The Insurance Regulatory and Development Authority of India (IRDAI) committee has proposed a new cyber insurance policy to alleviate the risk associated with cyber threats. Defined as any damage or loss arising from attacks or breaches on information systems, cyber risk is becoming increasingly prominent in our digital world. The proposed policy aims to protect individuals against such risks.
Setting the Context
In October 2020, the IRDAI established a committee for cyber liability insurance under the leadership of P Umesh. The move was prompted by a spike in cyberattacks and notable data violations amid the Covid-19 pandemic.
According to the committee report, India, with its current internet user base of approximately 700 million, ranked second globally in the online market in 2019, placing it just behind China. The number of internet users is expected to rise across both urban and rural regions, hence escalating the risk of cyber threats.
Coverage of the Proposed Cyber Insurance Policy
The proposed policy includes coverage for situations like theft of funds, identity theft, social media issues, cyber stalking, malware, phishing, data breach, privacy breach, and more. Despite the reasonably comprehensive coverage, the committee believes there are areas where the features and processes can be improved.
Recommendations for Improvement
One of the suggestions is not to require a police FIR (First Information Report) for claims below Rs. 5,000. The committee also notes the need for clear exclusion language related to compliance and coverage for bricking costs, which refers to the loss of functionality of hardware due to a cyber event.
The Dynamic Nature of Cyber Risk
As cyber risks continuously evolve, standardization might be a good idea but it may not be sufficient to deal with all emerging risks. It could also potentially limit innovation in cyber security strategies.
Understanding Cyber Security
In the realm of cybersecurity, an attack denotes any effort to expose, alter, disable, destroy, steal, or gain unauthorized access to digital assets. Cyberattacks are offensive operations targeting computer information systems, infrastructures, computer networks, or personal computer devices.
The Need for Cyber Security
Referring to the Nasscom’s Data Security Council of India (DSCI) report 2019, India experienced the second-highest number of cyber attacks in the world between 2016 and 2018. Cyber threats can take various forms such as phishing, spoofing, malware, spyware, SIM swap, and credential stuffing.
Government Initiatives to Counter Cyber Attacks
The Indian government has undertaken several initiatives to tackle cyber threats. These include the Cyber Surakshit Bharat Initiative, National Cybersecurity Coordination Centre (NCCC), Cyber Swachhta Kendra, Information Security Education and Awareness Project (ISEA), National Computer Emergency Response Team (CERT-In), National Critical Information Infrastructure Protection Centre (NCIIPC), and the Information Technology Act, 2000.
International Mechanisms
On a global scale, organizations like the International Telecommunication Union (ITU) and mechanisms such as the Budapest Convention on Cybercrime and the Internet Governance Forum (IGF) play leading roles in standardizing and developing telecom and cybersecurity issues.
