The COVID-19-induced lockdown since March 2020 and physical distancing have given a massive boost to the digitalisation of financial transactions. The pandemic’s fallout fuelled a boom in online transactions, with many switching to the virtual mode due to convenience or out of compulsion. The flipside? Cyber risks have risen manifold in India since the first lockdown in March 2020. And the Insurance Regulatory and Development Authority of India wants to do something about it.
Last week, it came out with a model cyber insurance policy that aims to protect consumers. This policy will compensate you financially if you suffer from a cyber fraud. The model policy was a result of an IRDAI-constituted working group report. The report noted that fraudsters are using the heightened digital footprint and traffic to find vulnerabilities or to siphon money.” Fraudsters have also developed phishing websites, emails and phishing UPI accounts, fuelling the rise of cyber frauds.
When your financial transactions go wrong
While such policies are typically purchased by banks and corporates, individuals, too, need to be insured against such frauds. The insurance regulator has already announced a model cyber cover that all insurers are “encouraged” to offer. Now, large insurers such as Bajaj Allianz, HDFC ERGO and ICICI Lombard already offer this cover to retail policyholders. “Corporates will ensure that they are protected against cyber risks. But a cyber insurance policy is important for individuals, given how the virtual world dominates our lives,” says Sanjay Datta, Chief-Underwriting, Claims and Reinsurance, ICICI Lombard.
Premiums for annual cyber insurance policies that are currently available range from Rs 2,000-5,000 for a Rs 5-lakh cover.
The covers provide protection against financial losses you may incur due to unauthorised online financial transactions, malware attacks, phishing and email-spoofing attempts, and so on. “Often, senior citizens in particular fall prey to fraudulent emails masquerading as official ones from banks and end up sharing their sensitive credentials or PIN,” explains Mahavir Chopra, Founder, Beshak.org. The information is then used to siphon money from their accounts.
It can happen to even those who can navigate the internet well, if they are not vigilant about some sundry and unknown link they get in their email or through phone calls from scammers claiming to be their bank officials.
Gullible individuals end up sharing their sensitive account, card details and PIN only to see their money being swindled. Charges for data restoration in case of a malware attack will also be reimbursed. Multiple devices can be covered under a single cover. You can also insure your family members under the same cover, though the premiums will be higher in such cases.
Insurance against cyber stalking, malware attacks
In addition, the covers also promise to reimburse reputational damage that you may suffer due to identity theft, including through your social media accounts. In such cases, policies will pay for the cost of prosecuting the fraudsters and also defending yourself against claims made by individuals affected by the impersonation. Legal expenses will also be paid for.
Likewise, if you have to incur expenses for pursuing legal cases against perpetrators who resort to cyber stalking, bullying or extortion, you can claim a reimbursement. Depending on the plan you choose, you will also get coverage for fees paid to mental health counsellors for treatment taken for stress caused by such crimes.
Fineprint: Compensation could be capped
Before you sign up for these insurance policies, you need to read the fine print to understand what will not be payable. For example, reimbursement for phishing and email spoofing is restricted to 15-25 percent of the overall sum insured limit. “People should look for 100 percent limits for major coverages such as loss of funds, ransom, identity theft. Other coverages can have sub-limits of 25-50 percent of the policy limit,” says Manoj Kumar AS, Executive Vice President, Global Insurance Brokers.
Then, there are generic exclusions – your claim could be rejected if you file your complaints six months after the fraud has taken place. So, it’s your responsibility to notify your bank as well as your insurer as soon as you notice the fraudulent transaction in the account. “Insurers will not pay for any losses arising out of product defects. The clauses also state that you should take adequate precautions to safeguard your confidential information,” adds Kumar. Also, since it is a cyber insurance policy, frauds in the physical world will not be covered under any insurance company’s policy.