According to a report titled Global Risks, published by the World Economic Forum in collaboration with Marsh & McLennan in 2018, cyber-attacks are perceived as a substantial global risk. In fact, it is of immense concern to business leaders globally.

Needless to say, in such dire circumstances, the importance of availing a cyber insurance becomes highly significant. Be it individuals or corporates, a cyber insurance is definitely the need of the hour.

Sushant Sarin, Executive Vice President & Head, Commercial Lines & Reinsurance, Tata AIG General Insurance in a conversation with Himali Patel explains as to why cyber insurance is extremely critical in today’s time.

Insurers face billions in losses, due to data breach. How important is it to have cybersecurity insurance in today’s era?

According to a report published by Cybersecurity Ventures, global cyber losses are predicted to hit $6 trillion by 2021. This figure alone is enough to show how big a risk cyber is evolving to be. The reason why cyber insurance is extremely critical in today’s day and age is because, a network security breach or data breach is a significant balance sheet exposure. It is not just large organisations who suffer multi-million-dollar losses. According to the US National Cyber Security Alliance, 60 per cent of small companies shut down within six months of a cyber-attack. As data protection laws worldwide become more stringent, fines for data breaches have increased significantly to a percentage of the global turnover of the company. When network and data security fails, it is cyber insurance that protects businesses from the crippling financial implications of such failure.

What should one consider while buying a cybersecurity plan for their organisation?

While purchasing Cyber Insurance, organisations must consider (a) their own exposure and (b) the capability, experience and track record of the insurer providing cyber insurance.

An organisation’s exposure comes from network controls, information security management, sensitivity of data stored or processed, jurisdictions where the organisation is present, public profile, outsourcing activities, cyber response capability, business impact of network interruption etc. These factors enable organisations to assess their vulnerability. With cyber breach being more a question of when and not if, a capable insurer who has experience of dealing with cyber breaches whether from local or international players, and a track record of handling cyber claims, is the surest security against the financial consequences of a cyber breach.

What are some of the exclusions in various cyber-security plans today?

Some of the standard exclusions in a cyber insurance policy relate to first party data loss, trading loss, a cyber event leading to physical damage, criminal or fraudulent acts by an insured and so on.

What is the process for cybersecurity claims?

As soon as the organisation becomes aware of a circumstance or an actual cyber incident e.g. a network security breach, a data breach, or an extortion threat etc. in addition to taking steps to minimise the impact of the incident, the Insurer must be promptly notified. The first step that anyone takes is to hire forensic cyber specialists for the purpose of substantiating whether there has been an unauthorized access. The advantage of prompt notification is that the insurer will cover such fees. Co-operation with the Insurer helps to get the maximum benefit of the insurance cover. If there has been a data breach leading to loss of personal or corporate information, or a network security breach, that may result in the organisation facing third party liability, an insured must not assume liability without the insurer’s advice and agreement.