Curiously enough for the internet age, Indian firms fear fire more than they do cyber crime! In the past five years fewer than 200 policies for protection against cyber breaches have been bought and the premium paid has not hit even Rs 100 crore. Of this a good chunk, or 25%, of the premium is estimated to have been paid last year. On the other hand, the premium paid for fire insurance in just 2016-17 alone was close to Rs 10,000 crore. Typically a large-sized bank, insurers say, would buy a cover for around $50-60 million (Rs 325-390 crore), for which the annual premium would be work out to $400,000-500,000 (Rs 2.6-3.2 crore). Currently, premiums for cyber cover a range between 0.5% and 1% of the sum insured. Despite premiums having come down in the last couple of years, the number of policies sold isn’t rising meaningfully.
“The premiums have come down by about 30-40% in the last couple of years because insurers have been able to re-insure the policies with re-insurers. This is largely a re-insurance driven business,” the CEO of a leading general insurance company explained. Moreover, so far there have been virtually no claims in India, so insurers have not really faced any losses on this count.
Barely half a dozen insurers—Tata AIG, HDFC Ergo, Bajaj Allianz, New India India Assurance and ICICI Lombard—today offer a cyber cover product. And while WannaCry will be a wake-up call, it is unlikely to be a tipping point. Sanjay Datta, chief (underwriting and claims), ICICI Lombard General Insurance, believes companies will be more conscious about cyber insurance now.
Among the biggest buyers of cyber cover are IT firms, banks, BPOs, utilities and e-retailers —these are typically the high risk segments. Globally, too the business is relatively new and nearly 80% of this takes place in the US. In India, cyber security insurance cover includes losses from theft, vandalism and cyber liability, among other segments. So far there have been no claims but insurers are keeping their fingers crossed. Interestingly, Insurance Regulatory and Development Authority of India (Irdai) has asked insurers to insure themselves.
Not surprisingly, manufacturing companies are less worried and it’s the banks and services companies that are, understandably, a lot more cautious. The spread of Wannacry has been halted thanks to pure luck but not before an estimated 200,000 customers across 150 countries were infected by ransomware — users found their data encrypted and were asked to pay ransom in Bitcoins in order to be able to use them.