What is the cybersecurity insurance policy?


Amid the ongoing COVID-19 pandemic, there has been increase in incidents of cyber attacks and data breaches. In view of this, the The task force set up by the Insurance Regulatory and Development Authority of India (IRDAI) has proposed detailed regulations to tackle cyber risks.

The committee recommended the introduction of a cyber liability policy It’s okay protect policyholders against cybercrime. The Committee also stressed the importance of coverage for individuals and recommended increasing awareness of these products.

In October 2020, IRDAI set up a committee for civil liability insurance. The committee has submitted its report on this matter.

The report presented by the committee States, “The online insurance policies currently available serve the needs of individuals quite well. But there are some areas in product features and processes that need to be improved. Recommendations made to fill the gaps include the need for flexibility in the insistence of a first information report (FIR) at the time of complaints, clarity in the exclusionary language relating to the respect of reasonable practices and precautions, targeted intrusion, communication unsolicited and need to cover masonry costs etc.

Highlights of the report:

1- The number of Internet users in India is around 700 million. They are estimated at increase in rural and urban areas.

2- In 2019, India was ranked as the second largest online marketplace in the world, next to China.

3- Increase in the number of online banking users is noted by the committee.

Recommendations made by the Committee:

At present, the cyber insurance policies available meet the needs of individuals quite well. However, some areas need to be improved. The committee recommended the following:

1- FIR on higher claims: Insurers should not insist on the Police First Information Report (FIR) for claims up to Rs. 5,000. However, the FIR is a critical requirement to assess claims.

2- Clarity in the language: It is required in exclusionary language related to respect for reasonable practices and precautions. It should also cover masonry costs – loss of use / functionality of the equipment as a result of a cyber incident.

3-Standardization of cyber insurance policy: The committee noted that this is a good idea, but that it may not be able to address all emerging risks and that it will likely limit innovation.

What will the cyber insurance policy cover?

Cyber ​​events First part directly paid or incurred by the insured Liability resulting from a claim or
a survey targeting the Insured
Data breach Emergency response costs Damage
Event management costs Regulatory fines and penalties
Notification fees Defense costs
Cost tracking Investigation costs
Collection costs
Cyber ​​attack Emergency response costs Damage
Event management costs Defense costs
Embezzled funds Investigation costs
Collection costs
Human error Emergency response costs Damage
Event management costs Defense costs
Collection costs Investigation costs
Disruption of insured’s systems BI loss N / A
PCI non-compliance

Emergency response costs Damage
Event management costs PCI penalties
Defense costs
Investigation costs
Electronic media claim

Emergency response costs Damage
Event management costs Defense costs
E-threat Electronic Threat Response Costs Damage
Defense costs

Main features of cyber insurance policy:

1- Politics offers protection in the event of theft of funds due to cyber event / hacking of insured’s bank account / credit card / debit card / mobile wallet by third party.

2- It is also offers protection in terms of defense costs for claims made against the insured by the third party or the affected party identity theft.

3- Politics provides coverage in terms of defense costs for claims made against the insured by the third party or the affected party due to the hack of the insured’s social media account.

4- It provides expenses to prosecute the stalker.

5- Politics covers the costs of restoring data due to malware.

6- It is also provides cover against phishing.

7- According to the committee’s report, it provides protection against fraudulent use of bank account / credit card / debit card / electronic wallet by the third party to make online purchases on the Internet.

8- Politics covers expenses relating to financial losses resulting from a fraudulent email attack and provides fees to sue the perpetrators.

9- He provides defense costs in third party libel / invasion of privacy claims due to the publication / distribution by the insured of any digital multimedia content.

10- It provides protection against extortion losses resulting from cyber extortion threat and provides fees to sue the perpetrators.

11- It is also provides compensation for defense costs and damages in claims filed by a third party against the insured for data breach and / or policy breach.

What is a cyberattack?

According to IRDAI, the fraudulent, malicious or dishonest:

(a) the cause or use of a Security breach,

(b) disturbance or overload of the insured’s systems by a third party for any purpose.

According to a report by Nasscom’s Indian Data Security Council (DSCI) in 2019, India has experienced a second highest number of cyberattacks in the world between 2016 and 2018.

It should be noted that the cyber attack will not include any human error.

Types of cyber attacks:

1- Pishing attacks: A person’s sensitive information, such as bank details, is stolen.

2- Identity theft attacks: Identity theft where the identity of a legitimate user is stolen.

3- Malware / Spyware: Spyware is categorized as a type of malware which facilitates access / damage to one’s computer without one’s knowledge. It collects its personal information and provides it to advertisers, data companies, etc.

4- SIM exchange: A user’s original SIM card is cloned and becomes invalid. The duplicate SIM card can be used to access their online bank account to transfer funds.

5- Filling in the identifiers: This is a kind of cyber attack where stolen account credentials are used to gain unauthorized access to user accounts through large scale automated login requests directed at a web application.

6- Attacks by the man in the middle: These types of attacks are committed during online payments or transactions, etc.

Main cyber risk scenarios

According to a survey by Swiss Re’s global, the four main cyber risk scenarios are:

1- Illicit access to financial identifiers.

2- Identity theft.

3- Loss of data due to a technical problem.

4- Unlawful publication of personal data.

What to do in the event of a cyber event?

In the event of a cybernetic event, communicate with the incident coordinator as soon as possible to reduce any potential / actual loss. Once contacted, the incident coordinator will guide the insured to avoid or contain any cyber event.

Indian government initiatives to fight cyber attacks:

1- In 2018, the Indian government launched Cyber ​​Surakshit Bharat Initiative spread Cybercrime awareness and capacity building on security measures for CISO and frontline IT staff in all ministries from the country.

2- National Cyber ​​Security Coordination Center (NCCC) scan Internet traffic and communication metadata entering the country to detect cyber threats in real time.

3- In 2017, the Indian government launched ‘Cyber ​​Swachhta Kendra’ for internet users to clean their computers and devices by eliminating viruses and malware.

4- The government of India introduced Information Security Awareness and Education Project (ISEA) to raise awareness and provide information security research, education and training.

5- National Computer Emergency Response Team (CERT-In) is the nodal coordination agency for all cybersecurity efforts, emergency response and crisis management.

6- Under the Information Technology Act 2000, The NCIIPC was created to secure the country’s critical information infrastructure. The National Center for the Protection of Critical Information Infrastructures (NCIIPC) functions as the nodal agency for the protection and resilience of critical information infrastructures.

International initiatives to curb Cyber ​​attacks:

1- The International Telecommunication Union (ITU) within the United Nations aim in standardize and develop telecommunications and cybersecurity issues.

2- Budapest Convention on Cybercrime is a international treaty dealing with internet and computer crime by harmonizing national laws, improving investigative techniques and strengthening cooperation between nations. This entered into force on July 1, 2004. It is important to note that India is not a signatory to this treaty.

3- Internet Governance Forum (IGF) gathers all stakeholders – government, private and public sector on the Internet governance debate.

Science, technology and innovation policy (STIP 2020): everything you need to know

“School bag policy, 2020”: everything you need to know


About Author

Comments are closed.