The pandemic further added to it and acted as a catalyst in the digital shift making the whole world go completely online. From money transactions, data sharing, to online classes everything is virtual and life cannot be imagined without the internet. With so much dependence on the internet, there is an increased risk of cyber-attacks and fraud.
Cyber Insurance is a contract between the insurer and a company to protect against any losses due to a network-based event. It is designed to protect businesses from the effects of cyber-attacks. It mitigates the risk exposure by covering costs after a cyber-attack or security breach has happened. In other words, cyber Insurance covers the expenses and legal costs associated with cyber breaches which may involve hacking of systems, data theft, and loss of important information in an organization.
Cyber insurance covers first-party and third-party liabilities arising directly from a cyber security breach. It covers expenses arising due to data breaches, cyber-attacks, human error, business disruption, and electronic media claims. The expenses covered include emergency response costs, event management costs, notification costs, business loss, and recovery costs.
Insurance providers offer customized plans based on industry-specific requirements and also company-specific requirements. Plans are offered according to the buyer’s needs. Following are the major types of coverages available under cyber insurance in India,
1. First Party Expenses:
Cyber insurance covers first-party expenses that include direct financial loss, business interruption costs, cover for mitigation costs, recovery costs, credit monitoring, system damage, and any additional costs.
2. Regulatory Investigation Cover:
It covers the costs of regulatory investigations, lawyer’s fees, admin costs, GDPR Expenses.
3. Crisis Management Expenses:
These expenses include the cost of forensic IT audit, stakeholder notification costs, security consultation, reputation damage cover, coordination with service providers, credit and identity theft monitoring Cover, Cyber extortion/ Ransomware Cover, Cyber Stalking, and Counselling.
4. Privacy and Data Liability Claims:
It covers the third-party legal liability of a company for damages directly arising from an error on the company’s side, or privacy or data or security breach which may result in defamation, Intellectual Property rights (IPR) infringement, and lawsuit.
RBI has issued directions to determine the liability of a customer in cases of cybercrime.
1. Zero Liability:
A customer has zero liability in the following two types of cases:
● Fraud, negligence, deficiency on the bank’s part, whether the transaction is reported or not.
● Third-Party breach: In a third-party breach, deficiency lies neither with the bank nor with the customer. It lies somewhere else. The customer notifies the bank about the unauthorized transaction.
2. Limited Liability:
● In a limited liability, the customer’s negligence causes the loss. For instance, sharing payment credentials. The customer bears the loss till the unauthorized transaction is reported to the bank. After the loss is reported, it is the bank’s responsibility.
● When the liability of loss is with some other party and not with the bank or customer. If there is a delay in notifying the bank, of such a transaction, the transaction liability of the customer is limited to transaction value.