This article basically focuses on the cyber insurance policy, its purpose and how the breach of cybersecurity may hinder the companies or individual reputation. Protection of data and privacy is a fundamental concept in the age of technology. To mitigate high factor risk associated with cyberattacks or breach of security they need for a cyber insurance policy is major concern and companies must have access to cyber liability coverage like first-party and third-party coverage provided by cyber insurance companies like Allianz General. HDFC, ERGO General, ICICI Lombard, TATA Aig
A cyber insurance policy, also referred to as cyber risk insurance or cyber liability insurance coverage, (CLC), is designed to help an organization mitigate risk exposure by offsetting cost involved with recovery after a cyber-related security breach or similar event happened at the place. The term cyber insurance address, first and third party losses as a result of a computer-based attack or malfunction of a firm’s information technology systems.[i] The risk associated with cyber fraud or breach of security is not based on any traditional commercial liability and holds a different policy per se. The demand for insurance is at the high edge for the means of protection from any financial losses against the risk of contingent or uncertain loss. The risk associated with cyber-attack may hinder the work performance of the company and may result in heavy loss.
Purpose of Cyber Insurance
Cyber insurance is designed to guard businesses against the potential effects of cyber-attacks and its ailing effect.[ii] It helps an organization mitigate risk exposure by out setting costs after cyber-attacks have happened. The coverage of cyber insurance is widened and included fees, expenses and legal costs associated with cyber breaches that occur after an organization has been hacked or from theft or loss of client or employees sensitive information[iii].
Typically, cyber insurance policies also cover expenses of Digital theft or data breach, business interruption (income loss) or additional expense due to system failure, cyber extortion, data recovery expenses or counselling treatment services.
The need for cyber insurance is to shift some of the risks, damages suffered by the company while accessing the data. The protection of data is the major concern for all the entities. In the age of technology, the power to access the business performance, growth, profit all factors are measured through computer devices. Cyber Insurance plays a major role in the safety of data and ensures the prevention of risk.
According to the World Economic Forums Risk Perception Survey, the threat of ‘Cyber Attack on the theft of data and money’ is highest in consideration resulting into 82% probability of such attacks on the system.
Impact of cyber security breaches
The impact of cybersecurity breaches has many hidden effects on the reputation or goodwill of the company. The loss of any sensitive data or personal information of stakeholders may put the company’s position at risk. The protection and safety of the data is the paramount duty of the company, any such breach may lead to major monetary as well as non-monetary risk to the firm.
Impact of cyber security breaches may include various hidden cost such as;
- Losses relating to intellectual Property
- May affect business supplier relationship
- Degrades company’s reputation at stake
- Financial Losses
- Difficult to retain the trust or input of customers in the company
Cyber liability coverage
Cyber liability insurance primarily covers those breaches of events where personal identifying information is lost, stolen, hacked or disclosed by any third party. For example, Bank account number, credit card details, social security patterns like passwords, healthcare data or driving licenses number. It also includes breach of any records, internal information of the company or its confidential reports.
Normally, cyber liability insurance covers financial losses that result from data breaches and other cyber events. Most cyber policies include both first-party and third-party coverage[iv].
1. First-party coverage
First-party coverage is insurance between the policyholder (the first-party) and the company providing such insurance (the second-party). An example of first-party insurance coverage would be a computer owner who suffers from any cybersecurity breach. Here, the computer owner will try to cover the damages directly from the insurance company. But, some other categories are also covered by first-party coverage such as;
- Damage to electronic data- It covers the cost to replace or restore electronic data or programs destroyed or stolen in any kind of data breach. The loss must result from a cyberattack, a denial of service attack or a virus. The cyber insurance policies also include the hiring of experts or consultants to help, preserve or reconstruct the data.
- Loss of income and extra expenses– The cyber insurance policies also cover the income losses which a company or an individual may suffer due to cyber-attack. It also covers the other expenses incurred due to the network provider system has been breached or hacked.
- Cyber extortion– The cyber insurance policy also applies when a hacker breaks into the computer system of the policyholder and threatens him/her to commit a criminal act like damaging personal data, introducing a virus, releasing confidential data, or initiating a denial of service attack for some valuable securities like money.
- Cyber Defamation– Some of the policies also cover the costs of causing harm to the reputation of the policyholder due to data breach or unethical behaviour of any individual hacking the company’s confidential data.
2. Third –Party coverage
In a third party insurance claim, there are three parties involved. The first one is the policyholder or insured individual, the second is the insurance company and the third party is another individual. The policy is made by a person who is neither an insurance holder nor an insurance company. The most common type of third party insurance claim is the liability claim. For example, due to some cyber-attack on the computer system of a company, personal information of its customer is leaked. Then, in this case customer can claim the money from the company and it would be covered under the third party coverage.
Some of the areas covered by third party insurance are as follows;
- Network Security and privacy liability- It covers the claim against the negligent action of firms like unauthorized access, the introduction of the virus, cyber-attack or other security breaches of a system of the policyholder.
- Electronic Media Liability- the third party insurance coverage also included the lawsuits against the first party for acts like libel, defamation, invasion of privacy, copyright infringement or breach of the domain name. It may result only when there is a publication of data on the internet by the policyholder.
- Regulating Proceedings- The insurance also covers the fines or court fees or cost for hiring an advocate to assist in case of data breach by first party.
