India Inc looks for dedicated cyber cover as phishing attacks intensify
23 Jul, 2014 01:01 PM
 
Indian corporates are increasingly looking at dedicated cyber-security insurance and calling on more diagnostic services, as they look to shore up their protection against the rising incidences of cyber crime in the country.

In 2013, India ranked fourth in the world by the volume of phishing attacks - which try and trick a user to into revealing passwords for official or personal accounts as a way to steal information — and was the most targeted country in Asia Pacific, according to a report by security provider RSA. RSA estimated the loss due to phishing attacks at $225 million (Rs 1,350 crore).

To combat the threat, Indian companies have been boosting their spending on security, a market that is growing 14% on a consolidated average growth rate basis. But now increasingly more are considering insurance as a way to mitigate the impact of a breach.

"Customers are looking at an average of $5-10 million (Rs 30-60 crore) in ( cyber security) cover, but some clients are even considering $25 million (Rs 150 crore) in protection. But you can even get a policy of a premium of Rs 5 lakh a year," Sushant Sarin, senior vice-president of commercial lines at Tata AIG General Insurance, said.

In the past, cyber-insurance was built into a company's general insurance plan, but stand-alone plans are gaining ground because they offer reimbursement for costs like forensic investigation, breach notification and even the hiring on a public relations firm to handle the adverse fallout of a large breach.

The demand is also spreading to wider industry segments. Earlier, dedicated cyber-liability insurance policies were predominantly found in the IT sector, which had client mandates that required such insurance.

"There is an increasing demand for such covers in the recent past. BPOs and IT firms, that had international clients, are early users. We now see a lot more demand coming from financial institutions and banks and sectors with strong online presence like

media and travel portals," said Sanjay Kedia, CEO and country head of insurance brokerage Marsh.

To underwrite the cyber-risk policies, insurers typically team up with the big four consultants to check the companies IT security practices.

Even without the insurance business, the consultancies are seeing increased demand for services that help companies determine if they have been attacked.

"We are seeing increasing demand for our diagnostic services. Companies will ask us to do this to determine if there has been a breach or when they are looking at insurance. We ask companies to do this two or three times a year, we aren't there yet; but demand is increasing," said Paul Walker, EMEA leader for forensic technology and discovery services at consultancy EY.

Earlier this month, EY launched cyber forensics and eDiscovery centre in Hyderabad to drive the growth of the firm's expanding cyber-forensic practise in India.

Companies are also looking at providing cloud-based assurance programmes to small businesses that would otherwise be unable to afford diagnostic services. BigRock, which helps small businesses leverage the internet, is offering a web-based security tool that scans websites to prevent malware attachment, incursions and hack attempts. The basic plan costs less then Rs 1,000 a year.
 
Source : The Economic Times
http://economictimes.indiatimes.com/tech/internet/india-inc-looks-for-dedicated-cyber-cover-as-phishing-attacks-intensify/articleshow/38911872.cms
 



© Copyright Loyal Insurance Brokers Ltd 2008. License code no. DB 328/05. All Rights Reserved. Insurance is subject matter of Solicitation.