)
Cyber liability insurance policies are seeing demand from corporates. Less than 100 such policies have been sold in India until now.
Companies with large technology-related and internet-related operations and those storing a large quantity of customer data are now opting to take this cover.
Pavan Dhingra, chief executive of Prudent Insurance Brokers, said traditional insurance policies were inadequate to cover cyber risks. “According to our estimates, there have been only 50 or so dedicated cyber-insurance policies sold in India so far.”
According to the National Crime Records Bureau, cyber-crime rose 350 per cent in the three years between 2010 and 2013. Several surveys by data security companies have revealed that cyber risks posed the most risk for corporates in India.
ALSO READ: SMEs in India target of cyber-spying campaign
Cyber crime covers sold in India are in the range of $2 million to $10 million (Rs 12.8 crore to Rs 64 crore), and the premium range is approximately $30,000 to $200,000 (Rs 19.2 lakh to Rs 1.2 crore) depending on the size of the company and the cover, according to data from Prudent Insurance Brokers.
Cyber crime covers sold in India are in the range of $2 million to $10 million (Rs 12.8 crore to Rs 64 crore), and the premium range is approximately $30,000 to $200,000 (Rs 19.2 lakh to Rs 1.2 crore) depending on the size of the company and the cover, according to data from Prudent Insurance Brokers.
Rakesh Jain, chief executive of Reliance General Insurance, said there was a growing need among companies to cover cyber liability risks. “There is a need to get this cover, especially by companies who deal with a lot of customer data and face potential risks to data privacy. After some years, this policy could be among the top liability covers sold in India.”
Insurance executives said earlier only clients from the banking, financial services & insurance sector were active in the cyber and technology space, apart from information technology and information technology enabled services firms. However, now even sectors such as retail, hospitality and pharmaceuticals were taking these covers. With e-commerce firms on the rise, the potential for these covers was high.
Traditional policies are not geared to protect against the various costs of a cyber-attack, such as the many first-party costs related to hiring forensics experts for investigation, image managers to repair reputation and security consultants to repair broken firewalls and processes. Nor do these cover the fines and penalties a breached business might have to bear, usually imposed by a regulatory or quasi-regulatory authority.
Dhingra said a one-size-fits-all cyber-insurance policy would be inadequate as the requirements would change from industry to industry. Unlike in traditional policies, he said, adequate protection or risk mitigation cannot be obtained without a high degree of individual customisation.
Cyber-crime covers are modular policies so a company can add modules with various limits for each. Examples of modules are notification costs, reinstatement of data costs, liability, fines and penalties and forensic expert costs, among others. Also, customisation would be possible depending on business, environment, geography, etc.
