Cyber insurance take-up rises by 50% in India
The number of India-based companies that adopted cyber insurance in 2017 increased by 50% on the previous year, according to Marsh India.
The broker reports that 250 companies bought cyber liability cover in 2017 for a total of 2bn rupees ($31.4m) and it is forecasting that this figure will double during the next two years.
While the cyber liability insurance market is far more established in the US and, to a lesser extent, in Europe, it is only three years old in India. But with the increasing digitalisation taking place in India, typified by the demonetisation of banknotes in 2016, the demand for cyber insurance has increased dramatically and become a key issue in India’s boardrooms, said Marsh India.
“Cyber insurance is going through a similar phase of active dialogue, which we saw for directors and officers liability insurance in India 15 years ago,” said Sanjay Kedia, country head, Marsh India, speaking to India’s Economic Times.
“One major difference though is that the cyber risk incident is on the rise at a much faster pace, and the nature of risk is far more dynamic and possibly explosive in many situations.”
India has also suffered a number of serious cyberattacks in the past 12 months. In April 2017, the Union Bank of India, a public sector lender, had $171m stolen by hackers, although the money was later recovered.
And in June, one of the terminals at India’s largest port Jawaharlal Nehru Port was disrupted by a global ransomware attack named Petya.
Cybersecurity firm Symantec reported that India was the worst affected Asian country from the global cyberattack. And in May, another cybersecurity firm, Kaspersky Lab, reported that India was the third most affected country globally from the Wannacry ransomware virus, with more than 40,000 affected computers.
India’s regulatory authorities are also taking more of an interest in cyber liability among its corporates. The country’s insurance watchdog, the Insurance and Regulatory Development Authority of India, introduced a new information and cybersecurity framework for companies, which included mandating the appointment of a chief information security officer, the creation of a cyber crisis management plan and a cybersecurity audit, among other measures.