The globally orchestrated cyberattacks forced many non-information technology (IT) and -banking companies to shell out on cyber insurance worth Rs 640 crore ($100 million), Business standard reported.
"Indian firms are buying cyber insurance from Rs 64 crore ($1 million) to Rs 6,400 crore ($1,000 million). The early adopters and those with cyber insurances are increasing their cover," Sanjay Kedia, country head and chief executive officer, Marsh India, told BS. He added that companies with exposure to the European General Data Protection Regulation were proactive in expanding their cover as they could be fined as much as four percent of their global annual turnover for failing to comply with insurance rules.
Earlier the trend was different with only IT and banking companies would purchase cyber insurance, as their business in developed countries required them to comply with data protection regulations.
Now wind moving in all direction forcing companies from manufacturing, pharmaceutical, automobile and ancillary activity, oil and energy, as well as utility companies to purchase customised cyber and commercial crime policies that cover a range of risks.
This is now a necessity, claim experts, as India is one of the top destinations for digital services, with the government pushing digitisation and an increasing smartphone and Internet penetration. At the same time, India is also one of the top targets of cybercrimes — it was the third-worst hit country by WannaCry, BS reported.
"With a surge in reports of organisations being duped by fraudsters online, such as the Bangladesh Bank heist last year, there has been 25 percent increase in requests for crime insurance policies over the past few years," BS quoted Sanjay Datta, chief underwriter—claims and reinsurance, ICICI Lombard.
The business daily also quoted an EY report published earlier this year saying that it had noted 55 percent of Indian enterprises do not have a threat-assessment programme. The study also found 68 percent of companies would not increase their security spending even if a direct supplier was attacked, and despite knowing suppliers have access to its systems.
"The cost of insurance goes up when insurance companies see a weak security system. Companies also do not have a model to measure their losses effectively and hence they don't see the need to invest (in insurance). Yet, the cost of insurance cover goes down only when the volume of policies increases," said Sivarama Krishnan, partner and leader for cybersecurity, PwC India.
He also noted that unlike health and vehicle insurance, there was no regulatory requirement for cyber insurance. At present, in India, insurance companies provide policies covering common cyber risks such as legal liabilities for data breach, loss of customer information, loss of revenue, ransom and certain kinds of incidental expenses related to cyberattacks, said Venkat Nippani, partner, Grant Thornton India LLP.