A working group formed by the IRDAI to study cyber liability insurance has made several recommendations for insurers to deal with increased cyber risk, including suggesting that efforts be made to popularise cyber cover.
“Cyber exposure is a concern for all underwriters. Cyber affirmative and silent covers are scattered in many different products beyond standalone ones. Cyber risk permeates all classes of insurance without boundaries of industries,” the working group said.
Among various cyber issues, the panel indicates that insurers need to address the silent cyber issue. Silent cyber is the unknown exposure in an insurer’s portfolio created by a cyber peril, which has not been explicitly excluded or included. This is also known as “unintended” or “non-affirmative” cyber coverage.
Many property and liability insurance policies were designed when cyber wasn’t perceived as a major risk. These policies often do not explicitly mention cyber coverage. However, the devastating NotPetya attack and other high-profile cyber security events in the recent past, have placed the issue high on the agenda for the insurance industry.
The working group says that it is neither desirable nor possible to standardise cyber cover at this juncture. “Nevertheless, insurers can build in certain minimum covers as a part of individual cyber insurance. The attached model policy wording can be considered by the insurance industry as a reference point to provide minimum basic coverage,” it said.
The panel says that standardisation of cyber policy wordings at this nascent stage may hamper the development of cyber insurance in the Indian market. “It is important now to focus on popularising the cyber insurance product,” it said.
The working group also suggests that insurers offer cyber insurance as a part of an insurance package such as Householders Package policy.