The current era of digitization: With increased internet connectivity, online services, and industry-wide digitization, the digital age has taken off. Yet, cyber threats have grown at an even faster pace as Indian businesses, along with others all around the world, speed up their momentum on the journey forward to become the next-level organization.
A report by the Data Security Council of India (DSCI) (Deloitte United States) (Mitigata Insurance) noted that more than half of Indian companies suffered at least one cyber incident during 2021-2022, with 78% of them suffering heavy financial losses.
Cyber incidents nearer the danger; this figure reminds us that cyber incidents are everyday business events rather than potential threats.
Consider the case of SpiceJet, whose operations were recently hit by a ransomware attack in 2022. Flight cancellations and stranded passengers were reported. The firm lost hundreds of millions of dollars in revenue and reputation damage due to the cyber-attack. However, businesses that have invested in cyber insurance are always the best place to deal with such mishaps, recovering fast and being financially well covered.
What is Cyber Insurance?
Cybersecurity insurance is a policy to help organizations recover from financial loss caused by cyber activities such as data breaches, malware, or ransomware. Typically, this coverage includes financial rewards for revenue loss, business interruption, and liabilities to third parties.
The Indian market for cyber insurance has grown significantly in the past couple of years, corresponding to the increase in cases involving cyber threats and attacks on businesses. Deloitte’s report on the cyber insurance sector in 2023 estimates that this market is valued at around USD 50-60 million (Deloitte United States).
What sets India apart is that many high-impact industries, such as information technology, pharmaceuticals, and manufacturing, were among the first to adopt cyber insurance because their activities are data-centric and critical.
Market Dynamics: Cyber insurance in India Expands (2022- 2024)
Rate of Growth Market Dimensions
The Indian cyber insurance market has been experiencing high trajectory growth for the past few years, averaging a steady 27-30% compound annual growth rate (CAGR) since 2020. According to Deloitte, this trend is expected to continue as the market will double by 2025, reflecting increased awareness and adoption among Indian businesses.
As such, the Indian cyber insurance sector will be worth around USD 100 million by 2024 and is expected to grow further as companies seek protection against increasing cyber-attacks. Working away from the office has emerged as a significant driver, forcing businesses across India, from SMEs to major companies, to spend more on cybersecurity investments.
Major Industries Driving Growth
- Information Technology (IT): The Indian IT sector is highly digitized and continues to be so. Cyber insurance has become one way Infosys and Wipro minimize cyber-based risks. Interestingly, in 2022, 60% of Indian IT firms were notified of data breaches; hence, cyber insurance has become a ‘must-have’ for protecting their monetary interests (Mitigata Insurance).
- Pharmaceuticals: This is an industry where the development of vaccines and treatments for COVID-19 has become a big target for cybercriminals. With such large volumes of sensitive health data, this is one of the most vulnerable sectors to hacks. Big pharmaceutical companies like Dr. Reddy’s Laboratories have heavily invested in cyber insurance after attacks compromised research data.
- Financial Services: The banking, financial services, and insurance (BFSI) sector has witnessed a significant increase in cyberattacks. This particular industry constitutes more than 30% of the cyber insurance market, which can be attributed to rigorous regulatory frameworks and the sensitive characteristics of customer data (IMARC) (Deloitte United States).
According to recent PwC data, nearly all of India’s top banks suffered from hacking in 2023, requiring substantial insurance coverage.
Why Do Businesses Need Cyber Insurance?
Rising Threat Landscape
One of the significant growth drivers for cyber insurance is the increased prevalence of cyberattacks, particularly ransomware attacks. According to CheckPoint Research, in 2023, India was the Fourth most targeted country globally in ransomware attacks (Deloitte United States).
The increase in cyber incidents has made organizations vulnerable to significant monetary losses, security breaches, and the interruption of their operations. Such incidents may leave organizations with little cyber insurance to cover recovery expenses and legal liabilities to repay affected clients due to data breaches.
Secondly, SMEs have experienced lax security infrastructures coupled with the availability of cybercriminals to target. Large corporations have large teams of IT professionals dedicated to cybersecurity, and while most small businesses lack such resources to protect themselves, cyber insurance forms a vital safeguard.
