IRDA

IRDAI issues Guidance Document on Cyber Risk Insurance

The Insurance regulatory body- Insurance Regulatory and Development Authority of India recently issued a guidance document on Cyber insurance. The cyber risk insurance policies are essential for protecting policyholders from cybercrime. In this article, we shall discuss the major points of the document issued by the IRDAI.

What is Cyber Insurance?

Cyber insurance helps in reducing the financial risks associated with doing business online. This type of insurance generally covers businesses liability for data breach involving sensitive customer information such as credit card numbers, account numbers etc.

What is the need for Cyber Risk Insurance?

As we know that there is an imminent risk in online activities. The way individuals use online services like storing credit card details on the website of a retailer, sharing sensitive data over unprotected networks or usage of unencrypted websites exposes them to risk. 

According to the document issued by the IRDAI, India has led from the front when it comes to digital adoption mainly because of government impetus, infrastructural investments in communication and a vibrant technology driven industry. The nations’ digital scale, spread, penetration and demographics are unique, which aids to the development of the country.

Growing concern of cyber risk for individuals

When a persons’ bank details are stolen or compromised with then, it can lead to a series of losses like unlawful withdrawal of funds, theft of identity and such other losses. The fraudsters can use the information privy to persons to open bank accounts or get loans in the name of the victim. This can cause damaged credit records and payment default notices which may manifest only after the fraud was perpetrated. In case of identity theft, there can be emotional and psychological issues because of stalking etc. Digital lives can impact the overall well being of a person. Therefore there is a need for cyber insurance.

Impact of Covid-19 on cyber risks

While the focus in these times is upon the health and economic threats due to covid-19, what we are unaware of is the fact that cyber criminals have taken it as an opportunity to capitalize on this crisis situation. 

You may be surprised to know that cyber risks have accelerated by 500% since the time when first lockdown was imposed in India. As per the circular of IRDAI, there has been an increase in the coronavirus themed spam, resulting in more infected personal computers and mobile phones.

According to the national cybersecurity agency- The Computer Emergency Response Team of India, an increase in the number of cyber attacks have been reported on personal computer networks and routers since the time professionals have been asked to work from home due to the covid-19 crisis in the entire nation.

Therefore, the solution for some of the cyber risks mentioned above is getting a cyber insurance where risk can be transferred from the person to the insurer.

Policy coverage of the Cyber Risk Insurance

As per the circular released by the IRDAI^[1], losses and costs that can be covered normally under a cyber insurance policy can be split into the following categories:

• First Party losses– This refer to direct financial losses, data loss, business interruption loss and mitigation losses;
• Regulatory action costs– It includes the cost of the regulatory action and investigation, civil fines and penalties and defence costs;
• Crisis Management Costs– It includes forensic expert costs, reputation damage costs, legal costs for matters such as notification, co-ordination with service providers and strategy, cyber extortion/ransomware cover, credit and identity theft monitoring costs, cyber stalking, information removal and pursuing action.
• Liability claim costs– It includes legal liability/damages arising directly from privacy or data security breach, defamation, IPR infringement and defence costs.

Guidance document on Cyber Risk Insurance: Dos and Don’ts to stay safe from cyber risks

You are advised to follow certain dos and don’ts to stay safe from cyber risks:

DOs-

• Install anti-virus and firewall on devices;
• Use VPN or Virtual Private Network;
• Keep your software and operating system updated;
• Keep strong passwords;
• Keep different passwords for different accounts;
• Use privacy settings, especially on social media sites to restrict access to personal information;
• Be cautious of phishing traps in mail and watch out for any signs of scam;
• Dispose of information properly when it is not required anymore;
• Be aware of your surroundings when copying, faxing, printing sensitive information;
• When not in use, lock your computer or mobile phone as it will protect data from any unauthorized use and access;
• Note that wireless is insecure hence avoid using public Wi-Fi hotspots;
• Report suspicious activity and cyber incidents;
• Ensure the website you visit is safe;
• Be more careful during festive season;
• Delete mail or SMS from unknown sources;
• Use Multifactor authentication for mail and online portal accounts.

DON’Ts–

• Don’t share or leave personal sensitive information lying around;
• Don’t share or post any private sensitive information like credit card numbers, passwords and such other information to public website, including social media sites;
• Don’t click on unverified links from unknown sources;
• Don’t respond to spam phone calls requesting for confidential information;
• Don’t install any unauthorized programs;
• Don’t leave devices unattended; keep such devices safe;
• Don’t share personal sensitive information with persons unless their authenticity is verified.

Conclusion

The above Dos and Don’ts should be strictly followed in order to ensure protection from cyber risks. Another method is to get cyber insurance as more number of people begin to live digitally. Cyber risks have accelerated, and therefore importance of cyber security should be emphasized.

Read our article:A Detailed Review of the IRDA Act 1999