Cyberinsurance: a thought Whose Time Has Come

cyberinsurance in India is actually a thought whose time has come, its advent accelerated partially thanks to the dramatic changes that COVID has induced within the way online fraud prevention app

 business is now run. However, on the face of it, it does remain somewhat complex for the standard SME to fathom. The challenge for the insurance industry is to think through innovative business models and go-to-market strategies while building awareness and appreciation for the difficulty amongst customers. Miles to travel before the proverbial sleep, but a pot of gold to hunt .


Consider the facts: Cybercrimes in India caused losses of INR 1.25T in 2019, cyberattacks on Indian entities almost trebled from 0.4M in 2019 to 1.16M in 2020. banks alone reported over 50,000 cases in FY19 with losses of ~INR 1.5B. Research indicates that over 50% of companies in India suffered downtime thanks to data loss.


Covid has ushered in rapid digitization, with new processes and new working models, it seems almost inevitable that there would be some chinks and rough edges from a security perspective as we all probably packed during a decade of digitization within the last three hundred and sixty five days . New risks are emerging as employees log in remotely from their own devices, and as screen time and commerce and financial transactions from mobile phones are rising. However, most businesses don't have the understanding to know the risks involved, nor the resources to implement risk mitigants.


India, therefore, need to be an outsized marketplace for cyberinsurance, yet the annual cyberinsurance premium of all Indian insurers is a smaller amount than INR 3B (a minuscule portion of the INR 1.9T general insurance premium). Moreover, tons of that comes from large enterprises who have a far better understanding of the risks involved and have the resources to place in situ risk mitigation measures and leave insurers to affect high severity risks. The US cyberinsurance market alone is upwards of US$ 3B and is predicted to grow at 10% or thereabouts. Considering that the US has only ~6M business entities compared to 10x that size in Indiathere is headroom for the India cyberinsurance market to grow manifold.

What must be done to tap the large growth potential? In our view, five initiatives could propel cyberinsurance growth in India:


1. Increasing awareness and education: the primary place to start out is with the meaning of cyberinsurance itself, and its scope and coverage vis-à-vis other commercial lines of insurance. So, while the commercial lines products can protect against loss of hardware, pure cyberinsurance policies protect the insured against software-induced losses like data theft, ransomware, hacking, etc. Like in any general policy , cyberinsurance policies can cover first-party damages like loss or damage to electronic data, loss of income/additional expenses just in case of an occasion , cyber extortion, notification costs and damage to reputation. the duvet could also reach third-party damages like claims, fines and penalties imposed on the insured. Firms providing core technology applications, e.g., accounting, ERP, payments, Ecommerce enablements, IT infrastructure providers, etc. have a key role to play. One wonders if they might almost be mandated to display notifications and alerts urging their users to guage their cybersecurity risks.


2. Building the proper products: By its very nature, cyber risk may be a high severity event, which leads actuaries and underwriters to raise the premium to affect the fat tail risk scenarios. While that does seem somewhat inevitable, tons might be wiped out the high frequency, low severity parts of the spectrum to create a diversified pool of risk against which to scale back the general costs for the insurer. In other lines of insurance like health and motor, insurers are starting to invest resources in prevention of the event. After all, that's the simplest thanks to reduce overall risk, and each insurer will happily take a portfolio that has inherently lower risk albeit it means lower premiums. there's a call to action, therefore, for insurers to figure with cybersecurity experts to predict, detect and mitigate risk for clients on an ongoing basis.


3. Creating the proper business model: While it's fast becoming mainstream, the reality is that cyberrisk may be a technical subject, and insurers don't have broad-based skills during this subject. These skills roll in the hay the geeks, and insurers would had best to partner with firms that have an innate understanding of cyberrisk – in any case , fixing a distinct segment line during a mainstream insurer is harder and expensive. However, this might need a review of the regulatory framework. as an example , in the US, insurtech companies became managing general agents (MGAs) – they manufacture, underwrite, and distribute cyberinsurance products against the capital provided by a mainstream insurer. We don't have a construct like that in India, and it might be worthwhile to think through modifications and amendments within the regulatory framework.


4. Differentiated go-to-market (GTM) strategy: While a radical discovery of customer needs and buying behavior is so as , here are some starting points that insurers might want to think about . Globally, the very best need for cyberinsurance is felt by the business which operates in regulated industries &/or deals with personal data of their customers – financial services, healthcare, retail, etc. are therefore obvious choices. the opposite aspect is to think through the cyber events that customers feared most; hacking activities, data destruction, online theft, reputational damage,and cyber extortion were the events that the majority customers would want protection against. Finally, the sales process itself – it's fair to assume that this may be an assisted process, with a broker or security expert influencing customer choice, with consequent implications on the sales & marketing strategy.


5. Incubation support: All the points mentioned above need resources, most of all to create awareness and education on cyberinsurance. The insurance industry could take a leaf from banking and mutual funds, where the RBI and AMFI are involved in customer education – the recent campaigns to teach the general public on the ombudsman framework, unauthorized lending apps, UPI frauds and SIP plans are good examples. Possibly the overall Insurance Council or IRDA could create alittle fund to kickstart this initiative, and overtime fork over the reins to insurers because the market starts to deepen.

In summary, cyberinsurance in India is actually a thought whose time has come, its advent accelerated partially thanks to the dramatic changes that COVID has induced within the way business is now run. However, on the face of it, it does remain somewhat complex for the standard SME to fathom.

Comments

Post a Comment

Popular posts from this blog

Best Cyber Security Blogs by Industry Experts

  Currently, the 2 most trending industry topics are online fraud protection security and data privacy. Hence, it's vital for people who are a part of the cyber security domain or have the aim of pursuing a career during this domain, to be updated with the newest trends. within the half of 2019, almost 4.1 billion records were exposed in data breaches. If one works within the cyber security domain, s(he) must stay up-to-date. Browsing through cyber security blogs, reading them and gathering knowledge from exclusive cyber security websites is one among the best ways to try to to that. Some people will wish to gain awareness by reading various books. But it's not an equivalent for all. So online resources like blogs are often really helpful for developing command during this domain. To assist you in choosing the right source to accumulate knowledge, we've mentioned a number of the favored cyber security blogs to follow. Best Cyber Security Blogs by Industry Experts 1. Krebs
Read more