number of policy recommendations are required which can support the development of cyber insurance market and contribute in improving management of cyber risk.

Cyber insurance must be among the top in the agenda of the Government and other regulatory bodies. Security focussed progress will aid in developing sustainable economy.