Cyber Insurance as a Solution
While cyber insurance policies were introduced in the developed countries more than a decade ago, in India these policies were first adopted only about four years ago. Since then, however, the adoption, wording innovation, and acceptance of cyber insurance have grown.
The cyber insurance coverage that began as a simple data privacy insurance policy, which covered only privacy related losses, has now expanded to provide additional coverage, such as:
- First-party coverage – The coverage indemnifies an organization for its own data loss, income loss, business interruption costs, system damage, and restoration costs, or for other direct harm to the organization resulting from a data breach or information security incident.
- Third-party coverage – The coverage indemnifies an organization’s liability to third parties, including customers and governmental entities, arising from a data breach. This may include media liability (copyright and trademark infringement), privacy liability to employees or customers for breach of privacy, bodily injury (certain cyber-attacks can cause physical harm), and/or defensive litigation services (to defend against class actions, derivative actions, and regulatory actions). This is often referred to as liability coverage.
- Extortion and theft coverage - This extension covers cyber extortion and ransomware etc. (including computer fraud or funds transfer fraud).
- Remediation coverage – This coverage typically indemnifies an organization for legal services during the response to a data breach, forensics services, crisis management services (including, public relations expenses beyond consumer notification), consumer notification, regulatory notification, credit monitoring, and identity theft protection services.
- Fines and penalties coverage - This coverage indemnifies an organization for the expenses of regulatory investigations, civil judgments, fines and penalties imposed by regulatory authorities, and fines and penalties for payment card industry compliance violations.
