Most businesses rely on online services to carry out their day-to-day activities. Attendance, payroll, inventory, and other processes can be managed online today due to the advancements in digital technologies. However, as online data is stored on systems, they are susceptible to data breaches and hacking. Miscreants often use the financial and personal information that is available online to execute online frauds. To prevent losses due to such events, businesses can subscribe to cyber risk insurance.
What is cyber risk insurance?
Cyber risk insurance aka cyber insurance is a type of business insurance. It protects the financial interests of a business from potential online frauds and risks. Cyber threats and crimes such as data thefts, data manipulation, and phishing not only affect the assets and financial interests of a company but also puts a permanent stain on their reputation. By availing a cyber risk insurance policy, companies can secure their future and reputation.
Why should businesses get cyber risk insurance?
Online systems and data are often prone to viruses, malwares, and other types of cyber attacks. Businesses invest heavily in recovering their systems and protecting their data from such events. A cyber risk insurance covers the costs involved in recovering from such an event.
For example, an employee who had been terminated by your company sells the private customer data to a scammer. It is quite possible that the scammer misuses it to hack their bank accounts. The affected customers can file a case against your company for identity theft.
Cyber risk insurance will help you recover the costs incurred to investigate the case and rectify your damaged reputation. The legal costs will also be covered and
finally, everything will be settled. Imagine the heavy losses your company would suffer if it did not have a cyber risk insurance policy in place!
Key features of Cyber Risk Insurance
- Wide Coverage: Cyber threats and crimes are dynamic in nature. A cyber risk insurance provides a wide coverage that includes protection from identity theft, cyber stalking, malware attack, data phishing, and more. It insures the financial interests of a company completely as it includes both first party and third party liability cover. First party coverage includes protection from the losses that are directly linked to a company. A third party coverage provides protection from the losses due to the legal claims of a third party (employees, vendors, or customers) who suffer due to a cyber crime.
- Easy accessibility: Cyber insurance policies can be easily availed online from a business insurance provider. Businesses can also renew the policy online after completion of the policy tenure.
- Cover for investigational expenses: A company that gets affected due to a cyber crime or attack may hire a private investigating agency or forensic team for investigating the matter. The costs involved with the payment of the fees charged by the investigating agency is also covered under cyber risk insurance.
- Public relations costs: To minimize the damage to a company’s reputation after a cyber attack, it may arrange a press conference with the media. Also, all the stakeholders must be taken into confidence by arranging meetings. The clients, vendors, and customers should be immediately alerted about the incident. The costs associated with managing public relations after such an event is also covered by a cyber risk insurance policy.
Characteristics of Cyber Risk Insurance
- Network security: Network security coverage is an important element in cyber insurance. It covers a business from malware attacks, cyber extortion, data breaches, ransomware and other types of network security failures.
- Privacy liability cover: Privacy liability coverage is included to protect the company from losses incurred due to data breaches of employee and customer data. It includes the legal expenses and government penalties that can be incurred after a cyber attack or crime.
- Business interruption due to network failures: A network failure caused due to a software error, human error, or third-party attack can is also covered under a cyber insurance policy.
- Media liability: A cyber threat or crime may also affect the social media image, advertising, or other marketing plans of a company. Therefore, most cyber risk insurance providers provide coverage against these events.
- Errors and Omission: An E&O coverage helps a company prevent the losses caused due to failure in fulfilling the contractual obligations due to cyber attacks or crimes. E&O coverage is also beneficial for doctors, engineers, architects, and other professionals who suffer due to technological failures and data breaches. It is also recommended for companies that provide technology services like online consultation, software services, etc.
Types of Cyber Insurance
A comprehensive cyber insurance in India covers both first party and third party liabilities. However, these are the types of cyber insurance policies that are offered as per the requirements of various businesses:
- First Party Cyber Insurance: This type of cyber insurance provides coverage for online frauds, thefts, forensic expenses, business interruptions, data loss, and related cyber crimes.
- Third-party Cyber Insurance Coverage: It provides coverage against regulatory expenses, litigations, crisis management expenses, credit monitoring, media liability, and liabilities due to privacy breaches.
