IRDA

Cyber Liability Insurance: IRDAI New Reform

The article is showcasing about the IRDAI new reform over Cyber Liability Insurance. The cyber liability insurance is a new kind of insurance, which has been in demand since, the growing space of cyber activities. We see everything or the world is rotating in the internet. The internet or cyber activities comprises of the world- activities from social media, selling or buying online, entertainment, web searching or publication, reading or virtual classes, we name it and it has begun in the cyber space. The drawback is that, the regime and its legislation and insurance coverage was never complied. The compliance and strength to the legislation has come in the given time. The Information Technology Act, 2000 has been in the command ever since and now, the introduction of cyber liability insurance. The Cyber security consulting services has been discussed in this article.

Order of IRDAI-Reference Number-IRDAI/NL/ORD/MISC/260/10/2020

The Order states that in the days of Pandemic of Covid-19, there were rising cases of the cyber attacks and high profile data breaches.  It was considered that the cyber security has become the important need for all the sectors of the society, in order to address the numerous risk posed by the cyber attacks.

The notification clarifies over the increased online exposure of business , offices, organisations, other forms of enterprises, establishments, faces the associated risk, as they become more globally attached, and complex insurance products need to adapt to the changing environment.

It has been surveyed and realised that General Liability Insurance is not prone or give coverage to cyber attacks or cyber liabilities. It has been discovered that cyber liability insurance coverage if available, it is on high customisation to clients.

Cyber liability insurance has a growing market. It requires the basic standard product structure, to provide insurance cover for individuals, and establishments to manage their cyber attacks.

Working Group Established: under Cyber Liability Insurance

The working group has been formed for the purposes to evaluate the following, in order to launch insurance products for cyber liability insurance:

1. To evaluate critical issues involving legal aspects of transactions in cyber space.
2. To examine various types of incidents involving cyber security in the recent past and possible insurance coverage strategies for them
3. To examine the cyber liability insurance covers available in Indian Market and in other developed jurisdiction.
4. To recommend the scope of the cyber liability insurance covers for the present text and for the medium term.
5. To explore possibility of developing standard coverage, exclusions, and optional extensions for various categories.
6. Any other relevant matter.

Understanding Cyber Liability Insurance

The cyber liability insurance is the new custom made insurance and the advance weapon to fight the war against the data security issues. The insurance is a comprehensive cover for third party liability and first party expenses a bank may incur arising out of unauthorised access or use of electronic data or software. The cyber gives coverage for the liabilities, cost, and expenses arising from network outages, the spreading of a virus or malicious code, computer theft or extortion.

Benefits

There are multitudes of benefits arising from the cyber liability insurance. The insurance is designed in such a way that addresses many variables within the online realm, it includes:

1. Data Protection Laws- the liability of the bank arising from the data protection laws.
2. Management of Personal Data- the insurance shall cover the protection of personal data and coverage against the consequences of loosing personal identifying information
3. Repair- of Banks’ reputation
4. Cyber cost- over cyber extortion and network interruption.

Scope of the Policy for cyber liability insurance

The policy is the comprehensive cover for the first party costs, and third party liability risk, arising from cyber event. Here the policy provides the protection to the bank in the following ways:

1. Virus Attack-the policy shall provide the protection from malware, virus attack, introduction of malicious code, or unauthorized access leading to the data breach
2. Act of vandalism- cost of rebuilding is included
3. Cyber Attack- it includes the fraudulent transactions arising due to security breach
4. Threat- including payment of ransom money due to cyber extortion
5. Unauthorized data access- loss arising from unauthorized data alteration or stealing of data.

What is first party and third party coverage?

The first party cover means that, which provides protection in the event of loss whether caused by it or someone else, which is financial assistance, in order to reduce the impact of data breaches, and cyber attacks. It may include:

1. Credit monitoring services to the customer
2. Cost of notifying customers that the information has been compromised
3. Cyber extortion when the extortionist holds data hostage, or threatens an attack, in case money is not paid to him
4. Business interruption loss- loss of profit due to unavailability of services arising out of unauthorized access
5. A natural disaster that destroys your computer
6. A hacker launches denial of services, attacks against you.

Third Party Liability Coverage- Cyber Liability Insurance

The third party coverage under the cyber liability insurance is provides a protection against the third party. Where there is a cyber attack or data breach and it covers the people or business responsible for it. This includes:

1. Infringement of Intellectual property Rights
2.  System security failure that results in harm to third- party systems.
3. System security failure that results in the system being unavailable to the customers.
4. Defence cost that arises due to the defending any claim brought by third party
5. Settlement, damages, and judgments related to breach
6. Regulatory fines, penalties, including payment card industry fines.

What is excluded from Cyber Liability Insurances?

There are various exclusions from the cyber liability insurance coverage, which includes:

1. Prior Claims or circumstantial claims
2. Bodily Injury or Property Damage
3. Criminal, Dishonest and fraudulent acts
4. Gradual deterioration or electric disturbances
5. Unlawful or unauthorized collection of data
6. Infrastructural failure
7. Licensing fees

IRDAI Guidelines

The following contains the guidelines issued by the IRDAI^[1] for the cyber liability insurance:

1. Third party intervention- the insurance was applicable to all the insurers, in case there is any third party with whom the personal data of the customers is being shared; it is the responsibility of the insurers to ensure the adequate protection.
2. Appointment of the Chief Information Commissioner-he is responsible for the data security policies and responsible for the formation of information security committee.
3. GAP Analysis Report– here the report was submitted to the committee for the application and analysis of the existing software’s. It tells about our existing cyber- security safety.
4. Cyber Crisis Management Plan– where the insurers have been instructed to take necessary steps to identify and resolve data security issues, and network infrastructure to protect from external/internal threats.

Conclusion

It can be concluded that the working group established by the IRDAI, and the issues raised have been guided in the new Cyber Liability Insurance. The aim is to protect and prevent data theft in this digital age.

Read our article:IRDAI Amends Norms Related to Insurance Surveyors and Loss Assessors: Analysis