HDFC Ergo plans insurance cover for cyber crimes

Written by Sitanshu Swain | Shruti Ambavat | Mumbai | Updated: Sep 14 2011, 06:13am hrs
Business chases disasters, be it Tsunami or when hackers attack websites. General insurance companies in India, which insure accidents to fire, are sensing business opportunities as cyber attacks or crimes rise. HDFC Ergo General Insurance Company, promoted by home loan lender HDFC and Germanys Ergo International, owned by the worlds largest reinsurer Munish Re, is planning to launch exclusive products to cover companies risks and losses from cyber crimes.

We have developed the product and sent for regulatory approval to Insurance Regulatory Development Authority (Irda), said Ritesh Kumar, chief executive and managing director, HDFC Ergo General Insurance. Irda is the sector watchdog, which protects the interest and secure fair treatment to insurance policies owners.

HDFC Ergos new product will primarily cover three risks regulatory compliance on data privacy, costs and expenses to compensate victims of a company and the companys both tangible or measurable and intangible losses. The new product, the first to cover third party risks, covering the third partys losses, is different from the existing crime insurance.

Crime insurance largely deals with risks which are tangible in nature, said HDFC Ergo General Insurances Kumar. For example, crime insurance will cover risks in case an employee of a company steals money and share certificates and not the other risks when hackers attack e-commerce companies and steal personal data. Such hacking can create a crisis of confidence among customers, who will stop transacting, leading to huge losses for the company, he added. According to Kumar, apart from the direct losses to the company, indirect losses will also be covered in the new policy.

Indian companies, lost an average R58 lakh revenue every year and R85 lakh in productivity from cyber attacks, survey data from Symantec Corp, an American security, storage and systems management provider, shows. Nearly 80% of the content available on the Web is malicious, which affects companies websites and services like netbanking and data released by eScan, an anti virus solution provider owned by American security solutions provider MicroWorld Technologies shows.

Customer interface service providers like mobile telephony and financial services companies face more risks. In mobile telephony, a corrupted software known in technical parlance as malware hacks the customers phone and dials other customers, charging the bill to the unwitting customer. Telecom and banking firms invest 9-10% of their entire IT budget for cyber security, while other industries invest 2-3%, said Lucius Lobo, global head of security services at Tech Mahindra, an information technology provider. Today, cyber security is not just a prerogative of the IT department of a particular company, but is the responsibility of all those in the firm, including the senior management.

Ergo International has helped the company develop the new product on cyber risks. The product will be reinsured, which means HDFC Ergo General Insurance will be passing on the risks to reinsurers. We are yet to price the product, which will be linked to the sum assured by Indian companies, said Kumar. Normally, in liability insurance, the premium is 1-2% of the sum assured of the policy.

Hacking of the websites and credit card data are a common form of cyber attack in India. Online retailers suffer the most and companies come up with concerns on insider threats where the Internet protocol (IP) is at risk and disgruntled employees target confidential information. We spend 10% of our IT budget on ensuring cyber security, said Arun Gupta, group chief technology officer at retail chain Shoppers Stop. Retailers globally, face cyber attack at the point of sale machines and credit card information.

We host a number of critical information of various customers in our datacentre, which can be compromised by various kind of cyber attacks. said Chella Namasivayam, chief information officer at information technology firm iGATE Patni Computers. The threat sources can be internal or external.. Threats like data theft, virus attacks from pen drives, cyber attacks on social networks, phishing attacks and attacks on mobile devices and wireless networks compromises companies data and productivity to a very large extent, he added.

The investments made for protecting the network do add to the losses due to cyber threats and attacks, said Namasivayam of iGATE Patni. Millions of different types of attacks are protected and recorded on our intrusion prevention gateways. Most of the risks arising out of cyber attack are data theft, denial of services, legal implications, business disruptions and impact to the customers, he added. He declined to quantify the losses for iGATE Patni.

The principal challenge facing the insurance industry is the lack of data. Insurance pricing rests critically on an understanding of risks that are being transferred, particularly the frequency of risk and the possible damages that could happen in case of cyber crime, said a senior official of New India Assurance, Indias largest general insurance company by premium collected. Other general insurers have said Indian markets need this kind of new product as companies rapidly develop their e-commerce platforms. We are eager to see how the market responds to this policy from HDFC Ergo General Insurance, said an ICICI Lombard official, who did not wish to be identified as the company do not comment on rivals product..

The Indian e-commerce market will rise by 47% to over R46,000 crore in 2011 calendar year primarily driven by online ticket sales, data released by Internet and Mobile Association of India or IAMAI in June 2011 showed. IAMAI is a not-for-profit industry body whose mandate is to expand and enhance the online and mobile value added services sectors. Indias small and medium enterprises are also reaping the benefits of Internet to grow. Over 57% SMEs said that they now use their website as a sales channel and get direct business leads from their website, Google India study released in June 2011 showed.

Under the IT Act of 2008, and the Indian Penal Code, punishment for cyber crime could range from three years to a life term (the latter is for cases related to cyber terror) and also carries penalties between R1 lakh and R10 lakh.