Protecting yourself from cyberattacks – The Hindu

Insurers have developed products for individuals and businesses at attractive premium rates

Insurers have developed products for individuals and businesses at attractive premium rates

As businesses, government, and the public increasingly rely on digitalization, cybersecurity has become essential to their basic functioning these days.

Cyberattacks have increased over the past 12 to 18 months, affecting businesses of all shapes and sizes, where data network reliability is a prerequisite for their operations. As a result, cybersecurity is now high on the list of corporate governance priorities.

As more businesses shifted to working from home, there were database breaches and hacks, resulting in lost revenue opportunities across all industries. Even systems considered highly secure could be hacked in cyberattacks. Reports say nearly 26,000 Indian websites were hacked in the 10-month period ending October. Hackers operated from different parts of the world with hidden identities.

While weak passwords are the common cause of such attacks, systems with unprotected or unchanged passwords are highly vulnerable. Second, different types of malware take advantage of expired antivirus software. Third, working in insecure environments such as a common Wi-Fi network to access private emails and USB drives can be risky.

It is the responsibility of the organization to take measures to prevent and counter potential threats. They must teach their employees how to create strong passwords, follow proper protocols to secure passwords, and ensure that firewalls are equipped to withstand any malware attack, by installing updates. regular software updates. This is also why virtual private networks are promoted in organizations.

Types of threats

Internal threats can arise from employee negligence or ignorance, while external threats can come from former employees, competitors, and hackers who steal company data and money through corporate theft. identity and phishing. This would obviously lead to reputational damage, financial loss, litigation, regulatory investigations, and most importantly, loss of customers and therefore revenue.

Ransomware attacks continue to evolve in the market, with the past 8-10 months seeing the highest number of sensitive data exposure threats. A leading social media platform suffered a data breach, in which millions of profiles containing email addresses, names, birthdates and phone numbers were sold on the dark web. In another incident, a major foreign bank was hacked, causing financial loss. Ransomware attackers can expose employees’ HR files or vulnerable customer data.

Insurers also add crime policies to cover staff collusion.

There are cyber insurance solutions available in the market to protect against losses caused by cyber attacks, including first party and third party losses, and cyber extortion.

Liability insurance covers damage caused by electronic theft, loss of electronic communication, electronic vandalism, business interruption (loss of revenue due to fraudulent access resulting in impaired operations), etc.

Third-party losses cover disclosure liability (any customer claims due to system security failures resulting in unauthorized access), content liability (for alleged copyright infringement), reputation liability and driving responsibility. Expense coverage includes privacy notice expenses, crisis expenses, and reward expenses.

A few insurers even offer coverage for proactive forensic services in a potential threat situation. Businesses must first understand the need for cyber insurance solutions, rather than just obtaining cyber insurance coverage. Cyber ​​insurance helps cover legal costs arising from damage due to a cyber attack. This should be part of the company’s overall business continuity strategy, as it allows for quick recovery after an incident.

The ability to identify an attack and protect against it quickly are some of the underwriting principles of insurers.

Insurers perform meticulous due diligence through application forms, interactions, network diagrams, and reviews of a company’s cyber strategies before providing cyber insurance coverages.

As part of their review, insurers check for MFA (multi-factor authentication) processes, tested backups, network monitoring, and whether users are employees and/or vendors.

Purchasing a cyber insurance policy alone will not suffice; the company must ensure that protocols are strictly followed and train employees in digital hygiene.

Digital Discipline

Proactive risk management strategies that include the use of strong passwords, ensuring that passwords are not freely shared among employees, multi-factor authentication, appropriate firewall use and controls access to servers and routers are all examples of good digital behavior. These are also important underwriting points for obtaining cyber insurance from insurers.

Due to the significant exposure to ransomware, the coverage or amount of coverage that insurers can provide to a business depends on the industry, profile, and digital behavior of the business.

To provide coverage, insurers consider factors such as company turnover, individual computing devices, personally identifiable information, whether system or network management is outsourced, frequency of regular audits of the system and the use of encryption.

Thanks to work-from-home situations, insurers have also developed products for individuals at reasonable premium levels, apart from corporate solutions.

While the cost of coverage for businesses can be had at around 4-5% of the requested limit, cyber retail products come with individual coverage and options like family coverage and digital asset protection against malware, with limitations of liability. ranging from ₹50,000 to ₹1 crore, with premium prices ranging from ₹1,500 to ₹15,000.

This can be useful in the event of a cyber breach in retail. More and more insurers are offering attractive premiums.

Exclusions include willful, fraudulent or willful infringement, unlawfully collected data and unsolicited correspondence, to name a few.

Insurance coverage is always intended to provide loss prevention. That said, clear, written planning and impact testing exercises are essential for attack protection.

Both capsule cyber insurance and business maturity are important because companies using best practices with impeccable technical solutions and systems can still be vulnerable in these modern cyber environments.

(The author is Director and CEO, TVS Insurance Broking Ltd.)