Cyber liability insurance helps you cover losses incurred by a virus attack against your gadgets such as laptop, tablet or computer. With a growing prevalence of cyber attacks all around us, getting a computer infected by virus, or facing a data breach is not an unusual occurrence any more. To prevent loss arising from these attacks, one can explore taking cyber insurance.
The cyber insurance essentially offers two kinds of coverages. The first one is first party coverage which means coverage for losses suffered directly by you.
And then there is third party coverage to cover claims made by people for the losses they suffered by an organisation's failure to keep its data safe.
First party coverages usually cover a range of cyber-attacks which include the following: Someone holds your computer data for ransom, a natural disaster destroys computer hardware, virus or malware in computer hardware and damage of data, among others.
On the other hand, third party coverages include court awards you are legally obligated to pay after a data breach, and media liability including infringement of copyright, domain name and trade name, etc.
“There are several cyber-liability products that cover first and third-party losses as well as extortion. The main thing in cyber-liability is to understand the exclusions and warranties very carefully. These essentially decide to what extent your claims are paid. Ideally the way to buy cyber-liability insurance is to make a list of potential threats you face and then ask for those covers, at the minimum, from insurers,” says Kapil Mehta, Co-Founder and CEO of SecureNow Insurance.
The individual plans available currently insure most of the IRDAI-listed cyber-crimes and coverage start from ₹10,000 and can go up to ₹5 crore.
Most insurers also offer customisable plans which depend on the insured's risk exposure and budget, and one can choose between the specific crimes that one wants covered. Policy holders can also include IT consultation along with the insurance.
“With work shifting online, new technologies, reliance on IoT services, and stress on a digital-first approach, cyber risk has changed shape and form. Cyber Insurance as a product is now offered by all the major insurance companies. Although the underwriting has become a little stringent as the risk has increased tremendously. The insurance company now goes through many documents shared by the companies to rate the risk such as IT security policy, business continuity plan (BCP) document, ransomware questionnaire, etc,” Evaa Saiwal, Practice Leader, Liability & Financial Risk, Policybazaar.
Among several insurers that offer cyber insurance, Future Generali’s coverage offers privacy breach, personal social media cover, cyber stalking, malware cover, phishing cover, e-mail spoofing, cyber extortion and identity theft. The insurer also offers additional covers for ATM robbery, counterfeit card liability and loss card liability.
Bajaj Allianz’s cyber insurance covers all regular cyber liabilities. On the top of this, one can also take additional covers for IT consultants services and counselling services.
Another insurer, Iffco-Tokio offers cyber security insurance which covers a number of cyber events such as human error, data breach and e-threat, among others.
Some common coverages by cyber security insurance:
1. Theft of funds: This covers loss due to cyber incident or hacking of bank account, credit / debit card and or mobile wallets by a third party.
2. Cyber stalking: The policy covers expenses to prosecute the stalker.
3. Malware/ data restoration cost: This policy includes data restoration cost due to malware.
4. Phishing: It covers financial losses due to phishing attack, including expenses to prosecute perpetrators.
5. Cyber extortion: Provides protection for extortion loss due to cyber extortion threat. This also includes expenses to prosecute perpetrators.
6. Identity theft: Covers defence costs for claims against insured by third or affected party due to identity theft fraud.
7. Media liability claims: Covers defence costs in third party claims due to defamation or invasion of privacy due to insured's publication or broadcasting of any digital media content.
8. Data breach and privacy breach: Covers defence costs and damages due to claims by third party for data breach and or privacy breach.
However, policy holders are expected to keep their data safe and make a conscious effort to prevent cyber-crime. In October 2021, IRDAI released a set of dos and don’ts, as part of cyber security awareness campaign, for policyholders.
The insurance regulator said the policyholders should "beware of sense of urgency in the emails. Phishing e-mails have tendency to make the target feel rushed."
The insurance regulator also tells users to check for generic greetings and salutation in the doubtful e-mails, e.g. Dear Valued customer, Dear user instead of name.
“Try to identify phishing emails through spelling and grammatical mistakes in the mail content,” said the IRDAI guidelines.