Cyber insurance policies cover ransomware attacks and the ensuing damages, including ransom payments, data restoration costs, forensic and other first-party costs, and loss of profit due to business interruption.
A spurt in cyberattacks and an increased awareness about such crimes have contributed to a rise in demand for cyber insurance policies.
The uptick in such incidents has also led to a spike in claims for insurance companies, leading to a strengthening of underwriting parameters.
According to industry estimates, the number of cyber insurance policies sold in 2023 so far are 35 to 40 per cent higher than 2022.
Experts attribute a heightened awareness about the risks for a jump in sales of insurance policies.
"We see the increase in cyber-related incidents and awareness about them as reasons behind a higher demand for cyber insurance," said Gaurav Arora, chief of underwriting & claims property & casualty, ICICI Lombard General Insurance.
According to government data, there were 1,391,457 cybersecurity incidents in 2022, and 1,402,809 in 2021.
Indian Computer Emergency Response Team's (Cert-In's) annual report showed 653 security alerts, 38 advisories, and 488 vulnerabilities.
Vulnerable services accounted for 875,892 of the total incidents. These were followed by "unauthorised network scanning/probing", with 324,620 incidents in 2022.
Other security incidents recorded by Cert-In were virus/malicious code (161,757), Website defacements (19,793), website intrusion and malware propagation (2,164), phishing (1,714), and others (5,517).
"There is demand for more cyber insurance with an uptick across sectors, whether it is manufacturing, e-commerce, services, information technology or financial institutions," said Amit Solanki, head of liability & special risk, Howden Insurance Brokers (India).
"Along with it, various regulatory bodies have also done their part by introducing guidelines on how to secure cybersecurity networks, and also procure cyber insurance.
"This has been introduced at least as an advisory if not made mandatory," Solanki added.
"I think most people do understand the relevance of cyber insurance and are buying it. The ones who have not bought it are looking to buy," Solanki said.
According to experts, the number of cyber security incidents increased quite dramatically after the COVID-19 pandemic.
The corporate world was not adequately prepared for it. After the pandemic, companies started making significant investments in upgrading their cyber security posture.
However, incidents of privacy breaches, business interruptions, and ransomware continued. There were instances of payouts across businesses, which led to an increase in cyber insurance-related claims.
"From a growth perspective, among all liability products, cyber insurance is one of the fastest-growing products. So the demand is increasing. But as far as the number of customers who still have cyber insurance is concerned, they are still fewer than the other liability products," Arora added.
The magnitude of claims in the industry has also increased along with a rise in demand. On account of rising claims, general insurers have tightened their underwriting parameters to focus on their risk selection.
"The number of claims in the cyber insurance segment increased 20-25 per cent in 2022-2023 over the previous financial year," said Arora.
"We have started increasing rates on our cyber insurance policies. There is an increase in the attachment on deductibles. We have started limiting our exposure," Arora added.
"We have modulated our capacity based on these frameworks like how much share we want to be taking in some of these policies and the limits which we would want to be offering in them," Arora said.
"Many insurers are grappling with reduced capacity due to substantial claims," noted Evaa Saiwal, business head of liability, cyber & financial risk, Policybazaar.
Further, the increased difficulty to get reinsurance also contains the scope to increase exposure to cyber insurance.
"We don't want to put high exposure to any risks. We have a limit of Rs 50 lakh to Rs 70 lakh per risk in cyber insurance. That has been in place for the last 2 to 3 years.
"It is getting more and more difficult to get reinsurance for the cyber space. There are only a few players that are willing to offer the capacity, so it is difficult to increase the limit," said T A Ramalingam, chief technical officer, Bajaj Allianz General Insurance.
Cyber insurance policies cover ransomware attacks and the ensuing damages, including ransom payments, data restoration costs, forensic and other first-party costs, and loss of profit due to business interruption.
Feature Presentation: Ashish Narsale/Rediff.com