Cyber insurance is crucial for modern business but coverage has limits

It provides financial protection and access to critical resources, such as expert legal counsel and incident response teams

In today’s digital age, where businesses and individuals increasingly rely on technology, cyber insurance has become a vital tool to protect against financial losses and reputational damage. However, companies must understand the various facets of cyber insurance in order to effectively leverage it.
 

Cyber insurance coverage varies, depending upon industry and requirement. It typically covers business losses, including those for breach, interruption, recovery, forensic, cyber extortion and third-party cost (for damages suffered by parties outside business) covering regulatory and legal liability, intellectual property right infringement, multimedia liability, disclosure liability, and reputational liability.
 

Such insurance policies offer coverage for a range of cyber-related incidents, including for data breaches like unauthorised access, theft or disclosure of sensitive data. They protect against ransom payments, data restoration costs and business interruption losses. Coverage for cyber extortion offers protection against threats of data disclosure or system disruption in exchange for a ransom.
 

Then there is coverage for costs associated with identifying, containing and remediating network security breaches.

Reimbursement is provided for lost income and expenses incurred due to cyberattacks. If a business suffers electronic fraud, insurance will protect against fraudulent transactions such as unauthorised wire transfers or online purchases. There is also insurance for third-party claims arising from cyber-related incidents, including defamation, copyright infringement, and privacy violations.
 

While cyber insurance offers comprehensive protection, it is important to understand its limitations. Exclusions depend on policy and we list some common ones. Cyber insurance coverage typically does not extend to losses resulting from intentional acts of the insured or their employees. Bodily injury, diseases or death to any tangible item are not covered. Cyberattacks related to acts of war or terrorism are often excluded.
 

Cyber insurance does not cover physical damage to property. Any loss from power disruption, mechanical malfunction, equipment failure is not covered. Fines or penalties imposed by government authorities for non-compliance with data protection laws are generally not covered. Any breach of trade secrets, trademarks, registered patents, or alleged plagiarism will not be covered.
 

Some policies do not pay if data is stolen or services breached at vendors and other partners unless specifically called out. Insider threats like malicious or negligent employees are often excluded. Most insurance plans do not cover outages caused by mis-configuration and other internal errors (not caused by cyberattacks). 
 

In India, where businesses and individuals are adopting digital technologies, cyber insurance has become a critical risk management tool. Here is how it can help:
 

Financial protection: By covering the cost of data breaches and ransomware attacks, cyber insurance protects against financial losses.
 

Business continuity: In the event of a cyberattack, it can help businesses minimise disruptions and protect their reputation.
 

Regulatory compliance: Cyber insurance can help businesses meet regulatory requirements, such as the Personal Data Protection Act.
 

Risk management: By assessing and managing their cyber risks, businesses can improve security and reduce their exposure to threats. 
 

By understanding what cyber insurance covers, what it does not and how it can help in managing digital threats, businesses and individuals can better protect themselves against the risks associated with cyberattacks.
 

Furthermore, it provides not only financial protection but also access to critical resources, such as expert legal counsel and incident response teams. This holistic approach ensures that organisations can recover swiftly from attacks while reinforcing their cybersecurity posture.
 

The writers are partner (leader-cyber) and director, Deloitte India