Personal cyber insurance policies should cover cases of online shopping frauds and individual negligence, the Insurance Regulatory and Development Authority of India (IRDAI) has suggested in its product structure for cyber insurance released on September 8.
As consumers’ personal and financial data are increasingly stored online, they also bear the risk of becoming targets of cybercrime. IRDAI’s recommendations could aid insurance providers in designing insurance policies that mitigate that risk.
IRDAI’s key recommendations for cyber insurers
In October last year, IRDAI had formed a working group to come up with a policy that standardises the wording on cyber insurance policies. In the new product structure, IRDAI announced that it has decided against enforcing such standardisation, and is only making the following recommendations regarding the coverage and settlement procedures of such insurance policies:
- Include individual negligence: Current policies require individuals to take due diligence and care regarding their online safety. Only serious victims of cyber fraud are covered. Gross negligence from victims should also be covered under personal cyber insurance.
- Settle small claims without FIR: All settlement claims on cyber insurance policies currently require an FIR, making settlement a tedious process. The IRDAI recommended that claims below Rs. 5000 be settled without an FIR.
- Cover online shopping fraud: Current insurance schemes don’t cover online shopping fraud, including making a purchase and not receiving a product or selling something but not receiving payment. Insurers could offer limited coverage for such losses, IRDAI suggested.
- Change definition of Cyber Attack: Current insurance plans offer protection only if the particular user’s system was targetted. IRDAI recommended that victims of large-scale cyber attacks targetting multiple users be covered.
- Cover sim jacking, card cloning: According to IRDAI, taking control of someone’s phone number or cloning cards is one of the major reasons for cyber-related losses, and cyber insurance must cover such incidents.
- Cover unsolicited messages: Cyber insurance should cover losses incurred through a scam link or message, which is also one of the major reasons for cyber-related losses according to IRDAI.
What risks do cyber insurance plans already cover?
Currently, personal cyber insurance is offered by various companies including Bajaj Allianz, ICICI Lombard and HDFC ERGO. Here are the areas that cyber insurance policies across the board typically cover, as noted by IRDAI:
- Bank Account Hacking – Theft of funds due to bank account, credit/debit card and/ or mobile wallets being hacked by a third party.
- Identity Theft Cover – Expense for prosecuting perpetrators of identity theft and transportation cost.
- Social Media – Defence cost for claims made against insured by third/affected party due to hacked social media account of insured, provides expense to prosecute perpetrators and other transportation costs.
- Cyber Stalking/Bullying/Extortion – Expenses to prosecute the perpetrator in all cases. Coverage of costs incurred due to extortion.
- Data Restoration – Coverage for data restoration cost due to malware.
- Phishing and Spoofing – Coverage of financial losses as a result of phishing or email spoofing and provides expense to prosecute perpetrators.
- Media Liability – Defence costs in case the insured person is accused of defamation or invasion of privacy for publishing any digital media.
- Data Breach and Privacy Breach – Defence costs if the insured is accused of a data breach or a privacy breach.
Are cyber attacks rising in India?
Explaining the need for comprehensive cyber insurance products, the IRDAI pointed out in its product structure that cyber attacks have risen sharply during the pandemic:
Cyber risks have accelerated by as much as 500% since the first lockdown was imposed in India in March 2020[…]It is of prime importance to look at different scenarios that could be unfavourable and the methods of addressing various risks. — IRDAI Cyber Insurance Product Structure
There has been a sharp increase in cyber crimes across the world since the pandemic started, a recent study has shown. Here’s what we know about the rise of cyber crime in India:
- CERT-IN issues warning: The Indian Computer Emergency Response Team (CERT-IN) sent notifications to 700 government agencies earlier this year, alerting them to follow strict cybersecurity measures since cyber incidents were on the rise, India Today reported.
- 52% Indian companies targetted last year: In 2020, 52% of Indian companies fell victim to a successful cyber attack, according to a report by Sophos, a British IT security company.
- Three-fold increase in incidents: 11.6 lakh cases of cyber attacks were reported to CERT-IN in 2020, an increase of nearly three times from 2019 and more than 20 times from 2016, the Home Ministry informed Parliament in March this year.
- 52% Of Indian Companies Fell Victim To Cyber Attack Last Year: Sophos
- Exponential Growth In Number Of Cyber Incidents Reported To CERT-In During Pandemic: MEITY
- IRDAI Urges Insurance Companies To Launch Customised Products For Drones
Have something to add? Post your comment and gift someone a MediaNama subscription.