The concept of cybersecurity has traditionally focused on safeguarding data, a crucial and consistent element in the digital ecosystem. Understanding data has become essential for comprehending customers in various sectors, such as finance and healthcare, which have transitioned to digital platforms for increased efficiency. While this digitization brings convenience, it also exposes both consumers and companies to data risks, leading to a significant surge in cybercrime in India, especially in terms of data theft.

Despite India's digital aspirations, there has been a notable rise in cyber-attacks and security breaches in recent years, impacting a considerable number of Indians. The alarming frequency of cybersecurity incidents has raised concerns among corporations, investors, and society at large. 

Between 2019 and 2020, reported cyber-crimes in India nearly doubled, making the country a prominent target for high-tech crime. Additionally, the rapid shift to remote work during the COVID-19 pandemic compelled many organizations to accelerate digital transformation, contributing to a higher incidence of cyber-crime-related incidents.

As reported by the Central government’s Indian Computer Emergency Response Team (CERT-In), the first half of 2023 had witnessed 1.12 lakh cybersecurity incidents. 

A cybersecurity report from a Singapore-based firm called Cyfirma states that India is the most vulnerable country in the world for cyber attacks, facing 13.7% of all attacks. The United States holds the second rank, with 9.6% of attacks, followed by Indonesia and China respectively. 

The report also highlights that India is experiencing a higher proportion of state-influenced cyber attacks compared to the global average, with 72% of attacks being state-sponsored, while the global average is 68%. 

The report indicates that services companies, manufacturing, healthcare, education, retail, government agencies, and banking and financial services are among the sectors at the risk for cyber attacks in India.

As India's internet population grows and the government embraces digitization, the demand for cybersecurity has risen. Prior to the Information Technology (IT) Act of 2000, which addressed cybersecurity, cybercrime, and data protection in a broad sense, India lacked specific laws targeting cyber-attacks and espionage.

Get Free Quote in Minutes

How is India Addressing Cybersecurity?

India has taken multiple measures to mitigate the impact of cyber threats, with the cybersecurity market in the country valued at nearly 140 billion rupees and expected to double by 2025. Organizations in India are increasingly aware of cybersecurity risks, leading to substantial investments in protection and encryption. 

In 2020, India significantly improved its global cybersecurity ranking, moving from 47th place in the previous year to the tenth position. This ranking considered legal and technical measures, capacity-building, and organizational processes. The government's strategy for online security is outlined in the 2013 National Cyber Security Policy, which was awaiting an update as of late 2022.

Given the substantial number of internet users, including children and teenagers in India, there is a growing need for an efficient system to combat cybercrime. The increasing prevalence of social media connectivity and digital payments underscores that cybersecurity is now a necessity rather than a choice. 

While complete elimination of inherent vulnerabilities may be challenging, addressing technology gaps and allocating resources strategically can significantly contribute to solving the problem, creating jobs, and empowering individuals.

To address the rising threat of cybercrimes, there has been a notable expansion in the scope of crime insurance. As organizations undergo digital transformation, cyber insurance has become a crucial solution to mitigate losses related to recovery and damages resulting from cyberattacks. 

What are the Important Steps to Prevent Cyber Risks?

Cyber risk is a significant concern for companies of all sizes and across all industries. Organizations need to take decisive action to strengthen their cyber defenses and manage their cyber risk through the combination of cyber insurance, secure devices, domain expertise, and technology.

This involves a systematic approach, encompassing assessment, implementation of robust technologies, and securing appropriate cyber insurance coverage.

Step 1—Assess

The initial phase involves a comprehensive evaluation of cyber readiness conducted by a trusted professional services organization. This step entails a thorough security audit, laying the groundwork for the subsequent acquisition of tailored cyber insurance.

Step 2—Implement

Following the assessment, organizations must implement advanced technologies that fortify the elements they intend to protect through cyber insurance. This may involve deploying anti-malware solutions to counter the looming threat of malicious software.

Step 3—Insurance:

Having established robust processes and technologies, the organization becomes eligible for cyber insurance coverage from a reliable provider. This ensures a holistic approach to risk management, safeguarding against potential cyber threats.

How Can Cyber Insurance Ensure Cybersecurity?

Cybersecurity insurance or cyber insurance is an insurance product that protects businesses against the prevailing risk of cyber crime activities such as data breaches and cyberattacks. Like other insurances, cyber insurance intends to protect businesses from financial risks, resulting from different potential disasters. In this case, the cause of disaster is a cyberattack.

Further, it helps businesses cut down on the costs of internet-based threats affecting information governance, IT infrastructure, and information policy. It is important because traditional insurance products and commercial liability policies generally don’t cover these costs.  

Looking at the vulnerability of businesses to cyberattacks involving devices, applications and networks, the importance of cyber insurance is growing exponentially for all businesses. That is because the loss, theft, or compromise of data can leave a detrimental impact on a business. The effect may include losing customers, reputation, and revenue. 

Also, businesses may fall in a situation where they may become responsible for the loss or theft of data belonging to others. Cyber insurance is designed to shield businesses from the impact of cyber events, including acts like cyber terrorism, and aid in resolving security issues.

Let’s understand this with an example:  

In 2011, hackers broke into Sony's PlayStation Network, exposing the personal information of 7.7 crore users. The attack was so severe that the network users could not access the service for 23 days. The attack cost Sony a hefty $171 million (approximately INR 1416 crore). 

Sony could have prevented the loss if it had cyber insurance. But unfortunately, Sony had to pay the full amount for the damage caused by the cyberattack.

What are the types of Cyber Insurance Coverage?

Insurance providers have customized plans specific to the industry, catering to the personalized needs. 

Here are the major types of coverages available under cyber insurance in India:

First Party Expenses:

  • It includes business interruption costs, direct financial loss, , credit monitoring, system damage, mitigation and recovery expenses, and additional costs incurred due to a cyber incident.

Regulatory Investigation Cover:

  • Addresses costs associated with regulatory investigations, administrative expenses, lawyer’s fees, and GDPR compliance expenses.

Crisis Management Expenses:

  • Includes expenses for forensic IT audits, security consultation, stakeholder notifications, reputation and damage coverage
  • Also encompasses the costs involving credit and identity theft monitoring, cyber stalking, and counseling, coordination with service providers, and cyber extortion (ransomware cover) among others.

Privacy and Data Liability Claims

  • Comprises third-party legal liability resulting from errors, privacy breaches, or security breaches by a company. 
  • This includes damages related to intellectual property rights infringement, defamation, and lawsuits.

What Does Cyber Insurance Cover?

Cyber insurance is designed to cover various risks associated with cybersecurity. The coverage typically includes:

  1. Data breaches: This involves incidents where personal information is accessed or stolen without proper authorization.
  2. Ransom demands: In case of ransomware attacks, where attackers demand payment to unlock compromised data, cyber insurance helps organizations cover the associated costs. However, paying ransoms is discouraged by some government agencies.
  3. System damage repair: Cyber insurance policies often cover the costs of repairing computer systems damaged by a cyberattack.
  4. Data recovery: Businesses can use cyber liability insurance to fund the recovery of any data compromised during an attack.
  5. Customer notifications: Cyber insurance assists businesses in covering the costs associated with notifying customers of a data breach, especially when personally identifiable information (PII) is involved.
  6. Recovering personal identities: Coverage helps organizations restore the personal identities of customers affected by a data breach.
  7. Liability for losses incurred by business partners: Coverage extends to losses experienced by business partners with access to the organization's data.

The specific details of coverage can vary between providers and plans, but these areas represent common elements addressed by cyber insurance policies. You can BimaKavach for specific information related to your business.