In October 2023, a major cyber-attack targeted an Indian financial services company, leading to a significant operational shutdown. The hackers deployed ransomware, which encrypted critical business data and demanded a ransom of ₹20 crores for its release. Despite having cybersecurity measures in place, the company had to engage with negotiators and cybersecurity experts to restore their systems. The financial impact was substantial, including not just the ransom payment but also the costs of data recovery, legal fees, and the loss of business during the downtime. The incident also severely damaged the company’s reputation, leading to a loss of customer trust.
Meanwhile, another prominent Indian real estate firm discovered a large-scale internal fraud, where a senior finance executive had embezzled over ₹150 crores over two years by manipulating financial records and siphoning funds through a complex network of shell companies. The fraud went undetected due to weaknesses in the company’s internal controls and resulted in a severe financial blow that could have threatened the company’s survival had it not been for its corporate crime insurance policy.
These incidents highlight the importance of understanding the distinct risks covered by corporate cyber insurance and corporate crime insurance, as well as the need for businesses to have both types of coverage to safeguard against a wide range of threats.
Corporate Cyber Insurance: Protecting Against Digital Attacks
As India continues to digitize its economy, businesses are becoming increasingly reliant on digital systems, which makes them more vulnerable to cyber threats. Corporate cyber insurance is specifically designed to mitigate the financial impact of cyber incidents such as data breaches, ransomware attacks, and other forms of cybercrime.
The Growing Threat Landscape
According to a report by IBM, the average cost of a data breach in India in 2024 has risen to ₹18.7 crores, up from ₹16.5 crores in 2023. This increase is attributed to the growing sophistication of cyber-attacks and the increasing value of data. Additionally, the report notes that the time to identify and contain a breach has also increased, leading to higher costs associated with business interruption and recovery efforts.
A study by Munich Re revealed that ransomware remains the leading cause of cyber insurance claims, with manufacturing, finance, and healthcare sectors being the most affected. The average ransom demand has also increased, with some cases exceeding ₹50 crores. This surge in ransomware activity has prompted many Indian companies to reassess their cybersecurity strategies and invest in cyber insurance as a critical component of their risk management plans.
Coverage Offered by Cyber Insurance
- Data Breach Response:
Cyber insurance covers the immediate costs associated with responding to a data breach. This includes the expenses for forensic investigations to determine the source of the breach, legal fees for managing regulatory compliance, and costs for notifying affected customers. The IBM report highlighted that the notification costs alone can account for up to 20% of the total cost of a data breach.
- Ransomware and Extortion:
As ransomware attacks become more common, cyber insurance policies have evolved to include coverage for ransom payments, as well as the costs of recovering and restoring data. A 2024 survey by Deloitte indicated that nearly 60% of mid-sized firms in India had either experienced a ransomware attack or knew of a company that had, underscoring the need for comprehensive coverage (Deloitte United States).
- Business Interruption:
One of the most significant financial impacts of a cyber-attack is the interruption of business operations. Cyber insurance can provide compensation for the loss of income during the period when business operations are disrupted. This coverage is especially critical for sectors like finance and e-commerce, where downtime can result in millions of rupees in lost revenue. - Regulatory Compliance:
With the introduction of India’s Digital Personal Data Protection Act, 2023, businesses are now required to comply with stringent data protection regulations. Cyber insurance can help cover fines and penalties for non-compliance, as well as the costs associated with regulatory investigations. A report by KPMG highlighted that non-compliance with data protection regulations could result in fines of up to ₹50 crores or 2% of a company’s global turnover, whichever is higher (Deloitte United States).
Corporate Crime Insurance: Safeguarding Against Fraud and Theft
While cyber insurance focuses on digital threats, corporate crime insurance provides coverage for financial losses resulting from criminal acts such as fraud, embezzlement, and theft, whether committed by employees or external parties. As businesses grow and handle larger volumes of transactions and assets, the risk of both internal and external crime increases significantly.
The Scope of Corporate Crime Insurance
Corporate crime insurance is essential for businesses in all sectors, particularly those that handle large sums of money, valuable assets, or sensitive information. According to a 2022 report by PwC, internal fraud accounted for nearly 45% of all economic crimes in India, with the average financial impact of such crimes exceeding ₹20 crores.
The report also noted that companies with weak internal controls were more likely to experience significant losses due to fraud.
Coverage Offered by Crime Insurance
- Employee Theft: Corporate crime insurance protects against losses caused by dishonest employees who steal money, assets, or sensitive information. This type of coverage is crucial for companies with large workforces, where the risk of employee theft is higher. The PwC report indicated that employee theft is one of the most common forms of corporate crime, with incidents often going undetected for months or even years .
- Third-Party Fraud: This coverage extends to fraudulent acts committed by external parties such as suppliers, contractors, or business partners. In one case, a major Indian conglomerate discovered that a trusted supplier had been inflating invoices and siphoning off the excess funds into offshore accounts. The company’s crime insurance policy covered the financial losses, allowing it to recover the stolen funds and take legal action against the supplier.
- Forgery and Alteration: Corporate crime insurance can also cover losses resulting from the forgery or alteration of checks, promissory notes, or other financial documents. This is particularly important for companies that rely heavily on paper-based transactions or those that handle large volumes of financial documents.
- Kidnap and Ransom: In some cases, corporate crime insurance includes coverage for ransom payments and related expenses in the event of a kidnapping. This is especially relevant for companies operating in regions where the risk of kidnapping is higher. According to a report by Control Risks, the number of kidnap-for-ransom incidents in India has increased by 15% over the past five years, with most incidents targeting high-net-worth individuals and corporate executives.
Real-World Impact: Learning from Actual Incidents
The incidents mentioned earlier demonstrate the importance of having both cyber insurance and crime insurance to protect against a wide range of risks.
- Cyber Incident: The ransomware attack on the Indian financial services firm in 2023 not only caused a significant financial loss but also highlighted the importance of having a robust cyber insurance policy. The company’s cyber insurance policy covered the ransom payment, data recovery costs, and business interruption losses, allowing the firm to recover without crippling financial damage.
- Crime Incident: The embezzlement case involving the Indian real estate firm underscores the critical role of crime insurance. The fraud had gone undetected for years, and the financial impact could have been catastrophic. However, the company’s crime insurance policy helped recover a portion of the stolen funds, stabilizing the firm during a turbulent period.
Why Both Types of Insurance Are Necessary
Given the diverse nature of risks that businesses face, having both corporate cyber insurance and corporate crime insurance is essential. Cyber insurance provides protection against the growing threat of cyber-attacks, while crime insurance offers coverage for traditional forms of crime such as fraud and theft. Together, these policies offer comprehensive protection, ensuring that businesses can navigate the complex risk landscape with confidence.
How Mitigata Can Help
At Mitigata, we understand the unique challenges faced by Indian businesses. Our tailored insurance solutions are designed to provide robust protection against both cyber threats and criminal activities. Whether you need coverage for digital risks or protection against traditional forms of crime, Mitigata has you covered.
Contact us today to learn more about how our comprehensive insurance solutions can safeguard your business from the unexpected challenges of the modern world.
