Security: Time Indian Firms Start Looking From Insurance Prism

Risk is usually passed down the line; that’s the age old financial wisdom. People insure against all kinds of risk with insurance companies, which in turn pass on the risk to the re-insurance companies.

So, why don’t companies insure themselves against a possible data breach or attack? Why are enterprises so reluctant? Is it a lack of awareness or a lack options?

According to a survey by Ponemon Institute, only 31 percent of the companies worldwide are insured against data breaches. And this number is much lower for India with some surveys indicating that less than 10 percent of the companies in the country have an insurance against data breach.

However, before we proceed further, a note of caution. Does taking an insurance against a possible cyber-attack solve the problem? Does it completely mitigate the risk? The answer is a clear no. But, does it limit the damage in case of an unfortunate incidence? Yes.

Also, does it mean that by taking an insurance one can stop investing in security infrastructure? The answer is no. Just as we don’t or won’t leave our front door open because we have insured all the household valuables or just because we have taken a life insurance doesn’t mean that we can stop caring about our health, one can’t stop investing in security infrastructure just because the firm has taken an insurance against a possible data breach.

So, what is stopping the global or Indian organizations from taking this approach? Why are they so hesitant towards taking an insurance against a possible cyber-attack?

According to cyber security experts, one of the primary reasons is a lack of understanding of cyber security laws, policies and their implications among Indian insurance providers. As a result, there are very few pure-play cyber insurance companies in the Indian market. Another is the high price of a policy, which acts as a major roadblock in the adoption of cyber security insurance.

Though some companies are offering cyber insurance covers that include third party liability and costs and expenses to compensate victims against the losses, there are a lot of exclusions in the offerings, which tend to put off potential buyers of such policies.

But as the risk perception increases, there is a clear need for both the enterprises and insurance providers to work together to find a solution, which is beneficial to both sides. And the first signs are already visible. According to a PwC report, the cyber insurance market will grow to $5 billion in annual premiums by 2018 and is likely to touch $7.5 billion in annual premiums by 2020.

Even in India, surveys indicate that enterprises are warming up to the idea of a cyber-insurance. According to a survey, 72 percent of the companies in India are willing to consider a cyber-insurance policy if a suitable product at a proper price is available.

As awareness and understanding increases, it’s just a matter of time before suitable products are available at the right price points. If the financial services firms can come up with structured financial products like mortgage-backed securities and derivatives based on those, surely coming up with an insurance product to cover the risk against a possible data breach should be a walk in the park for these firms.

And as for Indian enterprises, it’s time they start looking at security from the insurance prism as well.

T M Arun Kumar is Consulting Editor at IDG India.