top of page


Cyber Insurance

"Cyber" is the culture of computers, information technology, and virtual reality.

The word "Insurance" means an association by which an agency undertakes to furnish a guarantee of compensation for specified loss, damage, sickness or demise in return for the payment of a particular premium.

Cyber insurance is a cover designed on the same traces as others like health and transport. It covers to help businesses hedge against the potentially devastating outcomes of Cybercrimes such as Distributed Denial of Services (DDoS) attacks, Malware, Ransomware or any other method used to compromise webwork and vulnerable data. Risks are pertaining to Information Privacy, Information Technology, Infrastructure, Information on governance, Liability and related activities. The Earliest traces of the Digital Revolution were found in 1980. Later, we find Confidential Information Online and Digital Cash transactions which originated in 1990.

Examples of Cyber Crime

Cyber Crimes like Phishing, Identity Theft Scams, Cyberstalking, Cyber racism, Cyber Terrorism, Cyberwarfare, Cyber Underworld Hacking, viruses, Spam etc. To avoid them, we require a Risk Management Tool. Traditionally, the Digital World has resorted to Antivirus, Anti Spam Software, and Firewalls intrusion detection systems which are an addition to reducing threats or threats.

The Insurance Regulatory and Development Authority of India (Irdai) in September '21 was alarmed at the considerably small cyber Insurance sector compared to the rapid decline in Internet safety.

Examples of types of Cyber insurance are:

Cyber Insurance for Independent Individuals (above 18 years of age)

Online transactions done in our day-to-day life attract hackers to collect an individual's sensitive personal information like, e.g. Aadhar Details, Account Passwords or the most prominent ones which are Banking Frauds.

Currently, in India, HDFC Ergo, Bajaj Allianz, offers this Insurance to Adults as well.

Taking into consideration a broad perspective, the three main types of Cyber Liability Insurance Coverage are Cyber Security, Cyber Liability, Technology Errors and Omissions Insurance.

The Network protection insurance against cyber assaults and hacking, theft and fraud covers the destruction or loss of policyholders. Data as a result of the criminal or fraudulent cyber event including theft and transfer of funds forensic investigation covers the criminal & technical forensic services quintessential to verify cyber attack has occurred or not business interruption, extortion, verification, insurance, computer data loss restoration information privacy. Cyber insurance is relatively small in many countries compared to other insurance products and is still an emerging product of the cyber world for the digital world.


In 2017 Merck lost a whopping 1.3 billion dollars when attacked by using the crossfire of a Russian cyberattack targeting Ukraine. The event later was named NotPetya and was once the biggest cyberattack in history, costing $10 billion worldwide — economic harm akin to a medium-sized hurricane or a small war. World over, governments held Russia guilty, yet none stepped forward to support the companies affected.

Cyber insurance paid 3% of the net.

Insurance was more helpful — to a point. The insurance plan industry sells policies specifically designed for cyber incidents, but their scope and scale remain limited.

The cyber insurance plan paid for just 3% of NotPetya's global damage, leading some victims to flip to other insurance plans and policies with greater ambiguous terms. For example, Merck invoked property and casualty insurance policies that covered all hazards without explicitly bringing up cyber incidents. These insurance policies had "war exclusions," which barred insurance for damages due to "hostile or warlike actions" by governments or their agents. Many insurers cited these clauses for pushing back on the claims, triggering high-stakes lawsuits that continue to this day. To tackle this shortfall, enterprise leaders must work with insurers and policymakers to devise practical, long-term solutions. In the brief term, CEOs ought to put together cyber catastrophes. Companies must start ensuring their cyber threat assessments consist of a geopolitical component. In the age of cyber conflict, international tensions can lead to collateral damage everywhere. High-profile businesses are desirable objectives for state-sponsored hackers searching to wreak havoc through geopolitical crises. These cyberattacks usually target businesses seen as ambassadors of their nations, e.g. Jio by Reliance. For other companies, cyber espionage is the more significant threat: state-backed cyberspies may seek intellectual property from superior industries or customers' information from finance or travel companies. And even if you don't shape into any of these categories, there is still a growing threat of scattershot ransomware assaults by using state-sponsored criminals randomly impacting you. Armed with a perception of the broad range of geopolitical cyber threats that might endanger their business, companies must audit their insurance plan coverage and have frank conversations with insurers and brokers about any war exclusions. These clauses are ubiquitous, but insurers who promote policies tailor-made to cyber threats are much less likely to enforce them because they don't want to scare off their customers. Also, the exclusion language varies, so there may be room to negotiate. Many policies limit the scope of their war exclusions by carving out exceptions for "cyber terrorism," a broad term that could potentially restore coverage for many state-sponsored incidents. Massive Investment in developing resilience to cyberattacks should be made.

