CYBER INSURANCE AND MSME - SCI & TECH

CYBER INSURANCE AND MSME - SCI & TECH

News: Cyber insurance: How it can protect small and medium businesses

What's in the news?

●       In today’s world, the accessibility of the internet has benefited people in many ways, but some of them are using it unethically by taking undue advantage in order to fulfill their ulterior motives.

●       The rate of cyberattacks in India is steadily increasing day by day. Globally, In 2021 alone there were 1037 cyber-security incidents targeting Small and Medium Enterprises.

Importance of Cyber-security for MSMEs:

●       MSMEs consisting of a total of 6.3 million units contribute over 28% to the Indian GDP along with providing employment to over 11 crore people.

●       MSMEs and start-ups are crucial growth drivers of the Indian economy and also contribute significantly to the country's GDP.

●       November 2022 data suggests about 43% of all cyberattacks targeted small businesses and start- ups.

●       Therefore, their protection from cyber-attacks should be the ultimate priority.

●       In order to strengthen the cyber-security ecosystem, the Ministry of Electronics and Information Technology (MeitY) has proposed the appointment of an Information Security Officer for Micro, Small and Medium Enterprises.

●       Information security is mandatory for almost all financial services organizations in addition to being a prerequisite for ISO 27001 certification.

Impact of Cyber-Attacks on MSMEs:

The impact of cyber-attacks on an organization can be manifold, ranging from loss of reputation, loss of data, legal and regulatory actions, and huge financial losses, which ultimately can result in the bankruptcy of the organization, thus leading to the business getting closed.

1. Loss of Reputation:

●       When customers and client’s private information is lost, they lose faith or confidence in the company, which in turn causes a decline in revenue and, eventually, a loss of reputation for the organization that was the target of a cyberattack.

2. Loss of Data:

●       One of the detrimental impacts of a cyber-security breach can be the loss of customers’ confidential data.

3. Legal and Regulatory actions:

●       On being responsible for someone else’s data, the breach can result in legal and regulatory consequences i.e., on breach of confidential data there can be huge fines and penalties imposed by regulatory authorities.

4. Financial Losses:

●       Cyber-attacks can have a direct impact in terms of financial losses resulting from money, data or intellectual property theft or software or damage to the hardware or software of the organization.

Cyber Insurance as a Risk Mitigation Tool for MSMEs:

●       Cyber insurance is a risk mitigation product in case of any loss to MSMEs due to cyber-attacks. It provides protection for MSMEs with respect to first-party costs and third-party liability arising out of a cyber breach.

Key coverages provided by the Cyber insurance policy for MSMEs:

1. Data Liability:

●       The policy provides coverage for damages or defense costs due to claims arising out of the loss of personal or corporate information.

2. Administrative Investigation and Fines Cost: 

●       Payment of fees for legal advice and representation in connection with any regulatory investigation and the fines arising out of such an investigation.

3. Customer Response and Reputational Expenses:

●       If a data breach occurs, this will cover costs incurred to maintain reputation and provide support to the insured’s clients, such as

○       A public relations firm to help repair damage to brands

○       Legal costs for notifying affected customers or offering credit monitoring services

○       Setting up call centres for concerned customers and bringing in IT forensic teams to ascertain the cause of the data breach and potentially remove the hacker from the system.

4. Data Recovery and Business Interruption Costs:

●       Covers costs incurred to restore, recollect or replace affected data stored at premises or at an external backup Data Center or storage facilities and costs of loss of revenue due to network downtime due to security breach.

5. Incident Response Cost:

●       The policy provides for payment of fees incurred in the investigation, collection of information, or notification to data subjects or any regulator of any breach of data security or of any data protection law.

6. Cyber Extortion:

●       Covers the cost of specialists engaged in investigation and negotiation and the ransom paid to avoid the threat becoming real.

7. Director and Officers Liability Insurance and Crime Insurance Policy:

●       In case of extreme breach situations, Director and Officers Liability Insurance and Crime Insurance Policy can also provide coverage.

●       The Directors and Officers Insurance policy provides coverage for the payment of defense costs, investigation costs, and public relation expenses for third-party claims arising out of wrongful acts by directors or officers in the performance of their managerial duties.

●       The Commercial Crime Insurance policy, on the other hand, provides coverage for loss of money, security, and loss of other property caused due to theft committed by an employee.

Go back to basics:

Cyber risks:

●       These include data and security breaches, cyberattacks, intellectual property losses, cyber-safety hazards, financial fraud, etc.

Cyber insurance:

●       To mitigate such cyber risks, start-ups and small businesses should purchase cyber insurance policies that have become more of a necessity than a choice.

●       The policy secures the company from the repercussions of being the potential victim of a cyber crisis that may cause financial and data loss and harm its reputation.

●       With the current interconnectivity, it has become crucial for small businesses to financially safeguard themselves from cyberattacks by taking cyber insurance.

Coverage:

●       It covers the expenses of investigating and repairing damages such as restoring lost data, incurring forensic costs, providing indemnification for lawsuits, compensating clients for any loss resulting from cyber incidents such as data breach, theft or loss of sensitive data.

●       When a cyberattack causes a business to shut down or experience a disruption, cyber insurance can provide coverage for lost income and expenses.

●       It also covers cyber extortion payouts, business interruption costs, administrative investigations, data recovery and reconstitution costs, forensic costs etc.

Kinds of coverage:

●       First-party cover shields the business from costs incurred when it is afflicted by fraudulent activities such as a data breach.

●       Third-party cover offers protection from legal liabilities arising from any third party, including insured's customers, suppliers, business partners, and other stakeholders in the event of them suing the organisation for data breach and mishandling their data.

Estimation of premium:

●       There is no fixed premium, as it varies based on the sector and the quality of risk.

What is not covered?

Cyber insurance broadly protects the insured against various risks. However, it comes with some exclusions such as

●       Violation of contracts

●       Breach of trade secrets and trademarks and

●       Disputes over registered patents or intellectual property.

●       Deceitful or deliberate behaviour or any fraudulent act infringing the rule or regulation is not covered.

●       Property damage, harm, or injuries caused due to negligence, lack of precaution to safeguard confidential banking information, etc., are also not covered.

●       Ongoing and uninsurable legal cases and physical injury, death, or damage to any tangible object remain uninsured.