New regulations, emphasis on data protection and increasing cyber attacks are driving banks and financial institutions to seriously look at cyber security insurance as the ‘plan B’ when an attack strikes. Sushant Sarin, Executive Vice President & Head, Commercial Lines & Reinsurance, Tata AIG General Insurance, throws light on why cyber security insurance is gaining traction and how his team is building the right portfolios for businesses.
Q: As one of the first insurance companies to launch cyber liability cover in 2014, do you find the market maturing? What has been your experience with the product uptake?
Sarin: The market for Cyber Insurance has matured, particularly over the last 2 years. By maturity I mean that there is heightened awareness of Cyber risk and everyone is educated about Cyber Insurance being the Plan B when Cyber risk strikes. From Tata AIG’s perspective, we have seen a 42 per cent rise in the count of cyber insurance policies this year from last year, with a 27 per cent rise in the written premium volume. That’s a significant growth for any market segment.
Today, advanced Cyber Insurers provide not just indemnity after a loss, but also look at aspects like Cyber risk assessment at the time of buying Cyber Insurance and Loss Control Services when there is a Cyber breach.
Q: What are the returns organisations expect when they invest on a cybersecurity insurance?
Sarin: Data is the most valuable ‘asset’ of business enterprises today. In an interconnected world, a substantial quantum of confidential data is stored in systems and shared, via networks thus exposing the same to potential risks of the cyber world. So, in order to adequately combat the frequency and severity of the increasing incidences of cyber-attacks and data breaches, a cyber liability policy is a must-have for businesses. It typically provides cover against first party as well as third party risks and addresses the liability of companies arising from data protection laws, management of personal data and the consequences of losing corporate information.
Besides, indemnifying or compensating the insured for legal liability and notification costs, cyber insurance policies also provides cover for forensic services, credit monitoring services, reputation management, multimedia liability, cyber extortion and network interruption.
Q: What’s the uptake of cybersecurity insurance in the BFSI sector? Do we have currently regulations that mandate banks to go for cyber insurance in India?
Sarin: There is an overall regulatory push to buy Cyber insurance. BFSI sector is the most regulated one among others and therefore, we have seen the regulator issuing various guidelines on Cyber Security Framework. For instance in 2016 RBI issued the Cyber Security Framework in Banks to all Scheduled Commercial Banks; in 2017 RBI issued the Master Direction - Information Technology Framework for the NBFC Sector; the same year IRDAI issued the Guidelines for Information and Cyber Security to all Insurance Companies and earlier this year SEBI issued the Cyber Security and Cyber Resilience framework for Mutual Funds / Asset Management Companies (AMCs).
These circulars do not ask or mandate entities to buy Cyber Policies in any way, but certainly emphasize upon the need to have Cyber Security and Resilience to improve their cyber risk management practices. This in fact helped bring about a change in the overall mindset towards risk and spread awareness.
Besides, we are seeing that the decision makers in the BFSI segment is now more conscious that over increasing Cyber risk needs to be finally addressed through insurance. Executive managements, risk management committees and boards of BFSI companies are investing time, effort and resources to secure their organizations with the right Cyber Insurance.
Q: Lastly, how do you build the right portfolio of cyber insurance, considering it’s different from the traditional insurance offerings? Do you have security/technology experts in the team?
Sarin: We have a deep understanding of the Cyber Risks faced by our clients and offer them comprehensive insurance to secure themselves against such risks.
Secondly, we insure Cyber risks of clients from all types of sectors and industries including BFSI, IT, Pharma, Manufacturing, Retail etc., for a balanced portfolio. And we have experts who enable us to assess Cyber risks properly and actuaries and underwriters to build the right portfolio.