As cyber threats constantly evolve, government regulation is anticipated to shape India’s cyber insurance market significantly. The Digital Personal Data Protection Act of 2023 is only getting started. Future laws mandate cyber insurance for particular industries or establish a central cyber risk management organization that assesses the type of cybersecurity and insurance coverage required.
Future rules will probably encourage the market for cyber insurance to expand even more, but they will also make it more difficult for companies to meet the new requirements. Businesses may have to pay higher premiums or be excluded from coverage entirely if these requirements still need to be fulfilled. They need to consider resilience and protection as cyber threats become more complex. This entails creating the capacity to swiftly defeat a cyberattack and lessen its influence on operations. Companies are starting to provide coverage that promotes cyber resilience, such as access to cybersecurity professionals who can assist with incident response or business interruption coverage.
Case Study: Cyberattack on Indian Financial Services
A major cyberattack that targeted an Indian financial services company in October 2023 resulted in a significant operational shutdown. The hackers used ransomware to encrypt important company data and demanded ₹20 crores in ransom to unlock it. The business needed to work with negotiators and cybersecurity specialists to restore their systems even though they had cybersecurity safeguards. The ransom payment was only one aspect of the significant financial impact; other expenses included data recovery costs, legal fees, and lost revenue due to the outage. Customers lost faith in the business due to the incident, which seriously harmed its reputation (Deloitte United States Telegraph India).
Another well-known Indian real estate company meanwhile uncovered a massive internal fraud in which a senior finance executive had siphoned money through a convoluted web of shell companies and manipulated financial records to embezzle over ₹150 crores over two years. If it weren’t for the company’s corporate crime insurance policy (The CLM), the fraud would have gone undiscovered because of flaws in internal controls, causing a severe financial setback that might have jeopardized the company’s existence.
These incidents underscore the significance of comprehending the different risks covered by corporate crime and cyber insurance and the necessity for companies to have both forms of coverage to protect against a variety of threats.
Corporate Cyber Insurance: Protecting Against Digital Attacks
Businesses are becoming more dependent on digital systems as India’s economy continues to digitize, increasing their susceptibility to cyberattacks. The purpose of corporate cyber insurance is to lessen the financial impact of cyber events like ransomware attacks, data breaches, and other types of cybercrime.
The Growing Threat Landscape
According to an IBM report, India’s average data breach cost increased from ₹16.5 crores in 2023 to ₹18.7 crores in 2024. The increasing sophistication of cyberattacks and the rising value of data are the reasons for this rise; according to the report, it has taken longer to detect and contain breaches, which has resulted in higher expenses for business interruption and recovery.
According to a Munich Re study, ransomware is still the most common reason for cyber insurance claims, with the manufacturing, financial, and medical industries being the most impacted. The average ransom demand has also increased, sometimes surpassing ₹50 crores. Many Indian businesses have reevaluated their cybersecurity plans in response to the spike in ransomware activity, and they have made cyber insurance a crucial part of their risk management strategies.
Coverage Offered by Cyber Insurance
-
Data Breach Response:
Cyber insurance covers the immediate costs of responding to a data breach. This includes managing regulatory compliance, notifying impacted customers, and conducting forensic investigations to identify the breach’s origin. The IBM report clarified that up to 20% of a data breach’s overall costs can be attributed to notification expenses alone (Telegraph India).
-
Ransomware and Extortion:
As ransomware attacks increase in frequency, cyber insurance policies have developed to cover the expenses of recovering and restoring data and ransom payments. According to a Deloitte survey conducted in 2024, almost 60% of mid-sized businesses in India had either been the victim of a ransomware attack or knew of one that had occurred, highlighting the importance of having thorough coverage (Deloitte United States).
-
Business Interruption:
One of the most critical financial effects is the disruption of company operations. Cyber insurance can cover lost earnings while business operations are interrupted. This coverage is essential for industries where downtime can cost millions of rupees in lost revenue, such as finance and e-commerce.
