Financial inclusion has caused the evolution of many sectors, and it also includes the banking...
As enterprises are shifting their databases and information to the cloud, the risk to tangible assets get smaller, and IT system and other related tech threats increase massively. The rising number of cyber frauds over the past few years in India is the biggest threat to most of the business entities, specifically to financial institutions, which includes banks and NBFCs (Non-Banking Financial Institutions). Banks/Financial Institutions have been building a robust cyber mechanism to detect and thwart cyber attacks. However, with all these checks and balances, they still can only minimize and not avoid financial losses. As no defense mechanism is full proof, it becomes necessary to transfer the risk through Cyber Liability Insurance or commonly known as Cyber Insurance Policy.
Financial technology or fintech is relatively a new industry in India, and the term was initially applied to the technology employed at the back-end systems of established financial institutions. It has however since then grown exponentially and shifted to more consumer-oriented services. Fintech now includes different sectors and industries such as education, retail banking, fundraising and nonprofit, investment management and especially Non-Banking Financial Companies (NBFCs).
Since financial technology companies (Fintech Companies) provides financial services to other companies on digital platforms with the help of various cutting edge technologies and software support, there is a lot of sensitive data stored digitally.
Considering the direct involvement of general public transacting with Banks/NBFCs, it is their responsibility to prevent loss of personally identifying information (PII), transactional information of its customers, and company’s private sensitive data. It is essential to have an efficient and effective response in case of such losses.
General Insurance policies, in their traditional form, tend to cover only “tangible” assets. While growing exposure has shown how electronic data does not always fall under the definition of tangible assets, leaving a lot of companies valuable information unprotected and unguarded. It is here that cyber insurance comes in to fill the gap.
A Cyber Insurance Policy, also referred to as Cyber Risk Insurance or Cyber Liability Insurance Coverage (CLIC) helps an organization/company to mitigate the risk of loss should a significant security breach occur. The objective of cyber insurance, as any other form of insurance, is to minimize the risk and simultaneously provide some redressal to the aggrieved party.
Cyber Insurance in India usually offers comprehensive cover related to third party claims, such as liability for losses caused due to errors and omissions, failure to safeguard data or defamation; as well as first-party expenses in case of data destruction, extortion, theft, hacking and denial of service attacks.
First-party coverage protects the insured company in any kind of loss whether caused by it or someone else. Following events/occurrences can be said to fall under first-party coverage of cyber policy:
Third-party coverage provides protection to the bank against the claims of the third party in the following instances:
Apart from these, the insurance policy also covers:
While considering a Cyber Insurance Policy, the company should keep in mind the scope of the specific policy being offered by the insurance company and what all will be covered under it. However, there are certain standard major exclusions in every policy such as:
The insurance companies providing cyber insurance decide on the premium after doing a risk assessment of the company/organization willing to buy such a policy. This assessment can also be used by the company itself to evaluate the need for Cyber Insurance. A few such factors considered during the said assessment are:
Cyber risks change frequently, and organizations tend to underplay the full impact of a breach to avoid negative publicity and erosion of consumers’ trust in the company. In this light, the cyber insurance market is still evolving. However, any organization that stores and maintains customer information or collects online payment information, or is cloud dependant, should consider adding cyber insurance to its budget. It is essential to consider the edge of cyber insurance cover over general liability insurance covers which usually don’t cover ‘data’ under the material, bodily or property damage or theft. Cyber insurance can fill many of the gaps in traditional insurance, as well as provide substantial first and third-party covers relating to the cyber breach.
Also Read: Steps Taken by RBI to Develop Fintech