ADVERTISEMENT

Can cyber insurance secure your organisation’s data

June 10, 2021 02:09 pm | Updated June 11, 2021 12:58 pm IST

Several companies are considering taking cyber insurance to seek protection against huge financial losses, especially after the prevalence of large-scale cyberattacks including the recent ones on SolarWinds and the U.S. Colonial Pipeline

Aditya Saroha,Sowmya Ramasubramanian
Cyberattacks top the list of human-caused risks globally, according to the World Economic Forum.

(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)

Large-scale cyberattacks, like the recent SolarWinds and U.S. Colonial Pipeline attacks, have highlighted the growing threat of high-profile hacks on Internet users worldwide. According to the World Economic Forum, cyberattacks top the list of human-caused risks globally, and research firm Cybersecurity Ventures has predicted cybercrime may cause damages worth $6 trillion by the end of this year. Several companies have turned to cyber insurance to seek protection against huge financial losses.

What does cyber insurance cover?

ADVERTISEMENT

A typical cybersecurity insurance, or cyber risk insurance, is designed to help businesses hedge against potential cybercrime including ransomware, malware and denial-of-service (DDoS) attacks. Some policies may also cover losses incurred by other methods of hacking such as cyber stalking, e-mail spoofing, phishing, and cyber-extortion that may compromise a network and expose sensitive data. The claims could also include the cost of privacy investigations or lawsuits following an attack.

Additionally, individual and corporate plans should also cover the cost of hardware, like in a case where a cyberattack causes a computer burn-off due to extensive CPU utilisation or heat dissipation system failure, Joydeep Roy, Global Health Insurance Leader at PwC told

Sign up for newsletters, unlock features and do more on The Hindu
LOG IN
Support our reporting.
SUBSCRIBE NOW
The Hindu .
Sign up for newsletters, unlock features and do more on The Hindu
LOG IN
Support our reporting.
SUBSCRIBE NOW

Also Read |

ADVERTISEMENT

IRDAI panel for making Cyber insurance wordings, claim process easier

ADVERTISEMENT

Cyber insurance policies generally don’t cover potential future lost profits and loss of value due to theft of intellectual property, according to Rohan Vaidya, Regional Director of Sales-India at CyberArk.

"Any person connected to the Internet must consider taking cyber insurance," according to T. L. Arunachalam, Director of Cyber and Emerging Risks Practice at Bharat Re-Insurance Brokers. This applies to both individuals and businesses that conduct transactions online through banking or have any form of internet presence, he told The Hindu.

How much does a policy cost?

Companies generally opt for policies falling in the range of ₹40 crores to ₹200 crores as sum insured, and the typical premium is around 1-4% of the sum insured, Rohan said.

​The cost of a cyber insurance policy depends on several factors. Premiums are likely to be high for companies in certain sectors like pharmaceuticals, healthcare, hospitality, and banking, as they hold sensitive customer information and are prone to vulnerability, according to Arunachalam.

Also Read | 78% companies expect another SolarWinds-style hack, survey finds

Cyberattack preparedness will also determine the cost of a policy. If a company has weak cybersecurity defence systems and incident response techniques, the Probable Maximum Loss (PML) is likely to be higher, therefore pushing up the premium of the policy. "It makes sense for companies to invest in tools and/or subscribe to professional services to strengthen its cybersecurity policy, architecture, defence & decoy systems as well as the crucial element of swift and expert incident response mechanisms," Joydeep noted, indicating the cyber insurance cannot be a substitute for inadequate cyberattack prevention practices. "The seriousness towards possible cyberattacks and the determination of a company to defend its data and resources will also play a part in determining the premiums and claim payments of cyber insurance," he added.

It is a common misconception that insurers will simply cover the costs to pay a hacker, however some insurances offer coverage, and this can encourage hackers to demand more money, said David Channing, Head of Cyber Insurance at Avast. "Thankfully, we recently saw French insurance company Axa pulling its offering of ransomware payment reimbursements from the market. Hopefully, this is the start of a positive trend," he noted.

While cyber insurance has been a talking point in India since the past few years, only about 15-20% of Indian companies are actively considering securing their risks through insurance, Arunachalam said. "The percentage of companies already insured will be much lesser," he stated. However, automation, Internet-of-Things and the current work-from-home situation is likely to give a boost to cyber insurance adoption in India in the coming years, CyberArk's Rohan noted.

This is a Premium article available exclusively to our subscribers. To read 250+ such premium articles every month
unlock them all
SUBSCRIBE NOW
If you're already a subscriber
You have exhausted your free article limit.
Please support quality journalism.
SUBSCRIBE NOW
or read this article by Downloading The Hindu News app
If you're already a subscriber
You have exhausted your free article limit.
Please support quality journalism.
SUBSCRIBE NOW
or read this article by Downloading The Hindu News app
If you're already a subscriber
The Hindu operates by its editorial values to provide you quality journalism.
Support our reporting.
SUBSCRIBE NOW
This is your last free article.
to read unlimited content from The Hindu
SUBSCRIBE NOW
Get The Hindu News App on
Get The Hindu News App on

ADVERTISEMENT

ADVERTISEMENT

To enjoy additional benefits

Make most of your subscription

Crossword+

CONNECT WITH US