-
Regulatory Compliance:
Following the passage of India’s Digital Personal Data Protection Act 2023, businesses must now abide by strict data protection regulations. Cyber insurance can partially cover the costs of regulatory investigations, as well as fines and penalties for noncompliance. According to a KPMG analysis, companies that violate data protection laws risk fines of up to ₹50 crores or 2% of their worldwide sales, whichever is greater (Deloitte United States).
Corporate Crime Insurance: Protecting Your Company.
Corporate crime insurance covers financial losses caused by illegal activities like fraud, embezzlement, and theft, whether carried out by internal or external parties. Cyber insurance, on the other hand, focuses on threats related to the internet. Internal and external crime risk rises sharply as businesses expand and deal with more significant volumes of assets and transactions.
Corporate Crime Insurance: Its Range
All types of businesses need corporate crime insurance, but those that deal with big sums of money, precious assets, or confidential data especially need it. A 2022 PwC report states that internal fraud made up almost 45% of all economic crimes in India, with an average financial impact of over ₹20 crores. The report also mentioned that businesses with lax internal controls had a higher risk of suffering sizable fraud-related losses.
Quick Read: The Growing Importance of Crime Insurance In Modern Business
Coverage Offered by Crime Insurance
- Employee Theft: Corporate crime insurance protects against losses caused by dishonest employees who steal money, assets, or sensitive information. This type of coverage is crucial for companies with large workforces, where the risk of employee theft is higher. The PwC report indicated that employee theft is one of the most common forms of corporate crime, with incidents often going undetected for months or even years .
- Third-Party Fraud: This coverage extends to fraudulent acts committed by external suppliers, contractors, or business partners. In one case, a prominent Indian conglomerate discovered that a trusted supplier had been inflating invoices and siphoning excess funds into offshore accounts. The company’s crime insurance policy covered the financial losses, allowing it to recover the stolen funds and take legal action against the supplier.
- Forgery and Alteration: Corporate crime insurance can also cover losses resulting from the forgery or alteration of checks, promissory notes, or other financial documents. This is particularly important for companies that rely heavily on paper-based transactions or handle large volumes of financial records.
- Kidnap and Ransom: In some cases, corporate crime insurance includes coverage for ransom payments and related expenses in the event of a kidnapping. This is especially relevant for companies operating in regions with a higher risk of abduction. According to a report by Control Risks, the number of kidnap-for-ransom incidents in India has increased by 15% over the past five years, with most incidents targeting high-net-worth individuals and corporate executives.
Real-World Impact: Learning from Actual Incidents
Because they offer protection against various risks, the incidents above highlight the significance of having both crime and cyber insurance.
- Cyber Incident: In addition to causing a sizable financial loss, the ransomware attack on the Indian financial services company in 2023 made clear how crucial it is to have a robust cyber insurance policy. The business could recover without suffering irreversible financial damage because its cyber insurance policy covered the ransom payment data recovery expenses and business interruption losses.
- Crime Incident: The embezzlement case involving the Indian real estate company highlights the importance of crime insurance. The financial consequences could have been disastrous, and the fraud had gone undiscovered for years. However, a portion of the stolen money was recovered thanks to the company’s crime insurance policy, which helped stabilize the business during a difficult time.
The Need for Both Kinds of Insurance
Corporate crime and cyber insurance are crucial because of the risks businesses encounter. At the same time, crime insurance covers more conventional types of crime like theft and fraud and cyber insurance guards against the ever-growing threat of cyberattacks. When taken as a whole, these policies provide complete protection, enabling companies to traverse the intricate risk environment confidently.
The Benefits of Mitigata
Mitigata is aware of the particular difficulties Indian companies encounter. Our specialized insurance plans are made to offer a strong defense against illegal activity and cyber threats. Mitigata offers protection against conventional criminal activity and coverage for online hazards.
Contact us right now to learn more about how our all-inclusive insurance options can protect your company from unforeseen problems in the contemporary world.
Also Read: Why do businesses need cyber insurance?