- Crisis Management Insurance: The costs incurred to manage different types of crisis are included in this type of cyber insurance. It includes reputation damage cover, cyber extortion cover, forensic audit costs, notification expenses, and other related expenses.
- Regulatory Investigation Cover: It only covers the costs associated with regulatory investigations, fees of lawyers, GDPR (General Data Protection Regulation) expenses, etc.
Cyber Insurance Plans Available in India
Name of the Plan | Sum Insured | Policy Period | Key Features |
HDFC Ergo Cyber Insurance Policy | Rs. 10,000 to Rs. 5 crores | 1 year | Age limit: 18 years and above. Children can also be included under family cover policies. Waiting Period: Not applicable. CSR (Claim Settlement Ratio): NA This plan is applicable for individuals, professionals, and entrepreneurs. Identity theft coverage is included in this policy. Flexibility of customizing the plan as per your required is provided by this cyber risk insurance plan. Economical premium starting from Rs. 2 per day You can protect multiple digital devices with this plan. No upfront payment is to be done to get coverage due to the zero deductible policy. Cover for cyber extortion, online shopping, cyber bullying, privacy breach, malware, and data restoration is included in this cyber insurance policy. Legal suits filed by family members, crypto currency and other investment losses, cost of upgrading devices, gambling, and workplace activities are not covered in this policy. Online frauds and thefts are covered in this policy. |
Cyber VaultEdge by SBI General Insurance | Rs. 10,000 to Rs. 1 crore | 1 year | Age limit: 18 years and above Premium starts from Rs. 3.15 per day No deductibles are applicable. Waiting period: Not applicable CSR (Claim Settlement Ratio): NA Numerous devices like mobiles, laptops, etc. can be covered under this policy. The wide coverage provided by this cyber fraud insurance policy includes coverage for identity theft and theft of funds. You can pick the sum insured and coverage as per your requirements. All sorts of cyber risks are covered. It includes coverage for privacy breach, data breach, and liability coverage. Data restoration coverage is included in this policy. Cyber bullying and online shopping are covered by this cyber insurance policy. Workplace or business activities carried out intentionally, investment and trading activities, damage or loss of tangible property are not covered by this policy. |
Cyber Insurance by Bima Kavach | Rs. 1 lakh onwards | 1 year | Early Stage Plan: For businesses up to 50 employees and up to 10 crores revenue. Growth Stage Plan: For businesses having 50 to 500 employees and revenue ranging from 10 to 50 crores. Late Stage Plan: For businesses having 500 to 2000 employees and revenue above 50 crores. Cyber extortion, data frauds carried out by employees, damage to reputation, data restoration costs, losses due to business interruption, and malware intrusion are covered by this policy. Exclusions include email spoofing, phishing, physical injury, incidents/litigations before policy initiation, damages caused due to war or government acts, and other uninsurable matters by law. |
Cyber Insurance by Bajaj Allianz | Rs. 1 lakh to Rs. 1 crore | 1 year | Age limit: 18 years or older Sublimits: Identity theft cover – 10% of liability Social medial cover – 10% of liability Cyber stalking cover – 10% of liability Theft loss cover – 25% of liability Malware cover – 10% of liability Phishing cover – 25% of liability Email spoofing cover – 15% of liability Media liability claims cover – 10% of liability Cyber extortion cover – 10% of liability Privacy breach and data breach by third party – 10% of liability Discovery period: 1 month CSR : NA Identity thefts, cyber stalking, malware attack, IT theft loss, phishing, email spoofing, cyber extortion, and media liability claims are covered under this cyber risk insurance policy. Property damage or body injuries, telephone marketing, unsolicited communication, wiretapping, video or audio recordings, collection of client data through unauthorized means, extremist, racist, and pornographic services are not covered by this policy. |
Inclusion & Exclusion Under Cyber Insurance
What’s covered?
- First party costs including IT forensics, data restoration, legal expenses, sending breach notifications to consumers, etc. are covered in a cyber insurance policy.
- The losses inflicted due to breach of the privacy of employee and customer details are covered by the cyber risk liability insurance policy. Other types of privacy liability coverage are also provided by a cyber insurance policy.
