Ransomware attacks, in which hackers gain control of files and data to extract financial gain, continue to be the biggest concern of organisations and is expected to get even more prominent in the years ahead
Cyber insurance market is the fastest growing segment in the Indian insurance sector today, witnessing a 40% growth over the last two financial years alone according to a report by Data Security Council of India.
Amit Agarwal
While cyber threats have been in the since news for quite some time, it has increased exponentially post 2020.
Cyber-attacks
As per the annual AGCS Top 10 Global Business Risks report, Cyber Risk has been rated as the number one risk for the past 3 years.
Cybercrime costs are projected to rise from just $3trillion in 2015 to hit $10trillion by 2025.
According to an Accenture report on the state of cybersecurity, small businesses continue
to face the bulk of cyberattacks and account for 43% of the total cyber-attacks reported in
2021 alone.
What’s more, only 14% of the surveyed small businesses have taken precautions and measures against the associated risks, highlighting the need to improve awareness about the increasing financial risks posed by cybercriminals and the importance of cybersecurity insurance.
As cyber-attackers become more sophisticated and target susceptible businesses, let us look at how cyber insurance can act as a vital safety net for businesses of all sizes and its increasing relevance in the Indian context.
A menace of epidemic proportions and the need for insurance
Apart from the large-scale supply chain disruptions brought on by the COVID-19 pandemic,cybercrime risks have also been amplified as organizations shifted to remote working and increasingly adopted digital tools to manage their business operations.
As compared to the pre-Covid era, cybercrime has increased by 600%, forcing businesses of all sizes to intensify efforts to prevent such attacks.
However, 81% of organizations are also wary of the costs associated with beefing up cybersecurity standards and admit to still lagging behind cyber criminals.
Moreover, every security breach could have a long-term impact on the organization, raking up tangible and intangible costs in terms of revenue losses, business disruption and even irreparable damage to a company’s reputation, especially when customers and their data are involved.
Ransomware attacks, in which hackers gain control of files and data to extract financial gain, continue to be the biggest concern and is expected to get even more prominent in the years ahead.
Even the latest cloud technology solutions have inherent security risks that need complex
cyber security solutions. This further elevates the cost of protecting an organization’s digital footprint and warrants protecting against financial risks associated with cybercrime through insurance products.
By allocating a small percentage of the overall security budget towards cybersecurity insurance premium, businesses can continue to augment their online business
channels without worrying about the financial impact of any imminent cyber-attack.
What is Cybersecurity or cyber liability insurance?
Cybersecurity insurance, also known as cyber liability insurance or simply cyber insurance, is a vital protection tool for all types of businesses.
The cyber insurance policy is designed to compensate the insured for costs incurred as well as third party damages arising from a cyber-attack or security breach.
The policy is divided into two main sections, namely, First Party Costs and Expenses and
Third-Party Liability.
The first-party expenses section typically covers any direct cost associated with a cyber-attack such as Forensic Audit Costs, Notification Costs, Credit Monitoring Costs, PR costs, Business Interruption, Regulatory Action or Ransom ware. Legal expenses and other regulatory costs are covered under a Regulatory Investigation section.
The Third-party Liability section will cover all the costs associated with claims being made
against the Insured by a Third party that has suffered a financial loss arising out of a data
breach of the insureds systems.
Who needs it and what does it cover?
Although cyber insurance is not limited to businesses, with cyber insurance policies for
individuals also available today, any party that exchanges information or has an exposure to the internet should be looking at taking a Cyber Insurance policy.
The intent of the policy is to transfer the risk of the financial loss from a breach to the
insurance company thus protecting the Balance sheet of the company.
The other advantage of the insurance policy is that the whole process of buying the insurance company provides an insured with a review of their existing controls in place and helps in updating it to the best possible level. This is based on the interactions and advise from the insurer on reviewing the current security posture of the company as a part of the underwriting process.
India’s growing cybersecurity insurance market
Unsurprisingly, the cyber insurance market is the fastest growing segment in the Indian
insurance sector today, witnessing a 40% growth over the last two financial years alone
according to a report by Data Security Council of India.
Cyber insurance claims too have grown substantially, doubling in FY2020-21 from the previous financial year with major contributions from all sizes of business firms in the IT, Auto, Pharma, Manufacturing and Services sector.
Still, apart from the IT/ITES industry where cyber insurance is often a precursor to establishing business relationships, the awareness level is still quite low amongst corporate entities.
This is despite the fact that the Indian manufacturing sector overtook the financial sector in terms of cyber-attacks reported in FY2021-22.
Going forward, it is likely that this trend will continue as more manufacturing and services businesses employ digitally-connected systems and technologies. In fact, estimates peg the annual growth rate in cyber insurance premiums collected to hover between 30-50% over the next few years, contributing up to 5% of the total non-life general insurance premium collected annually.
That said, with a jump in the number of cyber-attacks and a subsequently worsening loss
ratio, insurance providers have been compelled to restrict the policy terms and coverages as well as relook at the capacity that they would like to put on any given policy. The process of underwriting the risk has also become more detailed and time consuming.
Over the past year, cyber insurance premiums have risen by more than 50% and will see more revisions in the future as insurance providers get a better understanding of the broader market.
Insurers will have to ensure competitive pricing and focus on consumer awareness initiatives to bring more Indian businesses under cyber insurance coverage.
Peering into the future of cyber insurance
In a market made up of around 3,000 corporate clients and 20,000 odd individual buyers,
the Indian cyber insurance market is still severely underpenetrated and ought to witness
significant expansion in the near future.
Industry trends suggest that the number of cyber insurance policies sold should more than double by 2025, with a considerable uptick in the extent of coverage opted for by corporate clients.
Retail consumption will need to be augmented by conducting consumer awareness campaigns and developing customizable product offerings that can cater to a wide range of self-employed professionals.
As hackers accelerate the pace of ransomware attacks and cyber security breaches,
businesses across the globe and especially in a developing economy like India will have to
intensify efforts to thwart such attacks and mitigate related financial risks.
This makes a comprehensive cyber insurance cover an indispensable product for every small, medium or large-scale business, acting as an important residual risk transfer mechanism in an increasingly digitalized world.
The author is a Managing Director – Liability & Specialty Risk, Howden India