IRDAI: Cyber insurance to be integrated with home policies

A leading regulatory body in India has put forward plans to ‘popularise’ cybersecurity insurance in the wake of COVID-19

The Insurance Regulatory and Development Authority of India (IRDAI) held its annual panel last week and concluded that clarity and availability of cyber insurance must be made more widely available to companies and householders across the sub-continent, reports suggest.

India saw a marked rise in cybercrime incidents in 2020, following the work-from-home directive that saw millions of employees connecting remotely to company networks. In the first quarter of 2020 alone, there was a 37% increase in large-scale security breaches, according to local press reports.

New products

The panel pinpointed several areas in need of reform, which will increase the availability and appeal of cyber insurance coverage. They noted there should be;

· A common reference framework to bring clarity to coverage

· More cyber products to ‘popularise’ the coverage

· The flexibility of cyber cover to suit customer requirements

· A minimum cover added to general insurance policies (home cover)

· Products that offer solutions rather than just loss mitigation

Insurance companies first introduced cyber cover in India in 2017. But according to data, very few insurers have filed the policy with regulators. This looks set to change following the spate of severe security breaches among global giants (Microsoft SolarWinds) and the increased digitisation of companies worldwide. 

The panel pointed out that shifts have occurred in e-commerce, education and banking and that insurers must offer better solutions rather than just loss mitigation products. 

Better coverage

The IRDAI report also highlights that despite the growing losses incurred by cybercrime, only a small percentage of companies and homeowners are insured against it, and also assume their traditional cover will mitigate loss. “Even those industries which realise the scale and extent of their exposures, like the financial institutions, perceive cyber insurance coverage as too narrow or ambiguous to assure them of adequate recovery in the event of a loss,” it states.

IRDAI's findings are echoed by the recent UK report that shows businesses internationally are not adequately covered against cyberattacks. The problem, it seems, is endemic. 

It states, “The uptake of cyber insurance, particularly by small to medium enterprises (SMEs), remains low. Existing research suggests that some of the overarching factors explaining this are: the high cost of policies and the difficulties insurers face in pricing premiums; confusion over what types of incidents insurance policies cover (and the issue of ‘silent cyber’); and a lack of understanding of risks stemming from cyber incidents.”

However, the IRDAI panel noted that challenges exist in the cyber insurance cover sphere, most notably because of the shifting sands of cybercrime incidents and technological development. 

It stated that insurance companies themselves have been reticent to adopt such products due to small coverage limits and high deductibles. It added that lack of enthusiasm by insurers to design cyber insurance plans is down to the unpredictable nature of cyber breaches, limited data and the swiftly changing technology space it occupies.