New Delhi: With increasing penetration of the internet, cyber attacks have been increasing at an alarming rate. Every person who is part of cyber space is susceptible to risks that exist in cyber space. 2021 has been a year of change in the cyber insurance market. Recent events have shown that the cyber space poses risks that require attention, expertise and solutions. Some reports suggest that 80% of Indians have experienced some kind of cyber crime in their lifetime, while some reports suggest 63% of Indians have lost their money as a result of cyber crime.

Amid such cyber attacks and cyber crimes across individuals, industries and companies of all sizes, cyber insurances are getting increasingly popular. They are the need of the hour, say experts. The Insurance Regulatory and Development Authority of India (Irdai) recently issued a guidance document on product structure for cyber insurance, keeping this in perspective. Cyber insurance policies are designed to protect policyholders from cyber crimes. Cyber risks have accelerated by as much as 500% since the first lockdown was imposed in India in March 2020. There is an increase in coronavirus-themed spam, likely resulting in more infected personal computers and phones, according to the Irdai circular. This newspaper talked to experts about cyber insurance.

What is cyber insurance?

A cyber incident/attack can affect your ability to operate normally, impact your financials and damage your long-term reputation. While cyber insurance will not protect you from an attack happening, it allows for some of the financial impact to be transferred and can also assist with mitigating disruption. Cyber insurance is a risk management tool and risk management involves deciding which risks to manage, avoid, accept, control or transfer. A cyber insurance policy helps bear the costs involved in responding to and recovering from an incident.

“As people worldwide continue to battle the pandemic, cyber criminals continue to capitalise on the crisis to target organisations and individuals, globally. Meanwhile, the cost of recovering from a breach has escalated year on year. The Allianz risk barometer 2021 continues to rate cyber as the top three global business risks since the last three years. Thus, one should consider cyber insurance as an integral part of their risk transfer strategy,” says Mahesh Chainani, Director and Principal Officer at Howden Insurance Brokers India Private Limited (Howden India) that provides insurance broking, risk management, and claims consulting services globally.

Gaurav Batra, CEO of CyberFrat, an enterprise risk management services company with a special focus on Cyber Security, Risk Management, and Emerging Technologies, says, “Recently, cyber crimes related to crypto mining, phishing, trojans, and ransomware have seen a big rise and have started targeting not just big corporations, but also small and medium ones. Endpoint attacks have become complex and known malware samples have already surpassed the one billion mark. Are the companies prepared to defend themselves against these attacks? With increase in threat landscape, regulatory fines, and legal costs, there is more need to be done to be prepared for the unknown. Backups and cyber insurance are two handy options, which no one can afford to miss out on.”

So what does cyber insurance cover? A cyber insurance policy helps transfer the financial risk resulting from a cyber breach. Typically, a cyber insurance policy will provide cover for:

Incident Response—Cover for first party losses including specialist assistance when responding to an incident including IT forensic support, crisis consultants, legal specialists, PR experts and credit monitoring expenses.

Business Continuity—Business interruption cover for loss of income incurred as a result of network interruption or outage following a cyber event. Cover for costs of repair, restoration or replacement of digital and data assets.

Third Party Liability—Defence costs and settlements arising from your legal liability for claims made against you for investigations following a privacy breach or security breach. Cover for cost of regulatory investigations.

On how to buy cyber insurance, Mahesh Chainani from Howden explains: “Insurance companies usually rely on an application form considering the organisation’s corporate, financial, business and security infrastructure overview. As this is a long tail policy, it is advisable to look at other factors besides premium while choosing an insurance policy. Some of the factors that should be considered while choosing an insurer are the past claims payment ratio, the insurer’s cyber risk expertise and support in case of an incident. Working with a reputed broker can provide you valuable support in your cyber insurance journey as well as assist in understanding the risks that are unique to your business and negotiating the most appropriate coverage and premium on your behalf.”

Like any insurance policy, coverage is offered basis a submission made to the insurance company. Premiums depend upon several factors, including the business annual revenue, industry sector, and the type of data held.

With the rise in ransomware attacks (where cyber criminals lock the victim out of their networks and demand a ransom to decrypt systems), insurers are also looking at the organisation’s preparedness to respond to an incident and their cyber security maturity levels. A victim has to go through lot of trauma to which cyber expert Ritesh Bhatia says, “For the victim, the harm is not just financial but also reputational and psychological. Investigations, forensics and litigations are expensive and, in many cases, individuals also require counselling for a longer period because of the emotional trauma inflicted by cyber harassment. A cyber insurance policy is a must-have instrument as almost every individual is becoming victim to some or the other form of cyber crime and thankfully, cyber insurance now covers all cyber-related risks such as identity theft, ransomware, cyber bullying, financial frauds, mitigation losses, extortion, and many others.”