India was the third worst hit nation during the 2017 WannaCry ransomware attack, affecting over 40,000 computers. However, Shankar Garigiparthy, Lloyd's India’s CEO and Country Manager believes the real number was over quarter of a million.
India suffered numerous cyberattacks recently. The Indian Computer Emergency Team recorded 50,362 attacks in 2016, which rose to 3,13,649 in 2019. These attacks comprised phishing, hacking, and business interruption.
These growing incidences have prompted Lloyd’s India to consider cyber insurance products as a pertinent offering in its current portfolio. Its CyRiM Bashe Attack Report 2019 highlighted that less than 14 percent companies are covered by cyber insurance. “The economic losses due to lack of insurance in case of cyberattacks is in the region of USD 160 billion,” Garigiparthy noted.
Most of the cyber insurance earlier focused on digital assets like customer data. But growing instances, frequency and impact of attacks have seen insurers and reinsurers include components like physical assets, business interruption, brand reputation and IPR (intellectual property rights). A KPMG report states that the faster the insurers unravel the complexity of modelling and pricing these risks, the quicker they can seize a share of this market, valued at over USD 10 billion of global premiums by 2020.
Keen to grab a major pie of India’s cyber insurance market, Lloyd’s, a specialist in the insurance and reinsurance market, will concentrate on business interruption and ransomware, including first party payments. This is when an insured company, or the first party, is paid by their insurer, or the second party, in case of the events covered under the policy.
Garigiparthy explained, “If companies want their first party losses to be protected, then the reinsurance price will be quite high. Most insurers would typically want to retain up to a certain level and purchase reinsurance for losses above their threshold appetite level.”
Quantifying cyber risk exposure is a challenging task, since a single data breach affects multiple geographies. In such scenarios, Lloyd’s extrapolates its global experience for the Indian region after extensive consultations with brokers, insurance companies and risk managers.
“There is constant discussion with risk managers and brokers to understand how much of that exposure we are asked, or are willing to take, since often there is no precedence for such attacks. After all, if we always rely on past experiences, we cannot innovate. Lloyd’s has a strong history of innovation, and was amongst the first to issue a cyber risk policy. We still have approximately 40 percent share of the cyber market globally,” he added.
Lloyd’s believes it has cracked the code for a sustainable insurance product portfolio by ensuring its underwriters are present in the country, and constantly engage with brokers and clients. This helps them understand risk exposure before deciding how to best protect clients.