Cyber risks have increased after the COVID-19 outbreak. Work-from-anywhere culture, hybrid & virtual workplaces have catapulted cyber attacks on companies as well as individuls.
Today, as more companies get digital, the more are chances users risk becoming a victim of thefts, hacking, and digital fraud.
The heightened cyber risks have increased demand for cyber insurance, a new age policy that tries to safeguard online users from such criminal acts. Cyber insurance provides coverage for specified inclusions in the policy document.
With this context, Evaa Saiwal – Practice Leader – Liability & Financial Risk, Policybazaar, in a discussion with CXOToday shared more insights on the same.
Q1. What is cyber insurance? Why is it a must-have for IT companies and consultants?
Cyber insurance is a liability insurance product which protects the insured from digital or internet-based risks such as losses due to malware, cyber breaches, ransomware attack etc. Having cyber insurance can minimize business disruption during and after a cyber incident and protects businesses from first and third-party liabilities. It’s a must-have for any company which is using the internet for its business process more so if the company is a critical infrastructure company or supports critical infrastructure companies such as financial institutions, medical establishments, etc.
Q2. Which event would most likely be covered by cyber insurance?
Any data breach, network interruption event, ransomware attack, cyberbullying, malware intrusions, or extortion event would be covered under this policy. Cyber insurance typically covers expenses related to the investigation, data recovery, restoring the identities of affected clients, notifying customers of the breach/data loss, reparation of affected customers/clients, and legal fees.
Q3. Are there specific incidents that are excluded from a cyber insurance policy? Is it different for mid-size IT companies?
Yes, similar to any other insurance, cyber insurance has its own exclusions. Some of them are – fraudulent claims, intentional acts, claims or circumstances discovered before policy inception, unauthorised or unlawfully collected data, etc. These exclusions are common across all sizes of companies.
Q4. Not just companies, independent IT consultants are also at equal risk of a cyber attack. Is there any individual cyber insurance? If yes, how is it different from corporate cyber insurance?
Yes, Indian insurers have now filed coverage for individual cyber insurance. As cybercrime becomes a growing threat, retail cyber insurance is also seeing an uptake. Just like corporate cyber insurance, retail cyber insurance also protects individuals from cyber extortion, privacy breach and data breach by third parties, phishing, cyberstalking, identity theft, social media, etc. Corporate cyber insurance has few coverages which are more relevant to a business than an individual such as – regulatory fines and penalties, data liability, credit monitoring expenses, business Interruption losses, etc.
Q6. Cyber insurance is essentially designed to cover financial losses arising from cyber-attacks. What are some comprehensive features of the policy that the company should check before buying?
Cyber Insurance covers losses occurring due to any data breaches which include forensic fees, investigation costs, fines and penalties, defense costs, network interruption, data liability etc
Q7. Cyber risks are ever-evolving. What are the most recent trends you have observed especially post COVID-19? Are these trends affecting policies and coverage?
Owing to the COVID-19 led digital transformation, there has been an evident increase in digital frauds and cyber theft. This has catapulted the demand for cyber insurance for both companies and individuals. On the other hand, due to the work shifting online, a massive surge in the claim circumstances for cyber insurance is also seen. Therefore, while reevaluating their risk appetite, insurers have tightened their terms and conditions. The rates have hardened and the insurers have become more conservative in their underwriting.