In India, the lack of cyber security insurance availability is a major problem. India is among the top countries affected by cybercrime in the world. In 2019, over 11,000 incidents of data breach were reported in India alone. Cyber Security Insurance (CSI) is an important insurance policy as it provides coverage against financial losses due to data theft, unauthorized access to confidential information, or damage to IT infrastructure due to malicious intent or malicious code attacks. However, in India, the availability of CSI is still very limited. Unfortunately, it is not possible to provide data breach incidents for India for 2020, 2021, and 2022, as the data for the years are not yet available in public domain. However some most popular incidents of data breaches that occurred in 2020, 2021 and 2022 in India are as under:
2020
1. Unauthorised Access of Aadhaar Data: In July 2020, it was revealed that some 500 government websites in India had leaked Aadhaar numbers, bank account details and other personal information of nearly 130 million users.
2. DataBreach at State Bank of India: In August 2020, it was reported that a security lapse had exposed bank account numbers, personal and financial details of around 1.3 million customers of the State Bank of India.
3. DataBreach of Healthcare Platform: In December 2020, it was reported that a healthcare platform, Lybrate, had leaked the medical and personal data of over 2.9 million users.
2021
1. DataBreach at IIT Bombay: In April 2021, IIT Bombay’s website was hacked and personal data, including email addresses and passwords of students, was exposed.
2. Data Breach at Indian Railways:In June 2021, it was revealed that personal data, including credit card details and address, of around 110 million passengers were leaked due to a security breach at Indian Railways’ online ticketing portal.
3. Data Breach at PepsiCo:In July 2021, it was reported that PepsiCo’s Indian subsidiary had suffered a breach of personal information of 1.3 million customers.
2022
1. DataBreach at Reliance Industries Limited: In April 2022, it was reported that a security breach at Reliance Industries Limited had exposed personal data of over 30 million customers.
2. Data Breach at Local Indian Banks: In June 2022, it was reported that a cyber attack had led to the personal data of roughly 20 million customers being leaked from a number of local Indian banks.
3. Data Breach at Indian Government Database: In August 2022, it was reported that the personal and financial data of around 8 million citizens had been leaked due to a security breach in the Indian government’s database.
Currently, most insurance companies in India do not offer cyber security insurance policies to individuals and corporates. This is primarily because of the indeterminate nature of the risk associated with cybercrime, making this category of insurance too complex to underwrite. Additionally, the knowledge gap among insurance companies to provide accurate risk modelling is another challenge.
Furthermore, traditional insurers find it difficult to provide coverage due to the varied nature of the threats. Every risk cannot be performed under one policy, and companies often encounter last-minute objections from insurance companies due to their lack of understanding of the cyber security risk.
The prime reason for the unavailability of CSI policies in India is the lack of public awareness and understanding of cyber security threats. The uncertainty associated with cyber threats makes it difficult for insurers to underwrite cyber security risks and provide the requisite coverage. India needs a proactive approach towards the development of a cyber security culture, where both public and private organisations can protect themselves against data breaches and malware attacks.
In conclusion, India’s lack of cyber security insurance availability is a serious issue. The country must take steps to educate stakeholders, including insurance companies, on this critical topic so that they can properly assess and offer cyber security insurance policies. This will go a long way in protecting organisations, both public and private, from financial losses due to cybercrime.
At this time in upcoming budget it is possible that security breach insurance policy cover will be announced by the Government of India. As budgets are typically prepared and released on an annual basis, it is likely that these expectations will be announced when the budget is released in the upcoming month.
*****
(Author can be reached at email address casharma.sharad2000@gmail.com or on Mobile No. 9990365673)
Disclaimer : “Neither this article nor the information contained herein shall in any way be construed as forming a contract or shall constitute professional advice required before acting upon any matter. CA Sharad Kumar Sharma has taken all due care in the preparation of this article for accuracy in its contents at the time of publication. However, no liability shall be accepted by him in the event of any direct, indirect or consequential damages arising out of or in any way connected with the use of this article or its contents. “
Author Bio
