Cyber Risk Insurance – Are You Covered? Do You Need It?
India’s digitization drive is reaching very high momentum now, and it is now spreading to SMEs as well. The volume of digital data generated, stored across devices, and transmitted every second is unfathomable. eCommerce and UPI are driving humongous growth of amount Data stored. When data is stored on one's “server on premises” or in a private/ public cloud, is vulnerable and seriously risk could be posed to one's business. The degree of vulnerability would vary depending on the protection layers deployed to protect against cyber threats.
Despite all these protection layers, one can expose oneself or the organization to cyber threats.
Malware, Cryptojacking, and Ransomware – The Three Trending Cyberthreats
According to SonicWall's Cyber Threat Report 2023, malware, cryptojacking, and ransomware proved to be the significant cyber security threat trends worldwide in 2023.
SonicWall 2023 mid-year update listed India at no. 2 of the top 10 countries with malware spread. India saw a jump in ransomware attacks, rising by 133% in the first half of 2023. India stands at No. 9 in the top 10 countries for cryptojacking.
The “India Cybersecurity Domestic Market Report 2023” by DSCI NASSCOM provides insights on all aspects of the cybersecurity industry and its importance for Indian corporates. The report is eye-opening and highlights the need for implementing security measures and exploring insurance products to mitigate the financial impact post cyberattacks or data breaches.
Cybersecurity breaches or cyberattacks can happen through various pathways, with emails or phishing leading pathways. These attacks can occur even after implementing cybersecurity products, often due to human or process errors.
Our associate firm www.CTObridge.com could help on measures to be taken for cybersecurity, there is still residual risk left and hence this article is dealing with protecting the same using CyberInsurance.
Companies might have cyber security infrastructure, but it may often be inadequate. So, there is a natural question: Like fire or marine insurance, is there any cyber insurance?
The answer is yes, and the insurance industry has a product called "cyber risk insurance” or "cyber insurance." Like any other insurance, there are terms and conditions to protect oneself from these risks. While damage cannot be undone, some associated costs can be mitigated. Let us understand this in greater detail.
No business is spared by the attackers—government, private, small, medium, or large and the resultant negative impact and costs are very high. We found a compilation of significant cybersecurity data breaches in 2023 by The Hindu.
Cyber Insurance Adoption is on the rise in India
Deloitte, in its report “Cyber Insurance in India, Navigating Risk and Opportunities in a Digital Economy”*, estimates the current Indian cyber insurance market is growing at 27–30 percent CAGR and is expected to continue for the next 3–5 years, driven by an increased awareness of the need for cyber insurance. The market in itself is expected to reach a sizeable amount of more than US$100 million.
The Deloitte report further adds that industries heavily involved in digitization, such as
In addition to implementing cybersecurity measures, these sectors usually are early adopters of cyber insurance.
Factors influencing the need for Cyber Insurance
The Deloitte report also lists factors influencing the need for cyber insurance, some of which are listed below:
What is cyber risk?
Cyber risk is potential harm, loss, or disruption arising from vulnerabilities in a digital environment, which includes technology, networks, and data. It can impact individuals, organizations, governments, and societies.
These are some of the commonly known cyber risks, and the list is evolving:
Even with cybersecurity measures in place, why do you need cyber insurance?
While periodic Cyber risk assessments testing for vulnerabilities and safeguards can partly mitigate cyber risks, they may not always be foolproof.
Despite precautions, once a company becomes a victim of a cyber-attack, the losses related to data, finances, and reputation can be significant and disrupt day-to-day operations.
Recommended by LinkedIn
Protection Offered by Cyber Insurance
Cyber insurance cannot offer complete protection against the losses suffered due to a cyberattack, but it still provides considerable protection for digital assets such as
Proactive guidance
Post-cyberattack or data breach assistance
There are some exclusions, as is the case with any other insurance policy.
Cyber insurance may not offer protection against reputation loss, data sabotage, or customer loss due to disruption. However, it is still prudent to take Cyber insurance even if it does not offer 100% protection.
Insurance companies assist businesses in estimation and risk management proactively. They guide businesses to be compliant with the regulatory requirements regarding cybersecurity.
CFOs and finance leaders need to understand and advocate the benefits of cyber insurance to top management and choose a suitable policy. This policy will act as a risk mitigation strategy and a supplement to the company's cybersecurity measures.
Types of cyber insurance coverage available in India
Insurance companies may give many more types of coverage, and what is shared above is indicative and subject to change at the discretion of the Insurance companies due to the evolving nature of cyber threats.
Cyber Insurance Premiums Vary
It is also important to note that the premiums for cyber insurance in India will vary based on some of the factors listed below (not an exhaustive list):
So, sum up, if you foresee the potential for cyber risk in your business, it would help if you contemplated taking cyber risk insurance or at least had a dialogue to make a considered decision. Equally, just like we take an annual health check-up, getting a certified security professional to run a cyber security risk assessment to identify vulnerabilities and take mitigative actions is essential.
I hope you found this newsletter helpful. Do share your feedback. Thanks
References