Press Release

ASSOCHAM's National E-Summit on Cyber Insurance

 New Delhi, 23^rd September 2021: With cybersecurity issues evolving daily, the Insurance Regulatory and Development Authority of India (IRDAI) will focus on making the relevant changes and guiding the insurance companies as per the evolving requirement, a top insurance watchdog official said at an ASSOCHAM virtual event held today.

“I will say it will be evolving every day and the regulator and the insurance companies together will be focusing on improving the cybersecurity as per the need of the hour. It is not that we have reached a final stage there,” said Ms S.N. Rajeswari, Member, IRDAI at an ASSOCHAM National E-Summit on Cyber Insurance - “Reinvigorating the Future for Bridging the Gap.”

She said that the cyber risks are not static, so, the cyber insurance is also not going to be static. “There is a need to create awareness and have a cyber insurance ecosystem, cyber literacy, each agency, companies should coordinate with each other and there should be training session to promote awareness on the risk of remote working.”

She also said that considering insurance companies manage very huge data of the customers, policyholders and are always running at the risk, IRDAI in its guidance document issued on product structure for cyber insurance has come out with the guidelines and parameters each company should have.

“There has to be an information security policy is in place, how it is being reviewed and also where the data and backup data has to be kept, so, IRDAI is focusing on this and there is also proper guideline and FAQ on the cybersecurity update,” said Ms Rajeswari.

She further said that the objective of the guidance document issued by the IRDAI on 8 September 2021, is to enable the insurers they can evaluate what are the new technologies that are posing the cyber risk and identify what is the protection gap.

“Of course, there are cyber insurance products available in the market, both for commercial and individual. So now they can identify when IRDAI elaborates what are the possible risks, recommendations they give that can be covered. So, the insurers can identify what are the protection gaps, existing products and they can address according to the needs of the market and even they can develop the standalone cyber insurance product,” said Ms Rajeswari.

The IRDAI Member stated that while cyber insurance products are mostly for the commercial purpose as it is a standalone product, but it can also be issued to the individuals.

“We have discussed on the individual cyber need policy and what are the coverages as it is already it can take care of the identity theft, social media coverage, emails pooling and exhaustion, media liability cover, data breach, privacy breach and whatnot. So, IRDAI has given the model policy wordings what are the do's and don'ts, and they have also discussed internationally what are the coverages that are available in various other jurisdiction and what is not available in India at present and what is available in limited cover like what we were discussing about that silence cyber cover, whether a D&O policy covers automatically,” she said.

Focusing on the micro, small and medium enterprises (MSMEs) and the lower income group, she said that there is a need to create the awareness and support the ecosystem there. As per the statistics 43 per cent of all the cyber-attacks are aimed at SMEs because they are highly vulnerable, they have the less sophisticated IT security infrastructure, the awareness is very low the security measures are very low.

“There is a need to have an ecosystem model to support the SMEs with a cover specifically for them so that they are also protected,” said Ms Rajeswari.

Other key speakers who addressed the ASSOCHAM e-summit included: Mr G. Srinivasan, Chairman, ASSOCHAM National Council for Insurance and Director, National Insurance Academy; Mr Kartik Shinde, Partner, EY; Mr V. Rajaraman, ED, IFFCO Tokio General Insurance Company Ltd. and Mr TanujGulani, Head- Liability Lines, Prudent Insurance Brokers Pvt Ltd.