SP Services

Considering FinTech Services? Don’t sleep on Cyber Insurance

Cyber insurance Policy

As enterprises are shifting their databases and information to the cloud, the risk to tangible assets get smaller, and IT system and other related tech threats increase massively. The rising number of cyber frauds over the past few years in India is the biggest threat to most of the business entities, specifically to financial institutions, which includes banks and NBFCs (Non-Banking Financial Institutions). Banks/Financial Institutions have been building a robust cyber mechanism to detect and thwart cyber attacks. However, with all these checks and balances, they still can only minimize and not avoid financial losses. As no defense mechanism is full proof, it becomes necessary to transfer the risk through Cyber Liability Insurance or commonly known as Cyber Insurance Policy.

Growing reliance on Financial Technology (FinTech)

Financial technology or fintech is relatively a new industry in India, and the term was initially applied to the technology employed at the back-end systems of established financial institutions. ​It has however since then grown exponentially and shifted to more consumer-oriented services. Fintech now includes different sectors and industries such as education, retail banking, fundraising and nonprofit, investment management and especially Non-Banking Financial Companies (NBFCs).

Since financial technology companies (Fintech Companies) provides financial services to other companies on digital platforms with the help of various cutting edge technologies and software support, there is a lot of sensitive data stored digitally.

Considering the direct involvement of general public transacting with Banks/NBFCs, it is their responsibility to prevent loss of personally identifying information (PII), transactional information of its customers, and company’s private sensitive data. It is essential to have an efficient and effective response in case of such losses.

Sectors prone to cyber attacks

What is Cyber Insurance, aka Cyber Liability Insurance?

General Insurance policies, in their traditional form, tend to cover only “tangible” assets. While growing exposure has shown how electronic data does not always fall under the definition of tangible assets, leaving a lot of companies valuable information unprotected and unguarded. It is here that cyber insurance comes in to fill the gap. 

A Cyber Insurance Policy, also referred to as Cyber Risk Insurance or Cyber Liability Insurance Coverage (CLIC) helps an organization/company to mitigate the risk of loss should a significant security breach occur. The objective of cyber insurance, as any other form of insurance, is to minimize the risk and simultaneously provide some redressal to the aggrieved party.

Who should buy Cyber Insurance?

Who should buy Cyber Policy?

What is the scope of Cyber Insurance?

Cyber Insurance in India usually offers comprehensive cover related to third party claims, such as liability for losses caused due to errors and omissions, failure to safeguard data or defamation; as well as first-party expenses in case of data destruction, extortion, theft, hacking and denial of service attacks.

First-party Coverage

First-party coverage protects the insured company in any kind of loss whether caused by it or someone else. Following events/occurrences can be said to fall under first-party coverage of cyber policy:

  • Cost of notifying customers that the information is compromised and changing such records.
  • Credit monitoring services for customers affected by such data breach.
  • Cyber extortion when the extortionist holds data hostage or threatens an attack. A recent example being ‘Ransom-ware’.
  • Business interruption loss, i.e. loss of business profit due to unavailability of services arising out of unauthorized access or cyber attack
  • Professional Fees for advice and support from a public relations consultant/crisis management consultants, to mitigate or prevent damage to the bank’s reputation as well individuals, e.g. Bank’s Chairman, Directors and employees due to a cyber-attack or data breach.
  • Professional Fees of forensic cyber risk specialists to investigate the causes of breach; understand its impact and deploying measures to prevent a similar lapse in the future.

Third-party Coverage

Third-party coverage provides protection to the bank against the claims of the third party in the following instances:

  • Infringement of intellectual property rights by the company.
  • System security failures resulting in harm to third-party systems.
  • System security failure resulting in system/services being unavailable to customers.
  • Defamation, disparagement of products or services and invasion of privacy.
  • Settlements made, damages paid and penalties deposited due to any breach.

Apart from these, the insurance policy also covers:

  • Regulatory fines and penalties including Payment Card Industry fines.
  • Defense costs incurred in defending any claim brought by a third party including – government agency or licensing or regulatory organization.
  • Unauthorized access to personal data or corporate information or dissemination of such information on the internet without the consent of the owner.

What is not covered under Cyber Insurance Policy?

While considering a Cyber Insurance Policy, the company should keep in mind the scope of the specific policy being offered by the insurance company and what all will be covered under it. However, there are certain standard major exclusions in every policy such as:

Coverage under Cyber Policy

Benefits of Cyber Insurance

Benefits of Cyber Policy

Risk Assessment by insurance companies when offering cyber insurance

The insurance companies providing cyber insurance decide on the premium after doing a risk assessment of the company/organization willing to buy such a policy. This assessment can also be used by the company itself to evaluate the need for Cyber Insurance. A few such factors considered during the said assessment are:

  • How robust is the organizations’ defense and controls to fend off cyberattacks after due diligence of its vulnerability to such cyber threats?
  • Track records of incidents and previous claims 
  • The type, context, and volume of data/information handled by the company/organization.
  • Training and oversight of employees and their education in the form of security awareness, especially for phishing and social engineering.
  • The measures are taken to secure electronic devices that carry sensitive data. And the level of encryption of sensitive data stored.
  • Costs of computer forensic investigation based on the company size and sector.
  • Cost of civil litigations and criminal investigation considering the jurisdiction in case of a dispute.
  • Crisis management and customer notification expenses based on the reach and goodwill of the company in the market.


Cyber risks change frequently, and organizations tend to underplay the full impact of a breach to avoid negative publicity and erosion of consumers’ trust in the company. In this light, the cyber insurance market is still evolving. However, any organization that stores and maintains customer information or collects online payment information, or is cloud dependant, should consider adding cyber insurance to its budget. It is essential to consider the edge of cyber insurance cover over general liability insurance covers which usually don’t cover ‘data’ under the material, bodily or property damage or theft. Cyber insurance can fill many of the gaps in traditional insurance, as well as provide substantial first and third-party covers relating to the cyber breach.

Also Read: Steps Taken by RBI to Develop Fintech

Vikalp Mishra

Vikalp is NLU graduate from Patiala (Punjab) and has a Diploma in Entrepreneurship Administration and Business Laws from NUJS, Kolkata. He specializes in Corporate Law, IPR and has fair share of litigation practice under his belt. Other facets of him are voracious reader, health freak and avid traveler. To him content writing comes naturally in effort to simplify the law for general public/reader.

Business Plan Consultant

Trending Posted

Startup CFO

Our Awards Our Awards

Top 100 Companies in Asia - Red Herring
Top 100 Companies in Asia - Red Herring

Red Herring Top 100 Asia enlists outstanding entrepreneurs and promising companies. It selects the award winners from approximately 2000 privately financed companies each year in the Asia. Since 1996, Red Herring has kept tabs on these up-and-comers. Red Herring editors were among the first to recognize that companies such as Google, Facebook, Kakao, Alibaba, Twitter, Rakuten, Salesforce.com, Xiaomi and YouTube would change the way we live and work.

Top 25 in India - Consultants Review

Researchers have found out that organization using new technologies in their accounting and tax have better productivity as compared to those using the traditional methods. Complying with the recent technological trends in the accounting industry, Enterslice was formed to focus on the emerging start up companies and bring innovation in their traditional Chartered Accountants & Legal profession services, disrupt traditional Chartered Accountants practice mechanism & Lawyers.

Top 25 in India - Consultants Review

In the news