“Cyber liability can be covered under our professional indemnity policy as an extension. Globally, as well as in India, we are seeing that information technology/information technology enabled service firms have an appetite for these policies,” said Gisha George, head-liability insurance, Bajaj Allianz General Insurance.
She added this would cover third party claims arising due to negligent transmission of a computer virus, misrepresentation, defamation, confidentiality breach, intellectual property infringement and related exposures. Cyber crimes caused by the insured’s employees also get covered under the policy but would exclude the actual perpetrator.
Cyber crime liability refers to risks arising from fraudulent behaviour by a party (s) online, that can cause financial and reputational loss to a company and its clients. General insurers said that while there has been a 30-35 per cent increase in demand for these products, the number of pure cyber liability covers were few in the Indian market.
Sanjay Datta, chief-underwriting and claims, ICICI Lombard General Insurance said that cyber liability is a new age cover, which can be offered as an extension under errors and omissions policy or as a standalone cyber liability policy. “We are receiving enquiries, which are currently coming from the IT space. It is a matter of time before other sectors such as banking, financial services and insurance, hospitals, travel companies, educational institutes, retail majors start feeling the need of such covers,” said Datta.
Globally, cyber liability policies cover privacy breach liability, cyber extortion, business interruption losses, liability from multimedia and public relations costs, legal expenses and data theft liability. The premiums, said Datta, generally range between $5,000 per $1 million to $15,000 per $ 1 million. However, the distribution of unsolicited email, wire tapping, eavesdropping, fraudulent acts, failure to maintain standard computer security are major exclusions under this policy.
Sushant Sarin, national head - liability lines, Tata AIG General Insurance said that if there is an allegation against a director or officer of neglecting cyber risks where such neglect results in a loss, such a claim against the director or officer would be covered under a directors officers policy (DO). “A more comprehensive cover will include within it-internet liability coverage. This cover protects the insured from damages arising from a breach of duty in the operation of an internet, intranet or extranet site, transmission of electronic mail or documents by electronic means or the unintentional transmission of a computer virus,” said Sarin.
Companies said that premiums for these products though, could be 10-20 per cent higher than other policies. They added that it was reasonable, considering the risks involved. Since this product is at a nascent stage, insurers informed that the claim ratios were also presently low.
While standalone policies are still not a norm, customised covers are offered. Rakesh Jain, chief executive officer of Reliance General Insurance, said that though most of the DO policies don’t cover the entity against cyber liability, in some customised liability products it may be offered as an extension
“Since cyber threat is global in nature, it is very difficult to keep pace with it and it is not inexpensive to upgrade security. Hence, an appropriate liability cover can at least protect the insured against any unforeseen third party liability,” he said.
Certain insurers have already taken a lead to introduce specific policies. Mukesh Kumar, member of executive management head - strategy planning, human resources and marketing, HDFC ERGO, said that they offer a standalone policy, CyberSecurity, that addresses cyber liability risks. He said that first party losses such as computer theft, extortion and business interruption are also covered by their policy.
Subrahmanyam B, senior vice president head - health, commercial lines and reinsurance of Bharti AXA General Insurance said that apart from companies, even government of India is quite serious on this matter and is working with various industry bodies like NASSCOM. “Department of electronics and information technology is working on a proposal to mandate hardware vendors to provide cyber security awareness brochures along with the products they sell in India, which will go a long way in creating awareness on cyber threat,” he said.
As per KPMG’s annual electronic crime report of 2011, cyber liability insurance is still to gain currency with businesses, despite the rising risk. It indicated that 78 per cent of the 200 senior security managers from global businesses indicated that their companies either did not have insurance or that they were not aware if their companies had any cyber insurance, despite more than half seeing an increase in cyber crime risk over the past 12 months.
Areas covered and list of exclusions under this policy
Scope of coverage
Third Party liability coverage
Liability arising out of alleged unauthorized access to or dissemination of someone’s personal or corporate information
Infringement of intellectual property rights, trademark copyright
Libel and defamation
Data theft and breach of privacy
Failure in security systems resulting in prohibited access
Reputational and legal risks arising out of cyber crime
Employee involvement in cyber crime
Inconsistent security standards
Invasion of privacy by breach of contract
Fraud and dishonesty
Fines and Penalties