Cyber insurance: How it can protect small and medium businesses

Growing cyber-attacks in the country are a matter of serious concern for micro, small, and medium enterprises (MSMEs).

October 8, 2022 18:48 IST

Know how insurance can protect MSMEs from cyber attacks.

In today’s world, the accessibility of the internet has benefited people in many ways, but some of them are using it unethically by taking undue advantage in order to fulfil their ulterior motives. The rate of cyberattacks in India is steadily increasing day by day. Globally, In 2021 alone there were 1037 cyber-security incidents targeting Small and Medium Enterprises.

MSMEs consisting of a total of 6.3 million units contribute over 28% to the Indian GDP along with providing employment to over 11 crore people. Therefore, their protection from cyber-attacks should be the ultimate priority. In order to strengthen the cyber-security ecosystem, the Ministry of Electronics and Information Technology (MeitY) has proposed the appointment of an Information Security Officer for Micro, Small and Medium Enterprises. Information security is mandatory for almost all financial services organizations in addition to being a prerequisite for ISO 27001 certification.

How susceptible are MSMEs to cyberattacks?

Growing cyber-attacks in the country are a matter of serious concern for micro, small, and medium enterprises (MSMEs). Large organizations have strong standard operating procedures when it comes to cyber security. Hackers thus, find it difficult to target them. In order to make ends meet, they are making a shift towards smaller organizations. MSMEs, with their limited understanding of cybersecurity-related risks and limited capital allocation for the purpose, are becoming a target of these hackers.

Impact of Cyber-Attacks on MSMEs

The impact of cyber-attacks on an organization can be manifold, ranging from loss of reputation, loss of data, legal and regulatory actions, and huge financial losses, which ultimately can result in the bankruptcy of the organization, thus leading to the business getting closed.

Loss of Reputation: When customers’ and clients’ private information is lost, they lose faith or confidence in the company, which in turn causes a decline in revenue and, eventually, a loss of reputation for the organization that was the target of a cyberattack.
Loss of Data: One of the detrimental impacts of a cyber-security breach can be the loss of customers’ confidential data.
Legal and Regulatory actions: On being responsible for someone else’s data, the breach can result in legal and regulatory consequences i.e., on breach of confidential data there can be huge fines and penalties imposed by regulatory authorities.
Financial Losses: Cyber-attacks can have a direct impact in terms of financial losses resulting from money, data or intellectual property theft or software or damage to the hardware or software of the organization.

Cyber Insurance as a Risk Mitigation Tool for MSMEs

Cyber insurance is a risk mitigation product in case of any loss to MSMEs due to cyber-attacks. It provides protection for MSMEs with respect to first-party costs and third-party liability arising out of a cyber breach.

Key coverages provided by the Cyber insurance policy for MSMEs are as follows:

Data Liability: The policy provides coverage for damages or defense costs due to claims arising out of the loss of personal or corporate information.
Administrative Investigation and Fines Cost: Payment of fees for legal advice and representation in connection with any regulatory investigation and the fines arising out of such an investigation.
Customer Response and Reputational Expenses: If a data breach occurs, this will cover costs incurred to maintain reputation and provide support to the insured’s clients, such as a public relations firm to help repair damage to brands; legal costs for notifying affected customers or offering credit monitoring services; setting up call centres for concerned customers and bringing in IT forensic teams to ascertain the cause of the data breach and potentially remove the hacker from the system.
Data Recovery and Business Interruption Costs: Covers costs incurred to restore, recollect or replace affected data stored at premises or at an external backup Data Center or storage facilities and costs of loss of revenue due to network downtime due to security breach.
Incident Response Cost: The policy provides for payment of fees incurred in the investigation, collection of information, or notification to data subjects or any regulator of any breach of data security or of any data protection law.
Cyber Extortion: Covers the cost of specialists engaged in investigation and negotiation and the ransom paid to avoid the threat becoming real.

However, in case of extreme breach situations, Director and Officers Liability Insurance and Crime Insurance Policy can also provide coverage. The Directors and Officers Insurance policy provide coverage for the payment of defense costs, investigation costs, and public relation expenses for third-party claims arising out of wrongful acts by directors or officers in the performance of their managerial duties. The Commercial Crime Insurance policy, on the other hand, provides coverage for loss of money, security, and loss of other property caused due to theft committed by an employee.

(Manoj Kumar A S, Director – Liability Head and Mumbai Branch Head, Global Insurance Brokers Pvt Ltd . Views expressed above are those of the author)

Get Live Share Market updates, Stock Market Quotes, and the latest India News and business news on Financial Express. Download the Financial Express App for the latest finance news. .

This article was first uploaded on October eight, twenty twenty-two, at forty-eight minutes past six in the evening.