Wake-up call: Post Delhi AIIMS cyber attack, experts reiterate importance of Cyber Insurance
According to reports, after being wrecked by cyber attacks, India’s leading public medical institute, All India Institute of Medical Services (AIIMS) is working on devising a cyber security policy after its servers remained down for more than 11 days.
A group of hackers have demanded an estimated Rs 200 crore in cryptocurrency, following which a case of extortion and cyber terrorism was registered with the Intelligence Fusion and Strategic Operations (IFSO) unit of the Delhi Police on November 25.
Reports suggested that data of close to 3 to 4 crore patients could be compromised due to the breach detected last week.
In India, the average cost of a data breach in 2021 was reported to be INR 16.5 crores per incident, the highest in 17 years, as per the IBM cost of a data breach report in 2021.
At a time like this, reiterating the growing importance of cyber insurance, Amit Agrawal, Managing Director (Liability & Specialty Risk), Howden India said that the complexity of safeguarding digital data has outpaced the speed at which digitization had happened.
According to Agrawal, cyber perils are the biggest concern for companies in 2022. The number of phishing and ransomware incidents reported in 2021 to the Indian Computer Emergency Response Team (CERT-In) more than doubled from the previous year.
“Hackers are known to outsmart the security put in place by entities, hence one of the ways to safeguard an entity from a large loss due to a Cyber event/breach is by procuring a robust cyber insurance policy,” he added.
While companies should invest in new age technologies such as Blockchain, AI & ML, Data analytics that are equipped to monitor and respond effectively to threats and also implement anti-ransomware tools. Even after implementing such tools, security breach can happen, said Rakesh Jain, CEO, Reliance General Insurance.
Read More: Significance of cyber insurance in today’s era of digital adoption
“Insurance is a crucial part of overall risk management of an organisation providing post incident response and financial/crisis management support to businesses. Therefore, while making insurance mandatory will be one of the first steps towards protecting businesses, considering the evolving nature of cybercrimes, the crucial aspect will be selecting a niche insurer that offers product customisation to meet the business requirements,” he explained.
Additionally, a cyber insurance will be beneficial in covering the extent of damages which the organisations will be liable to pay as per the provision of the new personal data protection bill which is in the draft stage, he added.
Increasing awareness around data security
We currently observe that close to 90%+ of customers are engaged in some form of digital initiatives, Customers engagements are majorly moving toward Digital platform. As Data security and customer centricity go hand in hand
organisations now give high importance towards securing customers data, said Sanjay Datta, Chief of Underwriting, Claims and Reinsurance, ICICI Lombard.
“From our experience we have noticed that companies are focusing on enhancing cyber security, Data privacy, investing in cyber awareness programs like Phishing simulations, Cyber training, New age cyber threat preventing technologies like Extended detection and response ‘XDR’, Endpoint detection and response ‘EDR’,” he said.
While we have seen companies opting for cyber insurance comprehensive cover, but every company who has important data of the customers should have a higher coverage for cyber insurance policies, said Rakesh Goyal, Director, Probus Insurance Broker.
“In terms of customer data things are likely to improve if we have a strong data protection bill in India. Having said that, the national crime records bureau shows that in 2021, a total of 52,974 cases were registered under cyber-crimes, showing an increase of 5.9 per cent in registration over 2020. Insurance plays an important part in terms of any cyber-attack,” he said.
‘Data monitoring solutions no longer sufficient’
The changes brought about by digitization pose a significant challenge to businesses and society today. Due to the widespread usage of SaaS applications, AI/ML technologies, and cloud computing, using data monitoring solutions is no longer sufficient to safeguard customer data and maintain privacy, Satish Gidugu, CEO at Medi Assist.
“For most companies, cyber insurance as part of their overall risk management strategy is a wise investment. To maximise the advantages and lower the costs of cyber-risk insurance, however, a number of actions should be taken. This includes adherence to various guidelines and security measures before assessing their own insurance needs,” he added.
According to Gidugu, Independent of industry or company size, all businesses must perform a cyber audit prior to buying a cyber insurance policy.
“By doing so, companies can assess the need for cyber insurance and learn about their organisation’s risk profile. This would result in buying a policy that matches their needs and requirements to the best,” he added.