Coronavirus forces corporates to reassess cyber insurance covers

With remote working becoming the new normal across India Inc, companies are realising the need to take adequate protection against cyber liabilities.

M Saraswathy

April 27, 2020 / 03:47 PM IST

Representative image

A Mumbai-based research firm had a sudden scare during a pan-India video meeting when there was a breach by an intruder. While no data was stolen, this company’s client base of more than 10 entities sought a complete external audit of this incident by independent consultants including the list of participants and their background, possible data leaks and private information theft.

Considering the amount of information to be assessed, a cost of almost Rs 40 lakh cost was incurred by the company. While this firm’s cyber cover would pay for this cost, the company is looking to hike the size of the policy.

Amidst the coronavirus (COVID-19) outbreak, companies in India are having a re-look at cyber insurance covers to look into what their risks and liabilities could be. Here, the potential situations and cost estimates are being analysed to arrive at appropriate insurance covers.

COVID-19 has led to employees across companies working from home. With this, all client meetings, audit meetings as well as confidential board meetings are held virtually. This opens up corporates to potential threats of breach, phishing and ransomware.

Also Read: Live updates on the Coronavirus outbreak in India

COVID-19 Vaccine

Frequently Asked Questions

How does a vaccine work?

A vaccine works by mimicking a natural infection. A vaccine not only induces immune response to protect people from any future COVID-19 infection, but also helps quickly build herd immunity to put an end to the pandemic. Herd immunity occurs when a sufficient percentage of a population becomes immune to a disease, making the spread of disease from person to person unlikely. The good news is that SARS-CoV-2 virus has been fairly stable, which increases the viability of a vaccine.

How many types of vaccines are there?

There are broadly four types of vaccine — one, a vaccine based on the whole virus (this could be either inactivated, or an attenuated [weakened] virus vaccine); two, a non-replicating viral vector vaccine that uses a benign virus as vector that carries the antigen of SARS-CoV; three, nucleic-acid vaccines that have genetic material like DNA and RNA of antigens like spike protein given to a person, helping human cells decode genetic material and produce the vaccine; and four, protein subunit vaccine wherein the recombinant proteins of SARS-COV-2 along with an adjuvant (booster) is given as a vaccine.

What does it take to develop a vaccine of this kind?

Vaccine development is a long, complex process. Unlike drugs that are given to people with a diseased, vaccines are given to healthy people and also vulnerable sections such as children, pregnant women and the elderly. So rigorous tests are compulsory. History says that the fastest time it took to develop a vaccine is five years, but it usually takes double or sometimes triple that time.

Show

Each company has to disclose as part of its customer contracts the amount of insurance cover taken for segments like cyber. Due to rupee depreciation, there have been cases where due to rupee value declining versus the US dollar, these companies been found to not adhere to the earlier disclosed limits. This makes it essential that they buy additional limits on the cyber cover.

In India, less than 1,000 cyber insurance policies have been issued so far. The cover differs depending on the industry and individual companies. On average, for $1 million covers, the premium could range from $6,000-11,000.

Sectors like banking and financial services, IT/ITeS and e-commerce with a high focus on retail customers are considered to be at higher risk as far as cyber liability is concerned. Higher the limit, lower could be the premium share.

Dhingra said that apart from the traditional industries mentioned above, sectors alike pharmaceuticals, oil refinery, energy and power sectors are taking steps to ramp up their cyber insurance covers.

He explained that the cover offers protection against liabilities related to ransomware, breach response and phishing incidents among others.

“Companies have realised that cyber is the number one risk at this point. Even if there is no direct data loss, there could be other costs related to audits or help taken from external consultants in case of a breach,” he added.

Apart from breach incidents, ransomware attacks have become common ever since the lockdown due to COVID-19 was announced. Here, an attacker threatens to publish private data or block access to confidential information unless a ransom is paid.

Mid-to-large size companies take between $10 million to 350 million of limits in the cyber insurance covers.

This ransom could be instruments like bitcoins where negotiations are done with the criminals to retrieve the data. Insurance would pay for these costs.

When an Indian corporate’s global client had a breach event, the biggest worry was whether there would be any loss of data. While there was no data theft or breach the global client billed $1 million to this Indian company for seeking the help of an external consultant. The cyber cover paid for these losses.

The Marsh Microsoft 2019 Global Cyber Risk Perception Survey showed that 79 percent of respondents ranked cyber risk among the top five concerns for their organization, up from 62 percent in 2017. This survey report also said cyber risk has moved beyond data breaches and privacy concerns to sophisticated schemes that can disrupt entire businesses, industries, supply chains, and nations, costing the economy billions of dollars and affecting companies in every sector.

Follow our full coverage of the coronavirus pandemic here.

Check your money calendar for 2023-24 here and keep your date with your investments, taxes, bills, and all things money.