Cyber-crime zoomed 350% in the three years between 2010 to 2013
Cyber liability insurance has seen less than 100 policies sold in India. However, demand from corporates is increasing now. This not only include companies which have large technology-related and internet-related operations, but also includes thosewhich store a large quantity of customer data.
Pavan Dhingra, CEO of Prudent Insurance Brokers explained that traditional insurance policies are inadequate cover for cyber risk. “As per our estimates, there have been only 50 or so dedicated cyber-insurance policies sold in India sofar,” he added.
According to the National Crime Records Bureau (NCRB), cyber-crime zoomed 350% in thethree years between 2010 to 2013. Several surveys by data security companies have revealed that corporates in India (small, mid-size and large) have thelargest threat from cyber risks.
Cyber Crime covers sold in India are in the range of $2 million to $10 million (Rs 12.8 crore to Rs 64 crore), and the premium range is approximately $30,000 to $200,000 (Rs 19.2lakh to Rs 1.2 crore) depending on the size of the company and the cover, customisation that it requires, according to data from Prudent Insurance Brokers.
RakeshJain, CEO of Reliance General Insurance said that there is a growing need among companies to cover cyber liability risks. “Especially companies who deal with a lot of customer data and face potential risks to data privacy, there is a need to get this cover. After some years, this policy could be among the top-most liability covers sold in India.”
Insurance executives said that earlier only clients from the banking, financial services & insurance sector were active in the cyber and technology space apart from IT/ITeS service firms. However, now even other sectors like retail, hospitality and pharmaceuticals are also taking up these covers. Further, with e-commerce firms being on the rise, the potential for these covers is high, since it is most relevant to them.
Even so, traditional policies such as Professional Indemnity, Commercial General Liability (CGL), etc. are not really well geared towards protecting against the various costs of a cyber-attack such as the many first party costs related to hiring forensics experts for investigation, image managers to repair soiled reputations or software & security consultants to repair broken firewalls & processes. Nor do they cover the fines and penalties that a breached business might have to bear, that can be imposed by a regulatory or quasi-regulatory authority for negligence.
Dhingra said that cyber-risk is different for different industries so a one size fits all cyber-insurance policy will prove inadequate. He added that unlike in traditional policies, adequate protection or risk mitigation cannot be obtained without a high degree of individual customisation.
Cyber-crime covers are modular policies so a company can add different modules with different limits for each module. Examples of modules are notification costs, reinstatement of data costs, liability, fines & penalties, forensic expert costs, PR costs among others.
Also, customisation is also as per industry, per business, per business environment, per geography. One can choose or opt out depending on where they are based and which geographies they operate in.
Source: Business Standard