With Surge In Cyber Fraud Cases, Insurance Companies Rush To Carve Niche Products

In cases of phishing, one of the most common forms of cybercrime, fraudsters impersonating as credible officers from banks or other authorities seek sensitive information about financial dealings. These could be passwords, bank account numbers, or other such information.

Various authorities have been urging customers to stay vigilant against cybercrimes. Income Tax (IT) Department and other regulatory boards, such as Reserve Bank of India (RBI) and Securities and Exchange Board of India (SEBI), among others, have been continuously issuing warnings to the ordinary citizens to remain careful.

The exponential rise in such cases leading to huge financial losses has given impetus to a relatively new risk-mitigation product: cybersecurity insurance.

Since cybersecurity insurance is a fairly unexplored reimbursement policy, awareness among customers and the public becomes crucial. From setting up banners to special advertisements on mobile applications, banks and insurers have been finding ways to sensitise the public to the need for a comprehensive insurance premium amid rising cases of cybercrimes. 

Globally, an estimated $2.88 billion was lost to cybercrimes due to a lack of adequate insurance, as per Astra Security.  

While businesses have been opting for cybersecurity insurance, it is yet to gain traction among individuals. Micro, Small, and Medium Enterprises (MSMEs), which have been the worst impacted, too, have limited awareness about cybersecurity insurance.  

Urgent Need For Clarity

The National Crime Records Bureau (NCRB) recently released the Crime in India report for 2023. Interestingly, the data show a decline in murder cases in the country, but an alarmingly steep rise in cybercrime cases: in 2023, a total of 86,420 cybercrime cases were reported in the country, marking 31.2 per cent increase from the previous year — a cause for concern, but not out of place, considering the fact that digital systems have evolved dynamically, even to the extent that states have been waging cyber warfare. The Russia-Ukraine conflict is a case in point. 

With more than 85 per cent of households now being connected to the Internet, staying insured against potential cybercrimes could become the new norm.  

A recent government release said that cybersecurity incidents in India increased from 10.29 lakh in 2022 to 22.68 lakh in 2024.

The release quoted data provided by the National Cyber Crime Reporting Portal (NCRP) on the financial toll on account of cyber frauds. It stood at Rs 36.45 lakh as of February. 

Experts said that if adequate steps are not put in place, the number would further rise.

Despite this, cybersecurity insurance is a sector rife with ambiguity — partly because it is still in the nascent stages, but mostly due to a lack of awareness. "We do not have a holistic framework for cybersecurity insurance yet. It is still evolving. But insurers have been working towards framing a comprehensive policy that covers everything from data protection to PR costs," a senior private bank executive told The Secretariat on the condition of anonymity. 

From premium credit cards that offer free cybersecurity insurance to comprehensive policies, bankers, too, have been experimenting with various strategies to promote this new product, he pointed out. 

Another banking official has termed ransomware and phishing as leading security concerns. "We provide both corporates and members of the public with comprehensive, premium insurance policies. However, the current set of policies does not cover all kinds of cybercrimes, and we are still exploring the various aspects of it," the person added. 

While several insurers are now covering cyber fraud, awareness of this key area needs to be increased. SBI General, Bajaj Allianz, HDFC Ergo, ICICI Lombard, and TATA AIG are among the insurers that cover cyber fraud.

Significance Of Consultation

Over the past couple of years, insurance platforms such as Pazcare have evolved to offer an all-encompassing consultation on cybersecurity insurance. According to a senior associate at Pazcare, most of the big corporations and established organisations have, over the past years or so, insured themselves against cybercrimes. "Cybercrimes, literally, put everything at risk. And these are only going to see a surge in the future. Comprehensive policies cover the cost incurred during the recovery stage and other expenses, including a defamation suit, if need be," the person said. 

Consultation firms have also seized the digital boom moment to streamline their services and direct potential clients to the insurer that meets their requirements. 

“With digital adoption accelerating across every sector, the threat surface for cyberattacks has expanded. Many organisations still underestimate the scale of cyber risks until they face an attack firsthand,” said Itee Shree, Senior Associate at Pazcare. “Our goal is to ensure companies don’t wait to act until a crisis. At Pazcare, we help them understand their exposure and design policies that safeguard not just their data, but also their reputation and operational continuity," she said. 

Calculating premiums remains a challenge. For individuals, premiums are as low as Rs.10 a month, but for corporations, the figure could be much larger. 

Impact Of Cyber Fraud

Take the case of a media organisation. If under the attack of cybercriminals, its advertisements, subscriptions, and data would be at stake. For instance, cyber attackers may post factually inaccurate content, leading to legal claims from a public figure, and unleashing a morass of legal labyrinth. If insured, the coverage would tend to the cost incurred in the legal process and recovery of data, among others. 

"At the moment, such a policy is offered to individuals only at retail. In the long run, there will be more clarity on the process and, therefore, more options for individuals to choose from," an insurance consultant explained.

Since the surge in cybercrimes and the need for more holistic policies have a reciprocal effect, it becomes imperative to create a framework to secure the future. With digital payment gaining momentum in the country, the government, along with other authorities concerned, including regulators, needs to step in.