Cyber Security Insurance: In today's era, cases of cyber fraud are increasing continuously. The incidents of online fraud are coming to the fore. In such a situation, it is necessary to get 'cyber insurance' for security. Cyber insurance will not only cover you against any financial loss arising out of cyber threats but will also cover other related expenses related to data restoration, any regulatory action, or litigation. We have spoken to Sanjay Dutta, Chief Underwriting, Reinsurance and Claims, ICICI Lombard GIC, about this.

What is cyber security insurance?
Cyber insurance or cyber security insurance provides coverage to customers from activities such as bank account fraud, unauthorized transactions, and much more. Till now there are 2 types of products for this. There are corporate cyber liability policies for corporates and retail cyber liability policies for individual buyers. Also, there is a growing segment of B2B2C, where a corporate buys policies for its customers or offers them to buy them on its platform or application.

The number of claims increased after the pandemic
The number of claims before the coronavirus epidemic was comparatively less. Mainly only specific sectors like BFSI and high net worth corporates were the target of hackers. However, after Kovid, there has been a huge increase in the number of claims in many different industries. Email compromise and ransomware attacks have been seen as major contributors.

In what kind of cases claims are increasing
We have seen a manifold increase in the number of cyber information since last year. These cyber-attacks have mainly been a combination of ransomware and business email compromise attacks. Due to interruptions in business, a large number of claims were seen, as cyber attackers are becoming more clever than before. Along with this, a disturbing trend of large-scale data exfiltration has also been observed, due to which claims of data liability have come to the fore.

What to consider while giving cyber insurance
While giving insurance, apart from reviewing the risk, a comprehensive evaluation of the company is done. The risk is assessed keeping in mind 3 key pillars. For example, how strong is the human firewall, how mature are the internal processes and how well are the technology ie safety controls arranged? This assessment is done through reviews of information security policies, business continuity plans, nature of data, industry, geographic presence of their operations, and external scans.

Additional consideration
a. Educating and training the workforce

b. Information security certification such as ISO 27001

c. Policy regarding data collection and storage (GDPR, Personal Data Protection Bill, and IT Act)

d. Frequency of external audits and progress in addressing weaknesses