Insurance Advisory: CYBER SECURITY INSURANCE- NEED OF THE HOUR – November 2021

Cyber-attacks and data breaches have become a reality in today’s digital world. According to a recent circular issued by the Insurance Regulatory and Development Authority of India (‘IRDAI”), there has been an increase in the number of cyber-attacks on personal computer networks and routers since professionals have been working from home during the COVID-19 pandemic (the IRDAI Circular on cyber-attacks). The dual challenge businesses now face is to preserve their own information as well as to safeguard the information of their clients. Cyber insurance is a type of insurance that protects organisations from the losses resulting from cyber-attacks, data, and network security breaches (“Cyber Insurance”). Cyber Insurance covers the claims of third parties, fees, expenses, and legal costs as a consequence of cyber breaches such as network security breaches, loss of client/employee data loss or cyber-attacks (“Cyber Event(s)”).

WHO SHOULD PROCURE A CYBER INSURANCE

Following organisations should consider procuring a Cyber Insurance:

1. IT or ITES businesses,

2. IP led companies with internet-based business

3. Businesses engaged in customer data management, digital advertisement

4. Manufacturing companies/original equipment manufacturers with dependency on cloudbased data or servers for the critical operations

5. Businesses in the cloud or cloud-based services domain etc.

COVERAGES OFFERED IN A CYBER INSURANCE

Cyber Insurance typically protects the organisation (“Insured”) from data breaches, viruses, or other cyber-attacks (for both first-party losses as well as third party losses). To clarify, the first party loss under the Cyber Insurance policy would cover instances of damages to the Insured such as data loss, business interruption costs, public relations expenses, costs of forensic analysis, data restoration costs (“First Party Loss”) and a third party loss would generally cover costs associated with legally mandated notifications and other legal expenses on account of claims asserted against the Insured by a third party (“Third Party Loss”) as a result of any Cyber Event.

WHAT DOES A CYBER INSURANCE POLICY COVER?

WHAT DOES A CYBER INSURANCE POLICY EXCLUDE?

Cyber Insurance policies generally exclude the following events:

1. Dishonest, criminal, and improper conduct

2. Fraudulent act or willful violation of any such law, regulation by an Insured

3. Bodily injury / property damage

4. Undersized security and contributory loss

5. Data protection compliance gaps

6. Assumed Contractual Liabilities

7. Intellectual property

8. Unauthorised or unlawfully collected data

9. Breach of professional duty

10. External networks failure & internet infrastructure failure

The sophisticated tools used by the hackers have increased the possibility of Cyber Events. The losses resulting on account of the data loss or Cyber Events are unforeseeable for an organisation. Cyber Insurance to a large extent, offers risk mitigation against the unforeseeable and uncontrollable risks, making it a prudent choice for an organisation to include Cyber Insurance in the organisation’s risk management program.

Related Posts