In response to escalating cyber attacks in India, private insurers such as HDFC Ergo General Insurance and Bajaj Allianz General Insurance are taking proactive measures, including engaging in negotiations with cyber attackers, to address claims arising from ransomware incidents, as per a report by The Economic Times.
India has recently become one of the most targeted countries globally for cyberattacks.
In addition to refining their cyber insurance products, insurers are modifying covenants and strengthening client contracts to enhance their capabilities in the rapidly growing cyber insurance sector.
Insurers collaborate with intermediary agencies specializing in negotiating with hackers, often called “threat actors.”
These agencies are crucial in facilitating negotiations when hackers demand a ransom in exchange for not releasing stolen data. Experts estimate that at least 5-10 cases involving substantial sums of money have been settled through such negotiations in just over a year.
The primary objective of insurers engaging in negotiations is to confirm the responsibility of threat actors for the cyberattack and then work towards minimizing the ransom payment.
The Economic Times report quotes Hiten Kothari, Chief Underwriting Officer and Chief Actuary at HDFC Ergo General Insurance, who explains that ransomware negotiation service providers offer a range of services, including ransomware remediation, public relations assistance, post-attack monitoring, detection and response services, and products designed to prevent future attacks.
While obtaining official numbers on such negotiations is challenging, industry experts suggest that approximately 5-10 deals may have transpired over the past year.
The reduction in reinsurer capacity over the last 1-2 years due to substantial overseas claims is prompting a reevaluation of exposure to cyber insurance.
Assessing the impact of cyberattacks, experts note that cybercriminals strategically publicize data breach details on the dark web to exert pressure during negotiations and increase the potential ransom amount.
Companies often assess the business impact of a data breach to determine whether paying the ransom is the most viable option, claims The Economic Times report.
This evolving cyber threat landscape has led to the implementation of more stringent terms and agreements in cyber insurance policies. Companies are discussing cybersecurity concerns in boardrooms, and insurance policies are adapting to cover emerging risks. Collaborations between insurers and cybersecurity firms are rising to provide proactive risk management solutions.
As of the latest data, HDFC Ergo has observed a 25 to 30 percent increase in new corporate cyber policy enrolments.
In response to the rising instances of payouts, insurers are incorporating limits on claims percentages for ransomware cases into new covenants, resulting in increased premiums and higher deductibles.
India’s corporate cyber insurance market has grown significantly, with premiums surging 50-60 percent in the past year. The market is valued at around Rs 600 crore, up from Rs 400 crore just six months ago.
The increased demand for cyber insurance is wider than large companies in the IT, IT, and BFSI sectors, as other industries, including manufacturing and pharma and mid-sized companies, are now seeking coverage.
However, policies for smaller companies may vary based on their system strength and tech infrastructure.
Cyber insurance policies continue to evolve, offering more customized coverage that considers specific risks and compliance requirements.
Insurers are adopting comprehensive risk assessment approaches, utilizing detailed questionnaires to evaluate companies’ cybersecurity measures, including the strength of their firewalls and security infrastructure.
Premiums are then priced accordingly, emphasizing reinforcing technology infrastructure and appointing Chief Information Security Officers (CISOs).
