Cyber insurance premium costs have increased by over 50% over the past year. Several factors have contributed to the considerable increase in cyber insurance premium in India. This include the surge, sophistication and severity of cyber-attacks that have significantly impacted companies in various business sectors. Furthermore, the rise of losses due to ransomware and cyber extortion has added to the financial burden of business organisations
By Kanishka Gadi
Despite the significant progress and development of cyber-security in the recent years, criminal hackers continued their onslaught by resorting to novel tactics to inflict considerable damage to companies in the last few years.
The list of companies that have suffered damage due to these cyber-attacks continues to grow and their novel tactics grab the headlines year after year. This has further contributed to the dampening of the business environment as organizations limit their growth and expansion plans in anticipation of the threat posed by cybercrime.
The risk environment has started to become complex by the day with the increase in the volume of these attacks. Let us examine some of the major reasons for the rise in the threat posed by cyber-attacks.
Geopolitical Conflict:
Organised crime gangs that have historically focused on targeting Western organisations appear to have been drawn to focus on government operations. Politically motivated cyber-attacks, of course, have implications. Most developed countries are heavily dependent on their information infrastructure; an attack of this nature could have devastating consequences and is taken incredibly seriously by governments across the world.
Ransomware Sophistication:
The ever-increasing sophistication in ransomware attacks and the extortion of large amounts of funds has punitively impacted organisations across all sectors. The past few years witnessed ransomware attacks impacting organisations on a global scale. This included multiple levels of extortion with ransomware tools, distributed denial-of-service, data infiltration and more.
What is more worrisome is the ease in accessing powerful ransomware tools. Even with modest computer software coding skills, criminals can launch attacks that can cost companies millions.
Hybrid Work Modes:
Enabling employees to work both from office and home has resulted in an increase in the number of endpoints to protect, along with significant changes in systems and networks. The transition from remote to hybrid work modes has resulted in a massive shift to cloud and this has generated several new risks.
In particular, organisations which have hybrid cloud and legacy on premise installations attract greater risk and understanding responsibilities among themselves and their partners has become an even higher priority.
Risk Transfer Through Insurance:
The rising cases of cyber-security attacks and data breaches are one of the key factors fuelling the demand for cyber insurance. The use of advanced technologies has only increased the complexity of the threat from cyber-attacks as hackers continue to employ sophisticated methods that render conventional security measures ineffective. This has forced companies to seek comprehensive protection through cyber insurance.
According to recent report released by Deloitte, the current Indian cyber insurance market is valued at around USD 50 million, maintaining a steady growth (CAGR) of approximately 30% in the past three years. This growth is expected to continue for the next five years, driven by an increased awareness of the need for cyber insurance.
With companies from IT and ITeS, manufacturing, e-commerce, BFSI, fintech and managed service providers being the primary target of malicious cyber-attacks in recent times, these industries constitute the primary drivers of cyber insurance business in India with other sectors increasingly considering the protection offered by cyber insurance.
Cyber Insurance Premiums:
Cyber risk insurance premiums are heavily dependent on the maturity of the cyber network and infrastructure of organizations, their turnover, the value at risk covered by the organizations and the health of their IT infrastructure.
Cyber insurance premium costs have increased by over 50% over the past year. Several factors have contributed to the considerable increase in cyber insurance premium in India. This include the surge, sophistication and severity of cyber-attacks that have significantly impacted companies in various business sectors. Furthermore, the rise of losses due to ransomware and cyber extortion has added to the financial burden of business organisations.
Another key driver is the increasing importance of data privacy and the rising costs and penalties associated with data breaches. As regulatory frameworks become stricter, organisations face substantial financial losses due to legal fees and efforts made for data recovery.
The Future Of Cyber Insurance:
The cyber insurance market is predicted to witness substantial growth globally. According to the Data Security Council of India (DSCI), it is projected to reach around Rs 1.59 lakh crores by 2024, representing a growth rate of approximately 25%.
As cyber threats evolve and intensify, businesses must recognize the significance of investing in robust cyber-security measures and comprehensive cyber insurance coverage. Companies can mitigate potential financial losses from cyber incidents by partnering with insurers and adopting effective risk management practices.
Some Major Cyber Attacks in India in 2023:
Ransomware Attack on Government Agencies: In 2023, a major ransomware attack targeted government agencies, crippling them for days. The attackers demanded a hefty ransom to restore access to the critical government data.
Data Breach at a Major Financial Institution: One of India’s largest financial institutions suffered a data breach in 2023, resulting in the theft of data of millions of customers. The breach led to significant financial losses for the institution and damaged its reputation.
Cyber-attack on Healthcare Providers: Healthcare providers were hit with a devastating cyber-attack in 2023, leading to the theft of sensitive patient data. The attack disrupted patient care and resulted in significant financial losses.
Social Engineering Scams: Cybercriminals used social engineering tactics to trick individuals into revealing their personal information, leading to identity theft and considerable financial losses.
Malware Attack on Educational Institutions: Educational institutions were hit with a malware attack that compromised their systems, leading to significant data loss and disruption to learning.
Phishing Attacks on Retailers: Retailers were targeted by phishing attacks that led to the theft of customer data and financial losses.
Distributed Denial of Service (DDoS) Attack on Telecom Providers: In 2023, telecom providers were targeted by a DDoS attack that brought networks and led to significant financial losses.
Insider Threats: Insider threats posed a significant risk to businesses and government agencies, with employees stealing sensitive data and causing irreparable damage.
The author is Head-Liability & Banking, Anand Rathi Insurance Brokers
Ransomware Attacks in India
India witnessed the highest incidence of ransomware attacks in South Asia accounting for 3.44% of the total 4.86% incidents reported in the first half (H1) of 2023, according to a report released by Japanese cyber security software company, Trend Micro. India ranks fourth globally in online banking malware detection, with a detection rate of 8.2% of overall global cyber threats. In the first half (H1) of 2023, 5,609 online malware threats were identified.
While the government faced 18,862 malware attacks, the banking sector faced 15,514 malware attacks in the first half of the year. These attacks targeted various sectors with banking, manufacturing and retail industries reporting the highest number of incidents. Spam attachments also spiked significantly in June, with 3.9 million detections, a 1,242% increase from the start of the year. Malware-embedded documents emerged as the most commonly used spam attachment file type.
The authoress is Head – Liability and Banking Business, Anand Rathi Insurance Brokers