Naavi has been an evangelist for Cyber Insurance for a long time. In fact a separate bloc cyberinsurance.org.in was created to have a focussed discussion on Cyber Insurance only to find that the interest level of the market is still too low for the blog to be of interest as a separate entity. In 2015, Naavi conducted an all India survey on the status of Cyber Insurance to understand the status of the industry. It was found that there was a huge gap in the understanding of the user industries on Cyber Insurance as a product. Many had not even considered it as a requirement as part of their IS policy.
However recently it is found that atleast about 350 Corporate Cyber Insurance policies have been issued. About an year back the individual Cyber policies were also introduced by Bajaj Allianz and later HDFC ERGO and it is indicated that there are more than 15000/- individual policies in operation at this point of time. Hence it appears that Cyber Insurance as a concept has atleast taken off.
Over the last two weeks, I have had extensive discussions with many Insurance professionals to understand the “Perception Gap” between the cyber insurance user industry and the insurance companies. I will try to share some of these thoughts and analysis of some of the insurance polices through these columns.
I have set two objectives for this latest activity focussing on Cyber Insurance
- Bridging the perception gap between the Information Security industry and Cyber Insurance industry by being the conduit of knowledge exchange between these two industry professionals.
- Developing the possibility of a specific Cyber Insurance Policy extension or a Cyber Policy itself to cover the risks that arise due to the PDPA (Personal Data Protection Act) that is in the offing.
The above exercise involves conduct of many awareness sessions for the Cyber Insurance industry to make them understand the expectations of the IS industry and vice-versa.
The PDPSI (Personal Data Protection Standard of India) security framework which has been announced by the undersigned is ready to be used as a framework for compliance of PDPA. This can also be a guidance for “Cyber Insurability audit” and hence could assist the Insurance companies in assessing the premium.
Watch out for more discussions in this aspect and join me in this new push for Cyber Insurance.