Cyber attacks not only results in huge financial losses to companies that are left devastated by slowdowns or shutdowns in normal operations, but also expose them to diverse risks of beyond-repair reputational damage, regulatory fines, and legal liabilities in the events of customer data breach or violation. According to estimates by Kaspersky Lab, the multinational cyber security company, India was the third most affected country by the WannaCry attack in 2017. Even startups companies like Zomato and Uber also suffered data breaches last year.
The recent market research conducted on cyber insurance states that cyber insurance accounted for +4 billion USD in the year 2018 and is expected to reach mammoth +22 billion USD in premium globally by the year 2025. It shows that the cyber insurance market is expected to grow at a Compound Annual Growth Rate (CAGR) of roughly 27% between 2019 and 2025. Therefore, the increase in demand for cyber insurance policies is behind the rapid growth of the cyber insurance market worldwide as well as in India.
There’s no denying the fact that cybercrime has presently become a global threat. World Economic Forum, in its recent report, has referred cybersecurity threats as one of the top four global risks. Cyberattacks can also be launched with ulterior intention. The dreadful thing is that some attackers look to exterminate systems and data in the name of “hacktivism.” Along with the countries like Russia and Ukraine, India was affected by the ransomware attack in 2017 which forced the country’s largest port Jawaharlal Nehru Port Trust in Mumbai to shut down its operations at one of its three terminals. Such cyberattacks certainly have a downbeat blow on business and organizations since they could suffer huge losses in this way. Consequently, there has been an escalating awareness of various cyber risks, resulting largely in the acceptance of cyber liability insurance policies.
Having a cyber insurance policy makes a smart business sense
Cyber insurance policies have been meticulously designed to help an organization alleviate risk exposure by compensating the costs involved with recuperation following a cyber-related security breach or any such event. As the hazardous atmosphere of cybercrime continues to develop, the battle between organizations and cybercriminals can often feel like an ugly brawl. Companies and business organizations today need to be financially prepared in order to reduce the impact of cyber-attacks and data breaches. This is why having a cyber insurance policy makes a smart business move.
Cybercrime has increased every year since people try to take advantage of susceptible business systems. Attackers are often on the lookout for ransom – 53 percent of cyber attacks resulted in damages of $500,000 or more. Cyber insurance with its origin in Errors & Omissions (E&O) Insurance started flourishing in 2005, with the total value of premiums projected to arrive at $7.5 billion by the year 2020. About one-third of the U.S. companies presently purchase some sort of cyber insurance policies, according to PwC.
The above-numbers evidently state that organizations are considering a special need for cyber insurance, but what does it cover?
In general, cyber insurance policy covers the expenses associated with the first parties as well as claims filed by the third parties. A typical cyber insurance plan should come with common reimbursable expenses. Thus, in terms of picking between the two differently available cyber insurance policies, find out if these aspects are covered:
- Any financial loss resulting from being a victim of email spoofing and phishing
- Reputational liability, including claims alleging invasion and defamation of privacy
- Restoration cost to retrieve computer program or data damaged by the entry of malware
- Losses or expenses associated with prosecution and defense cost related to identity theft
- Deceitful online transactions in one’s bank account, credit or debit card or e-wallet
- Expenses incurred on counseling services treatment
- Claim for damages against third-party for data and privacy breach
- Loss from cyber extortion and transportation for attending Court summons
Cyber attackers are evolving and adapting their techniques at a quicker pace than defenders. They are also weaponizing and field testing their evasion strategies, exploits, and skills so they can launch attacks of increasing magnitude. So when adversaries unavoidably wallop their organizations, will defenders be able to battle and how swiftly can they recover? Well, that certainly depends mainly on the steps they’re taking today to fortify their security posture against cyberattacks.
However, it is even harder to measure the requirement and adequacy of cover in case of cyber extortion. Cyber insurance policies can effectively cover widespread incidents ranging from the cost of dealing with the fallout of data breaches to paying fines to hacking and cyber extortion. It has been pointed out by the observers that these risks do not remain static and since cyber attacks are often associated with human behavior, it can be hard to quantify the risk.
Noticeable global cyber insurance trends
Considering the nature of its business that generates enormous amounts of data on a regular basis, certain number of industries has arguably set a trend in the storage and protection of data. With the rapid and constant progression of digitization and the development of newer technologies, industries have also become vulnerable to cyber threats. These are the prime reasons why a number of trends are emerging in the cyber insurance sector such as the increasing demand for cyber Insurance policy in various sectors beyond retail, healthcare, and financial institutions like professional services. Some shifts in the factors driving sales can also be noticed, specifically as more third parties are requiring cyber insurance coverage.
With the emerging new causes of loss like cyber funds transfer fraud and cyber extortion, the significance of first party coverage is also changing. A growing interest can be similarly noticed regarding the coverage for bodily injury or property damage due to any cyber event. It’s important to note here that although the big organizations largely remain targets, they accounted for less than 20% of the cyber losses in the year 2016. Alternatively, smaller firms including those with less than $1 million in annual revenue accounted for larger percentages of the losses.
To conclude the entire thing, increasing connectivity through various digital devices, government’s emphasizing on digitization, sky-scraping cybercrime rate, European Union’s General Data Protection Regulation, increasing use of social media, increased awareness of making digital payments but poor awareness about cyber-security are the main reasons behind the driving cyber insurance purchase in India. However, one must keep in mind that cyber insurance can’t protect an organization or business from cybercrime, but it can certainly help keep your business on a stable financial state in case any significant cyber security event occurs.
