Demand for cyber insurance policies has gone up in the past few years, especially in the wake of the WannaCry ransomware attack of 2017 where computers using Microsoft Windows across the world were targeted by fraudsters, cyber experts said.
Recently, Pune-based Cosmos Bank lost Rs 94 crore in a coordinated digital fraud comprising thousands of online transactions, made possible because of a malware attack on the bank’s systems.
Anurag Rastogi, member of executive management, HDFC ERGO General Insurance, said, “More corporates are opting for cyber security cover. Today, cyber risk has become an integral part of the boardroom discussion in most companies. In India, over 200 companies have already purchased it of which at least 50 per cent are purchasing the product year-on-year. In 2015, we wrote about 12 policies and by 2017 this number has grown by almost 90 per cent.”
Anup Dhingra, president of FINPRO & Private Equity M&A, Marsh India that deals with insurance broking and risk management, said, “The number of corporates opting for insurance cover has been on the rise since the last two years. From one policy in 2014-15, we have now around 230-250 standalone cyber policies in the market. The demand, which initially was from the IT segment, is now coming from all industry segments. After the ransomware attacks of 2017, demand for cyber insurance has seen a sharp rise.”
“Ransomware attacks and the ensuing losses are covered under a cyber liability insurance cover. The policy covers the ransom payment demand made by the hackers, forensic costs involved in figuring out the extent of damage, data restoration costs in the event of loss of encrypted data and further it can be extended to cover any business interruption loss due to operations being affected due to the ransomware attack,” he added.
Sasikumar Adidamu, chief technical officer, Bajaj Allianz General Insurance, said, “The company has seen more than 100 per cent increase in the first quarter of this financial year with respect to the number of cyber insurance policies sold in the same period last year. The number of enquiries has also gone up with a higher conversion rate that clearly indicates not just increasing curiosity in the corporates about a solution for cyber risks faced by them, but also an increasing importance being given to it by the corporates.”
Several banks and government institutions have also been targeted by fraudsters. Last month, a Navi Mumbai-based hospital and hotel became targets of a ransomware attack.
Cyber expert Vicky Shah said, “One of the first cyber policies to come into effect was in 2006. However, when it comes to banks, it was after an RBI circular issued in July 2016 asking them to go for insurance that all of them complied.
While the Information Technology Act does not make it mandatory for people to opt for insurance, it does ask companies to follow reasonable security practices to avoid risks.”
Shah added, “There are cases where insurance policies are not settled as key points are not insured. In one case the company taking a cyber insurance had not taken a malware — malicious software — cover and it suffered an attack due to malware and was not compensated.”
- In a ransomware attack, fraudsters encrypt data and demand an extortion amount for providing decryption key
- Man in the middle attacks: Fraudsters hack into email communication dealing with payments between two companies, mostly one of them based abroad. They then create an email ID similar to one used by the companies; pretend they have changed bank account details and ask the company on the other end to redirect payment to the new account; withdraw the money and flee