Do You have a Safety Net Against Cy­ber Threats?

The In­dian in­sur­ance mar­ket is see­ing a sig­nif­i­cant in­crease in de­mand for cy­ber in­sur­ance cov­ers

Voice&Data - - COVER STORY - Sushant Sarin

In 2014, a hacker group which iden­ti­fied it­self as the “Guardians of Peace” leaked a re­lease of con­fi­den­tial data from the film stu­dio of a re­puted en­ter­tain­ment com­pany. The data in­cluded per­sonal in­for­ma­tion about the com­pany’s em­ploy­ees and their fam­i­lies, e-mails ex­changed be­tween em­ploy­ees, in­for­ma­tion about ex­ec­u­tive salaries at the com­pany, copies of then-un­re­leased films, and other in­for­ma­tion.

To­day, cy­ber threat is ubiq­ui­tous. A quick look at news­pa­per head­lines re­veals that com­pa­nies as big as global in­vest­ment banks to smaller health in­sur­ance providers have all been hit by a cy­ber-at­tack, within the last three years. So, it is no longer a mat­ter of if but when an or­ga­ni­za­tion is at­tacked – and how it de­fends it­self.

Data pri­vacy and there­fore data se­cu­rity are the top con­cerns of com­pa­nies glob­ally. With In­dia be­ing ranked as one of the top three tar­gets of cy­ber hack­ers, CEOs in In­dia too are search­ing for so­lu­tions to man­age this risk. The pur­chase of in­sur­ance de­signed to deal with the li­a­bil­ity ex­po­sures aris­ing from th­ese risks is an im­por­tant way that com­pa­nies around the world mit­i­gate th­ese ex­po­sures.

A re­cent ASSOCHAM-Mahin­dra SSG joint study re­vealed that Cy­ber at­tacks in In­dia are grow­ing at an as­ton­ish­ing rate of 107% with about 12,456 cases reg­is­tered ev­ery month. The cy­ber at­tacks are more so­phis­ti­cated than what has been ob­served in the past few years.

As re­cent Cy­ber at­tacks show; data (e.g. cus­tomer in­for­ma­tion, con­fi­den­tial trade se­crets etc.) is more valu­able than money or se­cu­ri­ties.

Cy­ber Li­a­bil­ity in In­dia

Ac­cord­ing to the lat­est KPMG Cy­ber­crime sur­vey re­port; nearly 72% of In­dian com­pa­nies faced one or the other type of cy­ber­at­tack in 2015. More than 250 re­spon­dents from the likes of CIOs, CISOs, CAEs, CROs, COOs and re­lated pro­fes­sion­als from across In­dia par­tic­i­pated in the sur­vey.

The re­port also states that 94% re­spon­dents in­di­cated that cy­ber re­lated li­a­bil­i­ties is a ma­jor threat faced by or­ga­ni­za­tions, 41% in­di­cated that it forms part of the board agenda.

Another im­por­tant rev­e­la­tion was that 54% of the re­spon­dents in­di­cated that spend on cy­ber de­fenses is less than 5% of IT spend with only 2% or­ga­ni­za­tions spend­ing more than 20% of their IT bud­get on in­for­ma­tion se­cu­rity and cy­ber de­fenses. The need for in­sur­ance as a plan B is even more pro­nounced.

Le­gal Pro­vi­sions

The In­for­ma­tion Tech­nol­ogy Act 2000 [Amended in 2008] has sev­eral pro­vi­sions [e.g. S 43 A – Com­pen­sa­tion for fail­ure to pro­tect data (In­serted vide ITAA 2006)] which make a cor­po­rate re­spon­si­ble for data breaches; in both cases – i.e., when hold­ing the in­for­ma­tion di­rectly on be­half of cus­tomers or in case when act­ing as an in­ter­me­di­ary.

The Risks

The ex­po­sure aris­ing out of a cy­ber breach is broad, en­com­pass­ing per­sonal/ sen­si­tive in­for­ma­tion be­ing re­vealed in pub­lic, breach of pri­vacy, hack­ing at­tacks on com­pany/ in­di­vid­ual sys­tems to shut down/dam­age the pro­cesses, in­tel­lec­tual prop­erty be­ing stolen, gov­ern­ment sys­tems be­ing hacked to com­pro­mise na­tional se­cu­rity etc.

The sources of cy­ber at­tacks could be var­i­ous such as pro­fes­sional hack­ers, dis­sat­is­fied em­ploy­ees, cy­ber ter­ror­ists.

Cy­ber In­sur­ance

Cy­ber in­sur­ance helps clients mit­i­gate their cy­ber risk. A cy­ber in­sur­ance cover not only acts as an in­sur­ance against any li­a­bil­ity aris­ing out of a data breach, but also helps in mit­i­ga­tion of such risk since the cover of­fers value added ser­vices such as a risk as­sess­ment call with foren­sic ex­perts, an an­a­lyt­ics re­port and/ or a shun­ning de­vice to block un­wanted IPs.

Cy­ber In­sur­ance is of sig­nif­i­cance to large cor­po­rates as well as start-ups, es­pe­cially the e-com­merce play­ers in the coun­try, whose rev­enue and rep­u­ta­tion is solely de­pen­dent on their on­line pres­ence, which needs to be closely pro­tected.

Con­clu­sion

Cy­ber risk will be one of the most im­por­tant threats in the com­ing years. The In­dian in­sur­ance mar­ket is see­ing a sig­nif­i­cant in­crease in de­mand for cy­ber in­sur­ance cov­ers as one of the most ef­fec­tive tools to mit­i­gate the cy­ber risk with ben­e­fits far out­weigh­ing costs.

Cy­ber risks have in­creased dra­mat­i­cally over the last decade. The many re­cent high-pro­file data breaches and com­pany sur­veys show that a ma­jor­ity of com­pa­nies are not up to date when it comes to pro­tect­ing com­pany as­sets from the cur­rent risk land­scape. There­fore, com­pa­nies must im­prove their cy­ber­se­cu­rity strate­gies to adapt to the new ways of ac­cess­ing and stor­ing in­for­ma­tion in or­der to keep pace with more so­phis­ti­cated at­tack­ers. (The au­thor Sushant Sarin is Se­nior Vice Pres­i­dent – Com­mer­cial Lines, with TATA AIG Gen­eral In­sur­ance Com­pany Lim­ited) vndedit@cy­ber­me­dia.co.in

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.