Cyber attacks on the rise, Indian insurance companies see uptick in corporate cyber policy enrolments

Cyber attacks on the rise, Indian insurance companies see uptick in corporate cyber policy enrolments

Cyber attacks on the rise, Indian insurance companies see uptick in corporate cyber policy enrolments

In response to escalating cyber attacks in India, private insurers such as HDFC Ergo General Insurance and Bajaj Allianz General Insurance are taking proactive measures, including engaging in negotiations with cyber attackers, to address claims arising from ransomware incidents, as per a report by The Economic Times

India has recently become one of the most targeted countries globally for cyberattacks.

In addition to refining their cyber insurance products, insurers are modifying covenants and strengthening contracts with clients to enhance their capabilities in the rapidly growing cyber insurance sector.

Insurers are collaborating with intermediary agencies that specialize in negotiating with hackers, often referred to as “threat actors.”

These agencies play a crucial role in facilitating negotiations when hackers demand a ransom in exchange for not releasing stolen data. Experts estimate that at least 5-10 cases involving substantial sums of money have been settled through such negotiations in just over a year.

The primary objective of insurers engaging in negotiations is to confirm the responsibility of threat actors for the cyberattack and then work towards minimizing the ransom payment.

The Economic Times report quotes  Hiten Kothari, Chief Underwriting Officer and Chief Actuary at HDFC Ergo General Insurance, who explains, that ransomware negotiation service providers offer a range of services, including ransomware remediation, public relations assistance, post-attack monitoring, detection and response services, and products designed to prevent future attacks.

While obtaining official numbers on such negotiations is challenging, industry experts suggest that approximately 5-10 deals may have transpired over the past year.

The reduction in reinsurer capacity over the last 1-2 years, due to substantial overseas claims, is prompting a reevaluation of exposure to cyber insurance.

Assessing the impact of cyberattacks, experts note that cybercriminals strategically publicize data breach details on the dark web to exert pressure during negotiations and increase the potential ransom amount.

Companies often assess the business impact of a data breach to determine whether paying the ransom is the most viable option, claims The Economic Times report.

This evolving cyber threat landscape has led to the implementation of more stringent terms and agreements in cyber insurance policies. Companies are now discussing cybersecurity concerns in boardrooms, and insurance policies are adapting to cover emerging risks. Collaborations between insurers and cybersecurity firms are on the rise to provide proactive risk management solutions.

As of the latest data, HDFC Ergo has observed a 25 to 30 per cent tincrease in new corporate cyber policy enrolments.

In response to the rising instances of payouts, insurers are incorporating limits on claims percentages for ransomware cases into new covenants, resulting in increased premiums and higher deductibles.

The corporate cyber insurance market in India has witnessed significant growth, with premiums surging by 50-60 per cent in the past year. The market is currently valued at around Rs 600 crore, up from Rs 400 crore just six months ago.

The increased demand for cyber insurance is not limited to large companies in the IT, ITes, and BFSI sectors, as other industries, including manufacturing and pharma, along with mid-sized companies, are now seeking coverage.

However, policies for smaller companies may vary based on their system strength and tech infrastructure.

Cyber insurance policies continue to evolve, offering more customized coverage that takes into account specific risks and compliance requirements.

Insurers are adopting comprehensive risk assessment approaches, utilizing detailed questionnaires to evaluate companies’ cybersecurity measures, including the strength of their firewalls and security infrastructure.

Premiums are then priced accordingly, with an emphasis on reinforcing technology infrastructure and appointing Chief Information Security Officers (CISOs).