SMEs serve as growth engines for the Indian economy. They contribute 40% of the country’s total exports and 45% of the total manufacturing output while employing 40% of the country’s workforce. SMEs in India continue to maintain double-digit annual growth rates. Much of this recent growth is fueled by an increased focus on digitization in the SME sector.
Digitization helps SMEs increase productivity, minimize production costs, alleviate manufacturing defects through process automation and greatly enhance product life-cycles. Such digitization is characterized by risks to an SME’s digital infrastructure. These risks include data breaches that may compromise company confidential information or customer data, IT failure leading to short-term or long-term business interruption, and regulatory tariffs. To mitigate these risks, SMEs are increasingly turning to cyber insurance, to help them remain competitive in the event of any of the above risks being realized.
What is Cyber Insurance?
Historically, cyber insurance was offered bundled with general liability or professional indemnity insurance policies. It was in 2014, that cyber insurance, in its present form, was first offered as a standalone policy, to help cover for cyber risks and provide a comprehensive cover. Such cyber insurance is typically designed to help SMEs deal with the impact of planned attacks such as malware, ransomware or distributed denial of service attacks or any other similar crimes designed to disrupt digital infrastructure and access sensitive data. These policies are customized to the business needs of an SME and in an increasingly digitized ecosystem help provide indemnification from any lawsuits resulting from data breaches or losses resulting from theft of company intellectual property.
Need for Cyber Insurance
The cyber insurance market in India is in its nascent stage and continues to increase its footprint across the SME sector. With a total of 350 policies sold in the year 2018 from 250 in the previous year, cyber insurance adoption saw year-on-year growth of 40%. An increasingly digital ecosystem mandates SMEs adopt measures to safeguard themselves from cyber risks and cyber insurance has become the need of the hour. Some factors driving the adoption of and the need for cyber insurance are outlined below.
- Increasing digitization: Digitization in SME businesses including the adoption of technologies like cloud, mobile, big data, AI/ML, and IoT to name a few, has been spurred by an increasingly digital customer base and government-led initiatives like Digital India, Make in India, etc. It is also driven by SMEs desire to improve business efficiency and manage costs. This has led to an increasing footprint of IT and IT-enabled services in the SME sector. Such digitization has exposed SMEs to a range of cyber risks and therefore proliferated the need for risk mitigation and management through cyber insurance.
- Rise in data breaches: In the period between 2016 and 2018, there has been a consistent rise in targeted cyber attacks in India resulting in it being the second most affected country in the world. The average cost of managing and recovering from such a data breach has gone up to INR 11.9 Cr, a year-on-year increase of 7.9%. Not only have the instance of cyber attacks increased, but there has also been an increase in the sophistication of such attacks. Recent attacks include the WannaCry ransomware which attacked companies data and encrypted it and demands money to re-enable access. Such attacks leave SMEs and their businesses vulnerable and have led to the increasing adoption of cyber insurance to meet the costs required for a nimble recovery.
- Increased Awareness: With rising digitization, SMEs are also increasingly aware of the associated risks with a digital infrastructure. They realize that data in the online world is the company’s biggest asset and needs to be safeguarded. Insurance providers have themselves embraced digitization and have shored up their portfolios to over cyber insurance policies customized and tailored to SME business needs. Insurance agents and agent organizations have also worked to make SMEs aware of such insurance products, the provisions under which these can be availed and their undeniable need. The combined efforts of insurance providers and agents had led to increased awareness and rising adoption of cyber insurance with SMEs constituting up to 40% of policyholders.
- Key Cog in Overall Risk Management Strategy: SMEs are early adopters of cyber insurance policies and such adoption has been driven by the importance of cyber risk management. SMEs which have embraced digitization realize the disruption to their businesses can be all-encompassing in the event of cyber attacks and data breaches. As such, they have made provisions to include cyber risk mitigation a priority in their overall risk management strategy.
- Regulatory Factors: In anticipation of India’s Draft Data Protection Bill, SMEs are increasingly prompted to consider cyber policies especially those dealing with personal information or financial services. The draft bill lays down penalties ranging in the order of INR 5 Cr or 2% of worldwide turnover to INR 15 Cr or 4% of total worldwide turnover. SMEs with a global footprint also fall under the ambit of the EU General Data Protection Regulation (GDPR), especially in the professional services sector. GDPR regulations apply to all companies processing EU citizens personal data, regardless of geography, and entail penalties of up to EUR 20 million or 4% of total worldwide revenue in the event of a data breach. Such regulatory fines have also led to SMEs adopting cyber insurance.
Coverage Under Cyber Insurance
Cyber insurance provides multiple layers of protection and coverage for SME organizations. These coverages are across first party and third party expenses, privacy & data liabilities, business interruption, and cyber theft.
First party coverage includes legal fees, professional consultation expenses, administrative costs resulting from any regulatory fines. It includes expenses incurred in identifying and managing the event of a data breach. These are typically legal, forensic and IT audit related expenses and also include expenses to ensure compliance with regulations. Crisis management expenses including notification of all stakeholders to initiate a planned response to cyber crimes are also covered. It also covers public relations expenses related to the dissemination of information to ensure the SME brand is not tarnished.
Third party coverage includes network security liability cover and multimedia liability cover for any outsourcing organizations SMEs may engage with. These help SMEs meet costs from third-party damages as a result of a denial of access or theft of data and any intellectual property infringements related costs.
Cyber insurance also provides coverage from business interruption expenses like short-term revenue loss, system damage and restoration costs. It also covers cyber theft-related expenses including financial money transfer frauds, e-theft loss, e-communication loss, and cyber extortion ransomware.
The Indian economy is headed towards digitization with increased government focus on initiatives and policies to foster this change. With the potential of becoming a USD 1 trillion digital economy by 2025, SMEs which are key stakeholders in the India growth story has recognized the opportunity and need for safeguarding their increasingly digital business by availing cyber insurance. Early adoption also means, SMEs have awareness of challenges associated with cybersecurity and can engage with the government on policy matters like the soon to be introduced Draft Data Protection Bill. Such dialogues will ensure a win-win for the SMEs and the Indian economy in the long-term and ensure they remain drivers of India’s path to becoming a global force. Do you want to know more about protecting your business with cyber insurance? Get in touch with PlanCover, SMEs insurance experts.