The Evolution of Cyber Insurance

Aditi Pangotra
Aditi Pangotra
Research Analyst, Policy & Advocacy, CyberPeace
PUBLISHED ON
Oct 2, 2024
10

Introduction

India’s digital growth journey has been moving at a tremendous pace. According to MeitY’s report, India’s digital economy is expected to rise to US$ 500 billion by 2025, up from US$ 200 billion in 2019. The digitisation drive that we are experiencing is likely to foster and boost a favourable business environment that will attract rapid investment and augment economic growth across sectors. This will, in turn, compel businesses to adopt digital platforms as solutions to meet customer expectations. Due to accelerated digitisation, cyber risks often deter business growth. Cybercrimes are becoming more rampant and complex and the costs associated with such breaches are not only increasing but also becoming more systemic.

Development of the Cyber Insurance Landscape

Digitization of businesses started in the 1980s with the use of mainframes. Personal computers entered the game and further modified the landscape from the 2000s along with LANs, the internet and the dot-com boom of the 2000s. In the late 1990s, cyber-insurance was developed as a risk management tool to ensure information security. Coverage was limited, and clients included SMEs in need of insurance to qualify for tenders, or community banks too small to hedge the risks of their online banking operations. The first cyber insurance policy was written in 1997 through AIG, against hacking as a third-party liability policy. 

The current trends in the cyber insurance space are focused on the prevention of cyber risks, which by nature are hard to outline and constantly evolving. The result is that the buyers have limited clarity on the types of cyber risks covered under cyber insurance, and even lesser visibility on the scope and amount of optimum coverage. Unfamiliarity with the claim procedure and resolutions, ambiguous claim thresholds during settlements, and confusion around exclusions and coverage of regulatory fines and penalties under a purchased scheme further discourage potential buyers from seriously investing in cyber insurance products. 

Key Factors in Cyber Insurance Evolution and Its Role in Risk Management

The cyber insurance market in India has three key influencing factors, namely the speed of achieving digital maturity, government initiatives to digitise and enforce stringent cyber laws, and the evolving landscape with technology giants and MNCs entering the cyber insurance domain. The latter  are the catalyst for intensifying competition in this market. 

Advancements in technology in terms of AI, machine learning, big data, robotics, blockchain, augmented and virtual reality, and IoT are expected to reshape the insurance industry and help reach untapped audiences in a more digital-forward manner. With the absence of a standard cyber insurance policy, regulators need to take the following variables into consideration while developing cyber insurance policies: the risk insured against, the scope of the loss covered and the limits/ sub-limits.

Challenges 

With the complexity of cyber risks increasing exponentially the challenges to counter the same are growing too which is leading to gaps in the coverage offered for cyber threats. Resultantly, the compliance regulations are dependent on the risks which exist and cyber threat actors adopt new technologies faster and exploit them to their benefit. A lack of historical data and predictability in future cyber risks, the possibility of large overwhelming loss events, uncertainties among market participants about what is specifically covered under such policies, and legal battles over fundamental issues are some of the challenges identified.

Future Outlook/ Recommendations

India's cyber infrastructure requires a multi-faceted approach that involves collaboration between government, industry, and academia should be developed. Some recommendations are:

  • Risk assessments should be a general practice and the cyber insurance policies should be simplified, clearing the mismatch between the premium paid and insurance coverage and there should be standard verbosity across cyber policy language.
  • Promoting R&D tailored to India focused on education programs that have public-private partnerships and global collaborations to share threat intelligence, best practices, and expertise in critical infrastructure protection.
  • Cyber insurance can also be promoted as compliance with the DPDP Act, which would lead to better development of cyber infrastructure and cyber hygiene practices.
  • Regular updates to cyber insurance policies to ensure relevance and effectiveness. Insurers could create and offer holistic cyber insurance risk management plans.

Conclusion

According to a report by Deloitte in 2023, the cyber insurance market in India is expected to grow by 27-30 per cent in the coming years and it is currently valued at USD 50-60 million, while maintaining a steady 27-30 per cent CAGR in the past three years. The Indian cyber infrastructure’s nature is challenging, however, it offers opportunities for growth, innovation, and collaboration. A proactive approach, supported by robust policies, advanced technologies, and skilled professionals, will be essential to building a resilient cyber infrastructure capable of withstanding evolving threats.

Reference

PUBLISHED ON
Oct 2, 2024
Category
TAGS
No items found.

Related Blogs