By Sushant Sarin
A hacker group in 2014, recognized as the ‘Guardians of Peace’, leaked confidential data from a film studio of a reputed entertainment company. The data included personal information of the employees, a trove of embarrassing mails, film scripts, internal communications, information about executives’ salaries and other information. It damaged not only the reputation of the company, but also caused major loss of data, party damage and collateral economic damage.
Cut to today, it’s the WannaCry ransomware attack — one of the largest cyber-attacks that has affected large and small companies globally. A glance at the daily news reveals the damage done by the attack, where hackers encrypted secure data and demanded ransom in return. India is one of the worst-affected countries hit by the WannaCry attack amongst the 150 countries, as identified by a Russian anti-virus company.
As India rapidly progresses towards digitization, it is essential to have a robust digital security architecture for the prime movers of the economy. However, it is seen that many companies have a lot of ground to cover when it comes to protecting their data assets in the current risk landscape. Companies must continuously improve their cyber security to adapt to the new ways of storing and accessing information, and to keep peace with growing sophistication of cyber criminals. Cyber Liability Insurance provides financial security when even the last mile perimeter has been breached.
Cyber risks have radically increased over the last decade. Data privacy and security are the top most concerns of companies. With India being ranked as one of the top 3 targets of cyber hackers, it is necessary to adopt different types of risk management solutions to manage this risk.
Cyber insurance covers first party as well as third party risks. The cover includes:
Data Liability: Data liability covers third party liability for data breach involving personal data and / or corporate data.
Administrative Obligations: Cyber insurance pays the costs of dealing with administrative investigations and includes cover for fines imposed by data protection regulators to the extent such fines are insurable under law.
Reputation and Response Cost: Data breaches and network intrusions damage the reputation of the business and information security professionals. Cyber insurance pays for services of experts to protect reputation.
Multimedia Liability: The Cyber policy covers liability arising from defamation, invasion of privacy, infringement of copyright and plagiarism.
Cyber extortion: Cyber insurance also covers costs and expenses of dealing with cyber extortion.
Network Interruption: Business interruption due to network interruption is also covered under the cyber policy.
Cyber insurance is, thus, a prerequisite for every enterprise that uses computers and networks in its day-to-day operations. It is one of most effective tools for managing cyber risk.
(The author is Executive Vice President, Commercial lines, Tata AIG General Insurance Company Ltd)