Cyber risks: IRDAI issues cyber insurance product norms
The guidance will improve the development of the cyber insurance market with new products.
Cyber Insurance Product Norms Enhance benefits for policyholders.
In order to facilitate insurers in developing standalone cyber insurance products.
The insurance regulator has issue a guidance document on product structure for cyber insurance.
The guidance will enable insurers to evaluate new technologies posing heighten cyber risk.
Identify protection gaps in existing products and address the changing needs of customers.
In fact, a working group set up by Insurance Regulatory.
Development Authority of India (IRDAI) has conclude that standardization of policy wording for.
Cyber insurance is not desirable because of the evolving nature of legislative frameworks in dealing with cyber risk.
Fast growing digital ecosystem, increasing interconnectedness globally.
Complexity of IT systems and emergence of new risks.
Experts say the guidance will improve the development of the cyber insurance market with new products.
Enhance benefits for policyholders.
At present, general insurance companies are offering cyber insurance products with exclusive coverage for individuals to protect against cyber perils.
The policies cover first party losses such as direct financial loss, data recovery and regulatory actions.
Individual cyber insurance cover
The regulator’s guidance document suggests some salient features of individual cyber insurance policy such as theft of funds.
Which will provide protection against theft of funds due to hacking of insured’s bank account.
Credit or debit card, mobile wallets by a third party.
The identity theft cover will provide protection in terms of defense cost for claims make against insured by third.
Affected party due to identity theft fraud while the phishing cover will provide protection against any financial losses due to a phishing attack.
Provides cost of prosecuting perpetrators.
The regulator has suggest that the policy wording of cyber insurance policies should be easy to understand.
The claim process must be easy to comprehend and implement.
It has suggested insurers should consider offering cyber insurance as a part of package policy like householders package policy.
Offer a base version of the policy at an affordable premium.
Then give the customer an option to choose additional covers and group policies, including affinity policies.
Gaps to address
The regulator has note that in the existing policies there are gaps which have to be address in order to make cyber insurance customer-friendly.
At present, an FIR has to be mandatorily file in case of a cyber incident while filing a claim which becomes a hassle for individuals and creates distrust in their minds when claims are not settle because of the same.
The guidance document has suggest that FIR is a critical requirement to assess claims and cannot be fully dispensed with.
However, for small claims up to Rs 5,000, the insurers may ask for e-complaint lodge at the National Cyber Crime Reporting Portal.
In the existing policies, individuals are require to take due diligence, care.
Reasonable precautions to safeguard their identity/personal details while on the web.
Claims are admissible only if the individual is an innocent victim of the cyber fraud.
Gross negligence is exclude from the coverage.
As this creates a grey area in the coverage, the guidance suggests more explicit exclusion language to be used such as deliberate, criminal, fraudulent, dishonest or malicious act or omission of insured beneficiary.
At present, territory and jurisdiction is restricted to India only in most of the policies.
A number of syndicate frauds originate from outside India such as phishing, ransomware, malware attacks.
Cyber insurance clauses may or may not be clear on the coverage in this regard.
So, to address this gap, the regulator has suggest that insurers may offer options for worldwide territory.
The jurisdiction for claims settlement should be India
One of the major reasons of cyber related losses is that unsolicited communications are exclude from the scope of cover in many insurance policies.
The regulator has suggest that insurers could offer coverage for such losses to make cyber insurance policies customer-friendly.
It has also suggested that insurers could offer coverage for losses related to sim-jacking, card cloning and skimming.