Indian cos adopt cyber insurance as attacks surge, shows study
The rise of cyber security threats like ransomware, phishing, crypto-jacking, and others, is forcing companies to opt for a cyber-insurance cover — either as part of an overall insurance policy or a standalone policy, according to a new research report published on Tuesday.
India, which is one of the top countries hit by cyber-attacks, as per various reports, is also emerging as a leading buyer of cyber covers, said the survey conducted by cybersecurity solutions company Sophos, covered 3,000 respondents across 14 countries, including 300 from India.
The survey showed that India is ranked sixth among the top ten countries taking adequate cover for cyber breaches, according to a recent survey. South Africa leads the list with 98% of organisations taking a cyber-insurance cover, followed by Singapore with 97%, and Austria and the US with 94% each.
According to the survey, organisations with cyber insurance are more likely to be able to recover data following a ransomware incident than those without coverage. Conversely, only 84% of organisations without cyber coverage reported that they could recover data.
The study also showed that about 58% of organisations with a standalone cyber insurance policy, and which had data encrypted in a ransomware attack last year, paid the ransom to get their data back. In comparison, only 36% of those with cyber insurance as part of a broader insurance policy paid the ransom and this was 15% for those without cyber insurance.
The study also found that cyber insurance adoption increases with revenue, with organisations with high revenues reporting the highest propensity to have cyber coverage.
Overall, about 47% of the organisations said they have a standalone cyber insurance, while 43% said they have a cyber-insurance cover as part of a wider business policy. About 8% don’t have cyber insurance but plan to get coverage in the next year.
Among the verticals, the education sector reported the highest overall level of cyber insurance coverage (96%), followed by financial services — which is most likely to have a standalone cyber policy (59%), and retail (56%). Interestingly, IT, telecom and technology verticals have a low coverage of 35%, the study said.
To be sure, a report by reinsurer Swiss Re AG published in November last year said that insurers worldwide wrote $10 billion in cyber premiums in 2021. The firm estimated that figure is set to exceed $23 billion by 2025. More than half of businesses have cyber policies, but fewer than 20% have limits on those policies exceeding the median ransomware demand, Swiss Re said.
“The cyber market is continuing to evolve and will continue to do so as the threat actors’ change over time,” Aon Plc President Eric Andersen said in a statement.
In July 2022, a report by insurance marketplace Policybazaar showed that there is a great market opportunity for cyber insurance, especially in tier 2 and 3 cities in India. The report showed that 23% of respondents said that they have a cyber-insurance policy in place, which indicates a growing level of awareness towards effectively combatting intangible threats to crucial digital assets across India.