The significance of cyber insurance in mitigating cybersecurity threats

As the threat of cyber risks continues to grow, cyber insurance is gaining popularity as a crucial tool for risk management, especially for Indian businesses expanding into international markets and engaging in cross-border transactions. India is experiencing an increasing number of cybercrimes, including ransomware attacks and sophisticated phishing campaigns, as highlighted in the FBI’s Internet Crime Report 2021. This underscores the importance of cyber insurance in the era of rapid digitalization.

The Complexity of Safeguarding Digital Assets:

Despite advancements in cybersecurity, cyber exploitation has become more targeted and exploits vulnerabilities in the interconnected digital ecosystem. The proliferation of exposure points and the concentration of digital assets have made this ecosystem susceptible to attacks, misuse, and even cyber espionage or warfare. Traditional Computer Network Defense techniques focus on protecting individual systems and networks, which may not be sufficient to counter the complex missions of modern cybercriminals. In 96% of all cyber attacks in India, the primary motive is financial gain, with cybercriminals stealing user credentials and hacking payment networks. This makes it imperative for businesses to protect themselves not only from financial risks but also from potential legal and reputational consequences of cybercrimes.

What is Cyber Insurance and What Does it Cover?

Cyber insurance is essentially a contract between an insurer and a business or individual, serving as a safety net that covers costs and liabilities arising from a cyberattack or security breach. Depending on the policy’s extent, cyber insurance can provide financial assistance for emergency responses, IT infrastructure damage, event and media management costs, and reputational losses. In India, cyber insurance policies typically consist of four main sections:

1. First-party expenses coverage.
2. Regulatory investigation cover.
3. Crisis Management Expenses cover.
4. Privacy and Data Liability Claims coverage.

Each section addresses different risks and provides financial compensation for various aspects, including direct costs, legal expenses, extortion demands, and third-party liabilities. Businesses should assess their specific needs and sector to determine which coverage(s) are most suitable to build a financial buffer against cyber risks.

Key Trends in India’s Cyber Insurance Market and the Future:

In 2022, India reported 13.91 lakh cybersecurity incidents, with cyberattacks increasing by 18% from January to March alone, compared to a global increase of 7%. Threat actors are even using artificial intelligence tools like ChatGPT for cyberattacks.

A 2021 IBM report revealed that the cost of a data breach in India averaged ₹165 million per incident, with phishing and ransomware incidents more than doubling from the previous year, according to data from the Indian Computer Emergency Response Team (CERT-In). This trend is expected to continue, making it essential for organizations to complement their cybersecurity efforts with adequate cyber insurance coverage.

However, only 41% of Indian companies have standalone cyber insurance coverage, while 52% include cyber risk coverage within broader business insurance policies. Alarmingly, 7% of surveyed businesses have no cyber insurance protection, putting them at high risk of substantial financial losses in the event of a cyberattack. As more businesses adopt digital technologies and transition to cloud-based data processing, the Indian cyber insurance market is likely to expand significantly in the near future.