Technology companies rush for cyber cover in European Union's GDPR regime
Crisis communication, non-breach related fines top management concerns
 "Technology companies rush for cyber cover in European Union's GDPR regime")
premium
The European Union’s (EU) General Data Protection Regulation (GDPR) may have increased the complexity level of businesses operating in the EU, but it has certainly brought more business for insurance companies as technology and data centric firms turn to them for cover.
Contractual obligations to clients remain the prime reason for companies for GDPR-ready policy covers.
“Companies are really trying to understand what changes for them when they process data for an EU based company or they process data for a global company using EU citizen data, and how does it affect their liability? Also, data breaches are a serious threat to company’s reputation as well as their customers and these are major concerns that these firms are seeking insurance for,” said Anup Dhingra, President, FINPRO and Private Equity M&A.
He said IT/ITeS firms have been early adopters of cyber insurance to fulfill their contractual obligations and to cover their exposures around cyber liability. Next in line was the BFSI sector with all major private and public sector banks, insurance companies, fintech firms and others. “We have noted demand for cyber insurance from manufacturing firms to prevent cyber induced business intelligence losses and regulatory actions.”
ALSO READ: Information technology companies slam brakes on fresh investment
ALSO READ: Information technology companies slam brakes on fresh investment
While businesses with an EU footprint are certainly seeking cover, analysts feel the lack of a strong regulation in India, pending the outcome of the final Sri Krishna committee report, has not encouraged other businesses to look for cover yet. Some feel that it might take a major data breach for Indian businesses to realise the need.
“Indian companies’ response towards availing cyber insurance is still tepid. However, we have recently seen that the IT-ITeS sector is relatively more receptive to avail cyber insurance with GDPR being a factor as compliance failures can result in penalties. Indian regulations do not mandate a cyber insurance policy but purchasing one can mitigate future risks,” said Mukul Shrivastava, Partner, Fraud Investigation & Dispute Services, EY India.
Companies are seeking cover for security incidents such as data breach, subcontracted or vendor work for clients, public/ private clouds, infrastructure services and data carrier services from telecommunications majors to software and IT services. They are also seeking cover for ransom and events beyond data breach like external audits, risk mitigation and the penalty for non-compliance.
Under Scanner
Contractual obligations to clients remain a reason for companies for GDPR-ready policy covers
Over the past 24 months, there has been two to threefold rise in insured limits subscribed by Indian tech and telecos
Firms are seeking cover for data breach, subcontracted or vendor work for clients, public/ private clouds, infrastructure services and data carrier services from telcos to software
Analysts feel the lack of a strong regulation in India has not encouraged other businesses to look for cover yet
Among the top technology companies of the country, the senior management is particularly concerned about fines on discovery of unintentional security lapses as well lapses by individual employees apart from large scale crisis communication in the face of loss of trust from customer base.
Over the past 24 months since GDPR was announced, there has been a minimum of two to three-fold increase in the insured limits subscribed by many large Indian technology and telecom majors, said Marsh India. Smaller companies and start-ups are also likely to go for a combination of various available insurance options to optimise their insurance spend.
Among the more notable incidents, a British compliance agency last year had fined a telecommunications major TalkTalk for the leak of customer data which was being handled by IT major Wipro.
“Since the GDPR regulations have been announced, we have seen at least a 15 per cent rise in companies looking for coverage with respect to cyber security. The GDPR regulation is on top of our clients’ mind during the discussions regarding renewal of the policies due to their contractual obligations with their EU clients,” said Sasikumar Adidamu, chief technical officer, Bajaj Allianz General Insurance.
One subscription. Two world-class reads.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%