Even as the cyber security threat looms large in India, cyber insurance covers have not picked up in a big way. While the non-life insurance industry received premiums of Rs 1.89 lakh crore in the last financial year, the share of cyber insurance was a paltry Rs 200-220 crore.
According to market players, the issue that needs to be looked at is email spoofing and phishing attacks. To protect investors’ against any cyber frauds or digital risks that could result in a financial or reputational loss, ICICI Lombard General Insurance recently launched a retail cyber liability policy.
According to ICICI Lombard General Insurance, hackers based in China attempted over 40,300 cyber attacks on India in the third week of June, mostly Covid-19 based scams. Attacks were aimed at causing issues such as denial of service, hijacking of internet protocol and phishing.
According to the Internet Crime Report for 2019, released by FBI’s Internet Crime Complaint Centre, India ranks third among the top 20 countries that are victims of cybercrimes.
TA Ramalingam, chief technical officer, Bajaj Allianz General Insurance, said there has been pick-up in the corporate cyber policy in the past five-six years, but individual policy is still at a nascent stage in India. “Corporates are facing challenges on multiple fronts. Say for example, any social media company or a financial institution or a hospital has huge volume of personal data and if fraudsters get hold of that data, it can be disastrous for those companies. Hackers can hack the data and leak in public, which will mean loss of face for those companies,” said Ramalingam.
Officials in the insurance industry say typically, cyber covers are in the range of Rs 40 crore to Rs 200 crore depending on the sector, and premiums are in the range of 1-4% of sum insured. An individual can buy cyber cover anywhere in the range of Rs 5 lakh to Rs 20 lakh.
Milind V Kolhe, chief underwriting and reinsurance officer at Bharti AXA General Insurance, said, “As most of us are working from home and are a fully remote workforce, organizations are facing email threats, end-point security gaps, etc. Business establishments such as banks, hospitality sector, IT companies and hospitals face high risk. There is a threat to the network (software, firewalls, etc), especially on the corporates side, these may get compromised.”
Officials also say many cyber attacks are not publicly known as it is not mandatory in India to report such crimes, and sometimes companies too refrain from it fearing dent in image and reputation.
“In Europe, they have a new cyber law which is called General Data Protection Regulation, implemented in May 2018. As per the Data Security Act, they are mandated to report every cybercrime case. We have an IT Act, but it is not stringent as GDPR”, Kolhe said.