India’s cyber insurance market is witnessing an uptick in demand shift as first-time buyers emerge as the single largest contributor to the latest demand surge, according to multiple senior executives Moneycontrol spoke to.
Experts shed some light on the numbers he has been observing, saying that around 40-50 percent of the recent 20-25 percent spike in cyber insurance uptake is coming from companies purchasing the cover for the first time, a trend directly linked to the enforcement environment created by the Digital Personal Data Protection (DPDP) Act and pressure from venture capital firms conducting tighter compliance checks.
This marks one of the sharpest behavioural changes since cyber insurance was introduced in India, reflecting how deeply the DPDP Act has altered risk perceptions for companies handling large volumes of personal data.
Startups, once slow adopters, become major contributors
A senior executive at a brokerage association also noted that startups, traditionally the slowest adopters of insurance due to tight budgets, lean teams, and a focus on growth over governance, now account for a substantial chunk of new policy issuances.
According to multiple insurers and brokers, the most active new buyers are Series B and Series C startups, especially those in fintech, healthtech, mobility, SaaS, D2C and e-commerce, all of which process sensitive consumer data at scale.
Many of these firms previously relied on internal tools, outsourced IT teams, and ad-hoc cybersecurity solutions but are now turning to structured risk transfer mechanisms amid steep potential penalties under the DPDP Act, which allows fines of up to Rs 250 crore for violations related to security safeguards.
Mandatory breach reporting adds pressure
Industry executives say the DPDP Act’s requirement for mandatory breach reporting has further heightened anxiety among young companies, which now face not only financial repercussions but also reputational damage if incidents become public.
“Startups are realising that one breach can derail fundraising, stall customer acquisition or even trigger regulatory investigations. Insurance has become a necessary buffer,” said a senior cyber underwriting head at a leading general insurer.
Investor push becomes decisive trigger
But the most influential push, insiders say, is coming from venture capital and private equity funds.
Over the last quarter, several investors have started insisting that portfolio companies purchase cyber insurance before approving the next round of funding. In some cases, it has been added to due-diligence checklists along with statutory compliance, ESOP documentation and financial audits.
"Investors no longer want to carry the risk of a DPDP-linked penalty or a data breach that could wipe out enterprise value," said a broker. "Cyber insurance has become a hygiene requirement."
This investor-driven shift means founders who previously viewed cyber insurance as a “big-company product” are now buying it early in the company’s lifecycle.
Experts added, many are beginning with modest Rs 5-10 crore covers but returning within months to upgrade as they understand the true costs of breach response, from forensic investigations to consumer notifications, legal representation before the Data Protection Board, system restoration and crisis communication.
Industry insiders suggest that mid-term upgrades and off-cycle purchases have doubled since August, indicating growing realisation that cybersecurity exposure expands rapidly as startups scale product lines and user bases.
With India’s venture ecosystem continuing to deepen and DPDP compliance costs rising across sectors, industry players believe the trend is far from peaking. As one insurer put it, "This is the first time cyber insurance is being treated not as an optional financial product but as a compliance and fundraising tool. The shift is structural, not seasonal."
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
