DPDP rules lift cyber, D&O cover enquiries, but major demand yet to emerge

India's DPDP Act has prompted firms to reassess cyber and D&O liability limits, lifting enquiries but not yet translating into a surge in purchases

Although India’s new Digital Personal Data Protection (DPDP) Act has prompted greater enquiries from companies about overall liability insurance — particularly cyber insurance and Directors and Officers (D&O) cover — it has not yet translated into a significant increase in demand. However, firms are considering enhancing their existing coverage in these segments, insurance industry insiders said.

 

“While there is a rise in enquiries on liability insurance — mainly cyber insurance and D&O insurance — post DPDP announcement, there has not been a significant spike in new demand specifically because of DPDP. Existing companies are considering increasing their cyber coverage, and those reassessing existing policies are questioning whether they have adequate cover,” said Amit Solanki, executive president and head of the Liability and Special Risks division at Howden Insurance Brokers India.

 

Solanki pointed out that companies are considering between 15–25 per cent additional limits, with some seeking up to 50 per cent more if they were not carrying adequate limits in the first place. This trend is strongly visible in the cyber and D&O lines of business, he said.

 

The new DPDP Act mandates stricter data compliance, including more stringent requirements for data collection, processing, storage, and sharing.

 

Why are companies reassessing cyber and D&O cover under DPDP?

 

Industry experts said existing companies are also considering increasing the limits of their current coverage ahead of the implementation of the norms. They believe this trend mirrors responses seen under other data-related regulations, including the European Union’s General Data Protection Regulation (GDPR) and other frameworks. However, they expect a significant increase in demand for these policies only when a fine or penalty is imposed on a company.

 

Evaa Saiwal, practice head (Liability and Speciality Risk), Policybazaar for Business, said: “Cyber insurance cannot prevent penalties but can help companies absorb financial losses arising from regulatory fines and penalties under DPDP. Currently, companies are still trying to understand DPDP and how it correlates with cyber insurance and D&O. Larger companies already holding cyber policies are examining exclusions and reassessing limits; mid-sized companies have begun making enquiries since DPDP’s introduction. Although interest has increased, there isn’t yet a significant surge in policy purchases — likely not until the first major fine is issued.”

 

What trends are insurers witnessing in liability cover enquiries?

 

“Overall liability enquiries have risen, but not only because of DPDP. As of early December, the demand is lukewarm but rising, with expectations of significantly higher uptake within two to three months as understanding improves and once the first DPDP penalties occur. The overall increase in liability enquiries is evident, with the majority driven by cyber insurance demand,” Saiwal added.

 

DPDP violations can also indirectly impact company management, where directors or senior officers may face responsibility for a breach. In such cases, D&O insurance becomes relevant. A third potential area is professional indemnity (PI), which could be triggered when companies holding or processing data on behalf of clients face allegations of wrongful professional services tied to a data breach. However, these areas are currently not primary concerns for companies compared to cyber insurance. Insurance brokers, though, are seeing a multifold increase in cyber insurance enquiries not only because of DPDP norms but also because of growing cyber incidents, including the recent JLR incident.

 

Is DPDP also pushing demand for D&O and professional indemnity cover?

 

“However, at the current moment, there is an increase in interest in cyber insurance, not as much in D&O or PI. There is limited awareness or urgency regarding indirect exposures for directors, and few companies are increasing their D&O limits because of DPDP. Cyber insurance demand, however, has risen sharply, driven both by DPDP and by recent severe cyber incidents such as the JLR breach, where the number of enquiries for cyber insurance has grown multifold. Existing cyber buyers are significantly increasing their limits — sometimes from a few hundred crores to over a thousand crores,” said Tanuj Gulani, president, Special Lines Liability, Prudent Insurance Brokers.