- For example, fines, penalties, or legal costs incurred due to the recommendation or law enforcement conducted by a government body are covered in this policy.
- Security failures due to third-party hacking and system failures caused due to software glitch or human error are covered in this type of policy.
- A data breach may disturb a person mentally and emotionally. Some cyber risk insurance policies cover the costs required to deal with such anguish and distress.
- Email phishing, cyber extortion, cyber stalking, email spoofing, and identity theft are typically covered by most cyber insurance plans.
- A media liability cover is also included in cyber risk liability insurance. Malware attacks are also covered by such a policy.
What’s not covered?
- If the losses are due to an illegal or dishonest activity carried out by a company, they are not covered by the insurance provider.
- A cyber insurance policy typically does not cover the losses caused due to copyright infringement. A company must subscribe to an intellectual property insurance policy to protect their patents and copyrights.
- If the company does not reveal some of their details purposefully while filling the insurance application form, the losses will not be covered by the provider.
- The damages caused to a company due to an insurrection, war, or invasion are not covered by a cyber fraud insurance policy.
- If a company suffers a loss due to lack of security measures, it is not covered by cyber risk liability insurance.
- The data breach or any other cyber crime that occurs on a third-party vendor’s device or system will not be covered under the cyber insurance policy.
- If a physical electronic device is lost or stolen, the cyber insurance claims will not be obliged by the insurance provider. The portable devices can be insured through property insurance.
- The cyber insurance coverage may also not include the losses caused due to network congestion or technical issues.
- Losses caused due to natural disasters like earthquakes, flood, famines, etc. are also not covered by such policies.
- Data of obscene, immoral, and extremist form are not covered by a cyber risk insurance policy.
- Damage to the property or physical injuries due to breakdown or illnesses are not covered by these policies.
Who can buy cyber risk insurance?
- Companies that rely heavily on technology can avail a full-fledged cyber insurance policy. The companies that use technology or data for only some processes or departments can subscribe to a limited cyber insurance policy.
For example, a manufacturing company that uses only attendance management software can subscribe to cyber insurance with only identity theft and other basic features. However, a software development or service providing company might need a comprehensive cyber insurance policy that includes coverage for all types of data breaches and cyber crimes.
- Doctors, engineers, graphic designers, and other professionals who use technology on a daily basis to enhance their services and manage their customer database must get cyber insurance.
- Small business owners and shop owners who use technology for customer retention, public relationship management, and marketing may also need a cyber insurance policy.
- Hotels, traders, brokerage firms, and educational institutes that leverage technology for improving their business must get such a policy.
Things to consider while getting a cyber insurance policy
Before getting a cyber insurance policy, a company can focus on these aspects:
- Type of data handled or collected by it
- Which type of data storage and backup methods does it employ? Are they secure enough?
- Does it use an app or website to store the data of employees or customers?
- Do third party vendors access its IT infrastructure?
- Does it ask employees to bring their own devices? Are these devices encrypted and secure?
- What kind of budget can it spare for cyber risk insurance?
- Inclusions and exclusions of a cyber fraud insurance policy.
Sum Insured
After evaluating its risk exposure, a company should choose the sum insured prudently. Sum insured ranging from Rs. 1,00,000 to Rs. 1,00,00,000 or even more are available in the market. The companies must also analyse the type of coverage and benefits included in the cyber risk insurance policy.
Costs & deductibles
Companies must also consider the premium or cost they need to spend to get a cyber insurance policy. If the premium is worth the risks, they must go ahead and subscribe to the cyber risk insurance policy. They must carefully evaluate the deductibles i.e. the amount that they are required to pay from their end before the insurance kicks in.
Experience and reputation of the insurer
Companies should also check the reputation and experience of the insurance provider. They should cross-verify the reputation of the insurance provider through online reviews of their clients.
Online application and complaint redressal
Companies must also check whether the insurance provider offers a dedicated online customer support service to resolve their complaints. Also, they must check whether the features like online policy application, revaluation, and renewal processes are offered by the insurance provider.
When can you claim cyber insurance?
Companies should raise a cyber insurance claim immediately after the occurrence of the cybercrime or privacy/data breach.