Cyber Insurance Providers in India
There are many insurance policies provider in India, such as Bajaj Allianz General. HDFC, ERGO General, ICICI Lombard, TATA Aig etc, These firms provide comprehensive cyber insurance that primarily covers the aspects of security breach coast, cost of investigation, data recovery cost or intellectual infringement. But cyber insurance does not cover any bodily injuries or property damages caused as a result of a cyber attack. Additionally, one can buy this policy who has attended the legal age of 18 years.
Cyber insurance policy has certain clauses mentioned in the agreement. For example, in Bajaj Allianz have mentioned 10 sub-clauses under the individual Cyber Safe Insurance Policy and each of these clauses have sub-limits. The claim for phishing, email spoofing and social media cover have a maximum limit of 20%, 15% and 10% respectively[v].
The specified events covered by such policy providers are unauthorized online transaction fraud, phishing, email spoofing, identity theft, cyberbullying, malware attacks, media liability, cyber extortion.
Major Cyber attacks in India
1. UNION BANK OF INDIA HEIST (JULY 2016)[vi]
The incident happened through a phishing email sent to an employee of the bank, where hackers accessed the credentials to execute a fund transfer, swindling Union Bank of India of $17 million; prompt action helped the bank recover almost the entire money.
2. WANNACRY RANSOMWARE (MAY 2017)[vii]
The global ransomware attack took its toll in India with several thousand computers getting locked down by ransom-seeking hackers. The attack also impacted systems belonging to the Andhra Pradesh police and state utilities of West Bengal with high magnitude risk and loss.
3. SIM SWAP FRAUD (AUGUST 2018)[viii]
Two men from Navi Mumbai involved in fraudulent activities concerning money transfers from bank accounts of numerous individuals by getting their SIM card information through illegal online banking. They were accused of transferring 4 crores Indian Rupees.
4. UIDAI Aadhar Software Hacked (SEPTEMBER 2018)[ix]
A massive breach of a personal record of 1.1 Billion Indian Aadhar cardholders was held under breach of security. UIDAI revealed that around 210 Indian Government websites had leaked. Date leaked includes Aadhar, Pan and mobile numbers, bank account numbers, IFSC codes and personal information of the cardholder.
5. BOYS LOCKER ROOM (MAY 2020)[x]
The group of boys between the ages of 15-20 years leaked screenshots of the private Instagram chat group sharing photos of underage girls, objectifying them, and planning gang rapes. Propagating rape culture and threatening to reveal obscene photos. The case is registered under Section 465(forgery), 469(forgery for harming reputation), 509(intending to insult modesty of women) of the IPC and 67 & 67A of IT Act, 2000.
The need to have a cyber insurance policy is extremely important. The cyber-attack or threat of security breach may hinder the performance of the company. Insecurity due to the act of an unauthorized person or damages owing from cyber extortion, reputational loss or privacy landscape leads to a heavy loss. The policy coverage offered by various concerning companies are at high demand due the inferiorities suffered from the hacker. The awareness on cyber insurance is need for the hour and individual or company must take a step to protect their data from external interference and outrage.
Frequently Asked Questions (FAQs)
1. What data are covered by cyber liability insurance?
The following are the data cover by the cyber liability insurance is Personal Health information, personally indefinable information, confidential third-party information, data hosting or data storage.
2. What losses are not covered?
Cyber insurance policies exclude coverage for certain losses such as breach of contract, criminal liability, unfair trade practices, or claim arises from intentional, deliberate, dishonest criminal act or omission committed by insured.
3. What is the process for buying cyber insurance?
The steps include i) Work with an experienced broker, ii) conduct a security assessment to reduce premium, iii) implement security controls that reduce premium.
[i]Kim Lindros, What is cyber insurance and why you need it, CIO, https://www.cio.com/article/3065655/what-is-cyber-insurance-and-why-you-need-it.html
[ii]Manish Dokania, In India: Cyber Insurance https://www.scribd.com/document/420616592/Cyber-Insurance-In-India-pdf
[iii] Cyber Insurance in India, DSCI https://www.dsci.in/content/cyber-insurance-in-india
[iv] Sasha Romanosky, Content Analysis of Cyber Insurance Policies: How do carriers write policies and price cyber risk?, Content Analysis of Cyber Insurance Policies – WEIS 2017 weis2017.econinfosec.org › WEIS_2017_paper_28
[v] BAJAJ ALLIANZ CYBER SAFE INSURANCE POLICY COVERAGE, bajaj allianz , https://www.bajajallianz.com/cyber-insurance/buy-online.html? _
[vi] How Union Bank was hacked and got its money back, LiveMint https://www.livemint.com/Industry/xuBJNapRGBrtl05iEAvsYO/How-Union-Bank-was-hacked-and-got-its-money-back.html
[vii]Josh Frulinger, What is WannaCry ransomware, how does it infect, and who was responsible?, https://www.csoonline.com/article/3227906/what-is-wannacry-ransomware-how-does-it-infect-and-who-was-responsible.html
[viii] Cybercrime police arrest two for SIM swap fraud, The Times of India https://timesofindia.indiatimes.com/city/nashik/cybercrime-police-arrest-two-for-sim-swap-fraud/articleshow/65277019.cms
[ix] UIDAI Aadhaar Hack: New Analysis Shows Hackers Changed Enrolment Software Code In 26 Places, Huffpost, https://www.huffingtonpost.in/2018/09/14/uidai-aadhaar-hack-new-analysis-shows-hackers-changed-enrolment-software-code-in-26-places_a_23525828/
[x] Boys Locker Room’ case, https://www.newindianexpress.com/nation/2020/may/05/boys-locker-room-case-15-year-old-held-in-south-delhi-10-others-identified-2139576.html