Shielding against cyberattacks: The rise of cyber insurance in safeguarding businesses

With the surge in data breaches, cyber insurance has emerged as a prominent strategy. According to a Deloitte report, the cyber insurance market in India is poised for robust growth. Currently valued at $50-60 million, the Indian cyber insurance market has sustained a steady compound annual growth rate (CAGR) of 27-30% over the past three years.

This article delves into the pivotal role of cyber insurance in mitigating the impact of data breaches.

What is cyber insurance?

Cyber insurance is a critical component in the arsenal of tools companies use to protect themselves against the financial impact of data breaches. As businesses increasingly digitise their operations, the risk of cyber incidents grows, making cyber insurance a financial safeguard and an essential element of proactive risk management.

Cyber insurance policies cover the costs associated with data breaches, including recovery efforts, legal fees, and damages from business interruption. 

Also Read

53% of web users in India came under cyberattack in 2023: Kaspersky

Cyber insurance as a strategic investment

The perception of cyber insurance is shifting from a mere expense to a strategic investment. It is becoming indispensable for businesses, especially those in sectors heavily involved in digitisation like IT, pharma, and manufacturing. These industries are often the prime targets of cyber criminals and are typically early adopters of cyber insurance.

According to a report from the Insurance Regulatory and Development Authority of India (IRDAI), losses covered under cyber insurance can be categorised into four main areas:

• First-party losses: This includes direct financial losses, costs related to data recovery, business interruption coverage, and expenses for mitigating the impact of cyber incidents.

• Regulatory actions: Costs associated with regulatory investigations, fines, penalties, and legal defence expenses resulting from non-compliance with data protection regulations.

• Crisis management costs: This encompasses expenses for forensic analysis, security consulting, managing reputation damage, legal representation, notification processes, credit and identity theft monitoring, cyber extortion protection, and other crisis management activities.

• Liability claims: Legal liabilities and damages arising directly from data breaches, including claims related to privacy violations, defamation, intellectual property infringement, and associated legal defence costs.

To address cyber risks, small- and medium-sized enterprises can take proactive measures such as educating employees on cyber threats, deploying antivirus software and firewalls, implementing comprehensive cybersecurity policies, and engaging specialised third-party providers. With growing concerns about data protection and compliance obligations under the Digital Personal Data Protection (DPDP) Act, organisations are increasingly motivated to adopt proactive measures to mitigate the risks of data breaches.

Key benefits of cyber insurance

Risk transfer

Cyber insurance enables businesses to transfer the financial risks of cyber threats to an insurer. This means that in the event of a cyberattack or data breach, the insurer will cover the costs that could otherwise be devastating to the business.

These costs can include legal fees, compensation for affected customers, and the expenses related to recovering lost data. Essentially, it's a safety net that allows businesses to manage their financial exposure to cyber risks.

Business continuity

One of the primary concerns for any business experiencing a cyber incident is the potential disruption to their operations. Cyber insurance ensures that companies can maintain stability and continue their operations, even during and after a cyberattack. It covers the loss of income due to system downtime and may also cover the costs of restoring systems and data to minimise the impact on business activities.

Also Read

Widening disparities, growing threats cloud global cybersecurity outlook: WEF

Compliance

With the increasing number of data protection and privacy regulations, such as the General Data Protection Regulation (GDPR), businesses are under pressure to comply with various legal requirements.

Cyber insurance can assist in this area by covering the costs associated with compliance, such as audits, breach notifications, and potential legal expenses arising from non-compliance claims. This aspect of cyber insurance ensures that businesses can meet their regulatory obligations without bearing the entire financial burden.

Incorporating cyber insurance into data privacy

To incorporate cyber insurance effectively, companies should:

Assess coverage

Companies must first identify the potential cyber risks they face, which can vary based on industry, size, and type of data handled. This assessment should consider the likelihood of cyber incidents and their potential impact on the business. Factors such as the value of the data, the company's cyber threat landscape, and existing security measures will influence the level of coverage needed. 

Choosing a policy that aligns with the company's risk profile and provides adequate protection without being excessive is essential.

Understand policy details

Understanding the specifics of a cyber insurance policy is crucial. This includes knowing what types of incidents are covered, such as data breaches, ransomware attacks, or business email compromises. Companies should also know the policy's limits, deductibles, and exclusions. It's important to note whether the policy covers first-party losses (directly impacting the company) and third-party liabilities (impacting others due to the company's data breach). 

Additionally, companies should understand the extent of incident response services, such as forensic investigations, legal assistance, and public relations support.

Integrate with overall security posture

Cyber insurance should be part of a broader cybersecurity strategy. It's not a substitute for strong security measures but a complement.

Companies should continue to invest in preventive technologies, employee training, and regular security assessments. Cyber insurance can serve as a financial safety net, providing resources and support when a security breach occurs. Integrating cyber insurance with the security strategy ensures that the company can leverage the insurer's resources effectively, such as access to specialised legal and forensic services in the event of an incident.

(Nitesh Khare is Managing Director of Zou Global Services (OPC) Pvt Ltd and Vidhivistaar Global Solutions Pvt Ltd.)