The guidance documents lists four categories of losses or costs that should be normally covered by a cyber insurance policy
NEW DELHI :
There is an element of risk involved in every online activity. But the way individuals use online services, be it storing credit card details on a retailer’s website, sharing sensitive personal data over unprotected wireless network, or using unencrypted websites, exposes them to risks.
Insurance Regulatory and Development Authority of India (Irdai) has issued a guidance document on product structure for cyber insurance keeping this in perspective. Cyber insurance policies are designed to protect policyholders from cybercrime.
According to the circular issued by Irdai, "India has been at the forefront of digital adoption, driven by government impetus, infrastructural investments in communication, our need for remote connectivity and a vibrant technology-driven industry. The country's digital scale, spread, penetration and demographics are unique in many ways and aids to country development. For example, India’s smartphone base is estimated to reach 820 million in the next two years, which can unlock 80% improvement in efficiency and eight times reduction in processing time for e-governance services. Initiatives such as Digital India, the India stack, UID, RBI regulated UPI, etc. have helped permeate digitization in several aspects of our life, businesses, finances and work. Along with industry-driven platforms for e-commerce, travel, health, banking, education, social media, etc., these digital solutions have become inseparable to our day-to-day life."
Looking at where we stand, it is hard to imagine that we are still in early stages of digital evolution and the immense potential a country such as ours has to turn around its socioeconomic fortune and global status by leveraging digital data, said the Irdai circular.
Emergence of cyber risk for individuals
When an individual’s bank details are compromised or stolen, it can be the start of a series of losses such as unlawful withdrawal of funds, identity theft, and such other losses. Fraudsters may use personal information to open bank accounts or take out loans in the victim’s name. This will involve payment default notices and a damaged credit record, all of which may only come to light several months after the fraud was perpetrated.
Further, in case of identity theft, there might be emotional and psychological setbacks due to cyberbullying and stalking. This is how our digital lives can start to impact on our overall well-being.
While everyone is focused on health and economic threats of covid-19, cyber criminals around the world are taking it as an opportunity, and capitalizing on the crisis.
Cyber risks have accelerated by as much as 500% since the first lockdown was imposed in India in March 2020. There is an increase in coronavirus-themed spam, likely resulting in more infected personal computers and phones, according to the Irdai circular.
As per the national cybersecurity agency The Computer Emergency Response Team of India (CERT-In), there has been an increase in the number of cyberattacks on personal computer networks and routers since professionals were asked to work from home in the wake of the covid-19 outbreak in the country.
Thus, for some of the cyber risks discussed, one risk transfer instrument available to individuals is cyber insurance.
Cyber insurance policy coverage
According to the Irdai circular, losses and costs that will be normally covered under a cyber insurance policy can be split into four categories:
# First party losses: These are direct financial loss, data loss, business interruption loss and mitigation losses.
# Regulatory action costs: Cost of regulatory action and investigation, civil fines and penalties, and defence costs.
# Crisis management costs: Forensic expert costs, including security consultation, reputation damage costs, legal costs for matters including notification, coordination with service providers, and strategy, credit and identity theft monitoring costs, cyber extortion/ ransomware cover, operation of a 24x7 hotline, cyber stalking, counselling, information removal and pursuing action.
# Liability claim costs: Legal liability/damages directly arising from privacy or data/ security breach, defamation, intellectual property rights (IPR) infringement and defence costs.
Further, to remain safe from cyber risk, one must follow these dos and don'ts:
# Install an anti-virus and firewall on devices
# Use a virtual private network
# Keep software and operating system updated
# Keep hard-to-guess passwords or passphrases, password should have a minimum of 10 characters using uppercase letters, lowercase letters, numbers and special characters
# Keep different passwords for different accounts. If one password gets hacked, your other accounts are not compromised
#Use privacy settings on social media sites to restrict access to your personal information
# Pay attention to phishing traps in email and watch for tell-tale signs of a scam
# Destroy information properly when it is no longer needed
# Be aware of your surroundings when printing, copying, faxing or discussing sensitive information.
# Lock your computer and mobile phone when not in use. This protects data from unauthorized access and use
# Remember that wireless is inherently insecure. Avoid using public Wi-Fi hotspots
# Report all suspicious activity and cyber incidents
# Check if the website being visited is trusted
# Be extra careful during festival season
# Always delete mail/ SMS from unknown sources
# Use Multifactor Authentication (MFA) for email and online portal accounts, as per the PFRDA circular.
# Don't leave or share your sensitive information lying around or share to some one
# Don't share or post any private or sensitive information, such as credit card numbers, passwords or other private information, to some one, on public sites, including social media sites
# Don't click on links from an unknown or untrusted source
# Don't respond to fake phone calls or emails requesting for confidential data
# Don't install unauthorized programs on your computer
# Don't leave devices unattended. Keep all mobile devices, such as laptops and cell phones physically secured
# Don't share personal information with persons unless authenticity and required authority is confirmed, according to the Irdai circular.
Subscribe to Mint Newsletters
* Enter a valid email
* Thank you for subscribing to our newsletter.
Never miss a story! Stay connected and informed with Mint.
our App Now!!