Step 1: Inform the insurance provider immediately
Companies should contact the insurance provider immediately after discovering the data and privacy breach conducted by a third-party. Generally, policyholders are requested to raise the cyber insurance claims within 24 or 48 working hours. They have access to a free helpline number which they can use to contact the support team.
Step 2: Fill the claim form and submit evidences and supporting documents
After that, the policy provider will provide them with the application form. The company will have to fill the form completely without missing any crucial details. They should also provide all the relevant documents or information that validate their claim.
Step 3: Wait for the verification process to be completed
Once the claim application is submitted, the policy provider will contact the forensic experts and verify the validity of the claim. Upon verifying the claim application, the sum insured is paid to the company within a week.
Documents to submit for verifying the legitimacy of the cyber insurance claims
- FIR copy
- Legal notice copies (if received by the company)
- Court summons copies (in any)
- Correspondence details conducted with financial firms associated with IT theft losses
- Legal notices filed by the company against a third-party for data or privacy breach
- Criminal cases filed against the third-parties involved in the cyber crimes
- Invoice copies substantiating the restoration or recovery expenses
- Documents that substantiate the losses incurred to the company
FAQs
What is general liability insurance?
General liability insurance protects your business from third-party legal claims. A comprehensive cyber fraud insurance policy includes general liability insurance to provide protection to businesses that suffer from financial losses due to legal disputes or notices sent by third parties. These disputes or notices are mostly sent after a fault in service or technical error. Though general liability insurance is covered by some cyber insurance policies, companies must confirm with the insurance provider about the same before getting the policy.
On the contrary, having a general liability insurance policy is not enough to get protection from cyber liability. It is because general liability insurance mostly covers property damages and bodily injuries due to the products and services of your company. Therefore, cyber insurance is mostly excluded from this type of policy.
Does a cyber insurance policy cover email spoofing or phishing?
Email phishing or spoofing is a cyber fraud that is covered by most cyber risk insurance plans. However, it is recommended that you opt for both crime insurance and cyber insurance coverage as the phishers or hackers usually do these activities to steal your private data and cause a potential financial loss. You can also subscribe to a comprehensive cyber insurance policy that provides protection from cyber thefts.
What does a cyber insurance policy typically cover?
A cyber insurance policy typically covers these things depending upon its terms and policies:
Cyber extortion
Loss suffered due to interruption of the business
Costs included to send notifications and communication to customers, employees, clients, and other stakeholders of the company
Penalties and fines imposed by the government bodies
Privacy liability cover
Cost incurred to restore the identity of the impacted customers
Why is it essential to review each cyber insurance policy?
Different cyber insurance providers offer different types of cyber insurance policies. The types of support and coverage offered by these policies can vary greatly depending upon the cyber insurance provider and policy that you have chosen. Therefore, it is important to go through each policy carefully before choosing one.
Most policies allow you to set limits for specific areas. For example, limits can be set for specific areas like business interruption, crisis management, identity recovery, etc. as per your requirements. As a result, you can manage to maintain the balance between coverage and cost easily. You should ask questions regarding the coverage and other features before applying for a policy. The coverage cannot be adjusted after a data breach and the policy terms will restrict you from making complete use of the cyber insurance.
Which are the factors that affect the cyber insurance policy premium?
The factors that affect the cyber insurance policy premium are highlighted below:
Business Category: Insurance providers review the size of the business, its location, and reputation to understand its exact requirements. Therefore, large scale businesses usually end up paying higher premiums as compared to startups.
Security policies: The security policies employed by businesses to deter cyber crimes and threats are also reviewed by the insurance provider. The premium will be higher if the security policies are weaker and vice versa.
Sum insured: The sum insured chosen by a company also determines the policy premium. If a higher sum insured is selected, the premium would be obviously higher.
What are the things to keep in mind before buying a cyber insurance plan?
Learn the fundamentals of cyber insurance before buying any cyber risk insurance policy. After that, try to understand why you need it and evaluate all the risks your business can get affected from due to cyber crimes and threats. Depending upon that, you can choose the coverage types and sum insured. Also, you must consider