Cyber Crime and Insurance
Digitalization is exposing organizations to cybercrime. The scale of cyber crime is increasing manifold daily. It is estimated that 500 cybercrimes take place every minute and INR 7 crore is lost by organization every minute.
Cybercrime has emerged as the top risk for organizations.
Common types of Cybercrime Faced By Organizations
- Cyber-Extortion – Organized crime gangs gain access to target’s computer or website and steals the sensitive information and data to extort money.
- Email Spam and phishing – Criminals imitate a legit site or send messages or email impersonating a legit business to get the personal and financial details of the target.
- Ransomware – Ransomware is a virus that infects the system of the target with malicious software. It can be used to steal the data or lock their system until a ransom is paid to the perpetrators.
Cybercrime Creates two kinds of losses for organization
- Loss of its own revenue or data, damage to its system, networks and the subsequent costs incurred to restore the systems.
- Compensation demanded by third parties like customers, government etc. for the data breach or losses suffered by them due to a cybercrime perpetrated on an organization.
First Party Cyber Risk Exposures
- Theft of money and digital assets: Direct monetary losses from electronic theft of funds/money from the organization by hacking or other types of cybercrime.
- Loss or damage to digital assets: Loss or damage to data or software programs, resulting in costs incurred through restoring, updating, recreating or replacing these assets to the same condition they were in prior to the loss or damage.
- Business interruption from network downtime: Interruption, degradation in service, or failure of the network, resulting in loss of income, increased cost of operation and/or costs incurred by mitigating and investigating the loss.
- Cyber extortion: Attempts to extort money by threatening to damage or restrict the network, release data obtained from the network, and/or communicate with the customer base under false pretenses to obtain personal information.
- Reputational Damage and Harm : : Legal, postage, and advertising expenses where there is a legal or regulatory requirement to notify of a security or privacy breach, including PR media assistance
Third Party Cyber Risk Exposures
- Security and privacy breaches: Investigations and civil damages associated with security breaches, transmissions of malicious code, or breaches of third-party or employee privacy rights or confidentiality, including failures by outsourced service providers.
- Defense Costs: The fees and other expenses incurred to defend against claim by a third party.
- Investigation of privacy breach: Forensics investigations, defense costs, regulatory penalties and fines (may not be insurable in certain geographies) resulting from an investigation or enforcement action by a regulator as a result of security and privacy liability.
- Customer notification/Public Relations expenses: Legal, postage, and advertising expenses where there is a legal or regulatory requirement to notify individuals of a security or privacy breach, including credit monitoring program costs and PR media assistance.
- Multi-media liability: Investigations, defense costs and civil damages arising from defamation, breach of privacy, negligence in publication of any content in electronic or print media, as well as infringement of the intellectual property of a third-party.
- Loss of third-party data: Liability for damage to, or corruption/loss of, third-party data or information, including payment of compensation to customers for denial of access, failure of software, data errors and system security failure.
- Impaired Access Liability: Claims by the customers due to failure to access the organization’s system because of temporary suspension of systems by the organization during cyber threat.
- Third-party contractual indemnification: Financial obligations to third-parties due to a security or data breach incident.
How can cyber insurance help?
A well-structured cyber liability policy can help the organizations in withstanding the financial losses due to such cybercrimes. The policy can cover and pay for both First Party and Third-Party Losses.
Cosmos Bank lost Rs.94 crores on 11th August’18 and 13th August’18 to a malware attack on its ATM server. The bank’s Visa and Rupay debit cards were cloned and used to fraudulently withdraw through various ATMs located across 28 countries.
In the above scenario, cyber insurance policy can pay for
- INR 94 crores that were siphoned off.
- Cost of cleaning the malware and reinstating the software.
- Losses because of business interruption due to network downtime.
- Cost associated with the forensic investigation ordered by the regulator.
- Cost of informing the customers and public relation expenses to manage the reputation.
As Stephanne Nappo, the Global Chief Information Security Officer at Société Générale International Banking says “It takes 20 years to build a reputation and few seconds of cyber-incident to ruin it.”
Cyber Insurance helps to manage this risk.