The aftereffects of last year’s SolarWinds hack continues with the latest developments pointing to a Chinese angle. The year 2020 was rife with cyberattacks impacting millions of people.
According to a Cybersecurity Ventures report, by 2025, the losses due to cybercrime would rise to $10.5 trillion, a 15 percent increase from 2020. Given the risks involved, many enterprises are turning to Cyber Insurance. Also called cyber liability insurance, it protects organisations from the business disruptions and aftermath of a cyberattack or a hacking threat.
The Insurance Regulatory and Development Authority of India (IRDAI) had set up a panel in October 2020 to examine the need for a standardised cyber liability insurance product. In January this year, the panel came out with its observations and recommended introducing a cyber liability policy for individuals.
However, the panel decided against the standardisation of cyber insurance in India. The report said, “The Working Group believes that early standardisation of cyber insurance in India, might impede innovation and hinder adaptation to evolving industry needs. It may lead to price-based competition instead of developing competencies for agility to design new products suitable to new environments.”
In view of the growing cybersecurity incidents, can similar protection be extended to enterprises?
What Is Cyber Insurance?
Cyber insurance is suitable for any business with an online component or stores electronic data, or relies on technology to carry out its operations.
Cybercriminals target details of the staff, intellectual property, and other sensitive information such as financial data. Hackers may also release ransomware into the network and cripple the whole system.
What Protection Does A Cyber Insurance Offer?
Fearing the consequences, mainly financial, from an attack, C-suites around the world are quickly turning to cyber insurance. In 2020, a cyber insurance program exceeded $1 billion in valuation for the first time.
Cyber liability insurance is generally recommended for larger businesses to help them cover their losses. In case of a cyberattack, cyber insurance can help cover the following.
Cyber insurance offers coverages in the following cases:
- If the business’ computers are hacked, exposing private and confidential information.
- Customers, especially in the financial and healthcare industries, sue the company over the leakage of personally identifiable information (PII) or Protected Health Information (PHI).
- Availing legal services to help meet the state regulations
- Notification expenses to alert affected customers
- To pay extortion to recover important locked files in a ransomware attack
- For compensating employees for the lost income from a network outage.
However, there are a few associated costs that cyber liability insurance does not cover:
- Most insurance policies don’t cover property damage or hardware replacement.
- Loss of business caused during the downtime
- Many companies outsource to other companies for meeting their requirements related to email, web hosting, customer relationship management, and cloud services. Most insurance providers do not extend their coverage to such third parties.
Cyber insurance is still in its infancy. Compared with other business lines globally, the size of the cyber liability insurance market is quite small. The report from the working group of IRDAI noted that companies are majorly dependent on traditional insurance to mitigate losses emerging from cyber exposures. The report said, “Even those industries which realise the scale and extent of their exposures, like the financial institutions, perceive cyber insurance coverage as too narrow or ambiguous to assure them of adequate recovery in the event of a loss.”
Most companies are still taking the traditional route, and cyber insurance hasn’t picked up pace as a niche sector. Going by the trends, it is difficult to say whether the situation will improve. Experts believe a good strategy to push the sector is to start with sachet covers (bite-size insurance) and build on them.
Inarguably, cybersecurity breaches are on the rise. The companies should go for a combinatorial strategy — a mix of cyber insurance and building tech defence– to neuter cyber attacks instead of doubling down on the tech bit alone.