Financial Security
Cyber insurance normally covers both direct and indirect costs associated with a hack attack, where its direct financial loss includes the regulator fines arising out of such hacks and indirect expenses may relate to forensic and legal costs. For instance, the Indian 2023 Personal Data Protection Bill will impose penalty costs on companies failing to protect a customer’s information, thereby making insurance an essential mechanism to control such risks.
Business Continuity
This can create a destructive disruption from a cyber attack. In some instances, losses reach as high as millions of rupees per hour because of shutdowns in organizations’ systems. Cyber insurance mitigates revenue loss and helps resume business activities faster. In cases like e-commerce, where interruptions denote major financial setbacks, cyber insurance helps reduce economic loss resulting from disruptions.
Protection From Reputation Damage
The world has become so integrated that a cyberattack will penetrate into the financial bottom line of a firm and hit the reputation too. Users’ trust is lost due to exposure of a massive data breach; thus, customer retention and future revenues would go down. Cyber insurance could finance all the costs of the types of programs and services in public relations, legal communications, and outreach to customers to rebuild the brand’s reputation after an attack.
Case Study of Practical Application: Investigating the Impact of Cyber Insurance
In 2023, hackers threatened to reveal millions of records belonging to one of India’s central banks. The breach remediation was initially priced in crores, yet the bank, holding the most extensive cyber insurance policy, had the economic loss compensated for largely.
Insurance covered notification to affected customers, legal expenses, and system rehabilitation. It also covered business loss compensation to the bank resulting from operations impacted during the inquiry and rectification of the incident.
Categories of Cyber Insurance Coverage
Within the plan for identifying the right policy, business organizations in India usually seek the following categories of coverages:
First Party Coverage: This covers the business’s immediate loss, including the cost of restoring a compromised system, business interruption, and such costs as notice to customers after a data breach. Forensic investigation and crisis management are also part of this type of coverage.
Third-Party Coverage: This cover protects the enterprise against claims by third parties, such as clients and business associates, through lawsuits that may result from data breaches or other cyber incidents. Other legal defense, regulatory fines, and settlement costs are also covered.
Ransomware Coverage: With ransomware becoming quite common, this type of policy covers the costs to be paid to cybercriminals to pay a ransom, though many recommend not paying the ransom. The policy may also cover the costs of recovering the encrypted data in case of ransom payment, which does not guarantee restoring data.
The role of governmental regulations and the DPDP Act 2023
Government regulation has been crucial in India’s cyber insurance sector. Protection meal organizations must establish protection measures under the Digital Personal Data Protection (DPDP) Act 2023.
Noncompliance brings acceptable results in the final implementation of more rigorous data privacy legislation. Organizations are driven to take steps that enhance their cybersecurity while ensuring adequate insurance coverage in the case of an incident.
The influence of regulatory adherence on insurance premiums
Normally, it goes without saying that the same compliance with the DPDP Act and other policies should cut across the premiums paid for cyber insurance. Insurers view companies starting to deploy robust cybersecurity measures, such as multi-factor authentication and data encryption, as less-risky clients.
However, firms that fail to achieve the bare minimum in security charge more to their investors or, indeed, cannot find any insurance coverage.
Challenges in the Cyber Insurance Industry
While cyber insurance in India is growing fast, there remain challenges that should be addressed:
- Lack of awareness: Though cyber attack trends are rising, Indian SMEs do not recognize the importance of cyber insurance. Lacking awareness makes such companies insufficiently covered for financial losses in a cyber event.
- Increasing Premiums: With the prevalence and sophistication of cyberattacks on the rise, premiums for cyber insurance have increased. To many businesses, especially SMEs, cyber insurance comes at a price point that is too high, and they end up underinsured.
Why Choose Mitigata?
As the cyber threat landscape evolves in India, cyber insurance will be integrated into enterprises’ risk management strategies. Mitigata offers mature and customized cyber insurance policies tailored specifically to meet the unique needs of Indian companies-from small startups to big businesses.
Whether the focus is on ransomware cover, data breach cover, or an interruption in business activities, Mitigata’s cyber insurance solutions will empower clients to be more confident about dealing with these disruptions.
Explore our portfolio of cyber insurance products and secure your digital future today by going with Mitigata.
Quick Read: Cyber Insurance: Why Businesses Need It.