Standard measures

  1. Backing up data,

  2. Segmenting networks,

  3. Practising recovery plans

  4. Focusing on limiting the damage caused by an incident,

  5. Storing data in digital vaults,

  6. Speeding up recovery.

  7. Investment in resilience to cyberattacks

  8. Financial resilience in the form of cash reserves or access to credit scores can help organisations pay bills after a devastating cyberattack — especially if insurance claims are stuck in legal limbo.

  9. The private and public sectors must work together to develop a new financial framework to address cyber risk long-term.

Legal Remedies

The first step is to draft more explicit, practical, and sensible terms for cyber insurance plan coverage. Ambiguity doesn't assist anyone. The coverage reflects the primary ideas of insurability while minimizing the function of vague concepts such as "warlike actions." New policies may rule out specific catastrophic events based on their likelihood of exceeding insurers' financial capacity. For example, many insurers fear "cyber-physical" events — hacking incidents with significant real-world consequences, such as a cyber disruption that influences water treatment facilities. So far, these events have been uncommon and localized. But the risks are increasing as more and more tangible systems are digitized. The Indian government initiating to start its ministry functions online is one example of the same. Next, governments can help ensure robust cyber insurance is financially viable by providing last-resort coverage for extreme cyber events. Insurance experts have modelled some horrifying probabilities that ought to test the limits of private markets. For example, analysts have determined that a global malware outbreak's worst-case scenario should unfold even faster and cause more disruption across industries and countries than NotPetya did. Policyholders must have a voice in placing clear, practical, lifelike and reasonable terms. Businesses can help foyer governments to assist the cyber insurance plan market by instituting backstop programs where necessary. In a short time, Organisation leaders can begin to amplify their preparedness by understanding their vulnerabilities and planning for worst-case scenarios. In the long run, companies must join insurers and governments to develop comprehensive solutions. There is no heading off cyber dangers entirely. However, our choices today will determine if the next big attack means financial loss or just a bad day at the office.

For other companies, cyber espionage is the more significant threat: state-backed cyberspies may seek intellectual property from advanced industries or customers' data from finance or travel companies. And even if some of us don't fit into any of these categories, there is still a developing hazard of scattershot ransomware attacks by state-sponsored criminals randomly impacting firms' frank conversations with insurers and brokers about any war exclusions. These clauses are ubiquitous, but insurers who sell insurance policies tailored to cyber risks are much less likely to implement them because they don't wish to scare off their customers. Also, the exclusion language varies, so there might also be room to negotiate. Many insurance policies limit the scope of their war exclusions via carving out exceptions for "cyber terrorism," an extended term that could potentially repair insurance coverage for many state-sponsored occurrences. Finally, while insurers and governments have a crucial function, we can't find the money to sit on the sidelines and wait for them to develop new support systems.

Written by Archisha Sharma

122 views0 comments

Recent Posts

See All


In this dispute, the International Dispute Resolution Centre (or IDRC) dismissed the claim of the Ras-Al-Khaimah Investment Authority (or RAKIA), which pertains to the issue of the state of Andhra Pra


Legal education in India is regulated by the BCI, which was founded in 1953. The Bar Council of India recognises all law schools that want to offer legal education in our country. It is a mandatory re


Laws are made to prevent people from doing something bad or something which can harm the interest of the public at large. This bill was introduced in the Haryana Vidhan Sabha to completely prohibit re

bottom of page