Source: asiainsurancereview.com

With COVID-19 pandemic sweeping virtually every nation across the globe, most organisations are adjusting to employees working from home. However, the majority of the employees use their own internet connections which increases their vulnerability to cyber attacks.

Asia Insurance Review spoke with Tata AIG General Insurance executive vice president commercial lines Sushant Sarin to understand how the insurers view the cyber risks and cyber incidents of an organisation operating from several ‘addresses’.

Mr Sarin said, “We underwrite policies for clients many of whom have a global presence. So the fact that companies are functioning from many more additional ‘locations’ now is something we accept and underwrite. A cyber incident such as a network breach or data breach, through these locations, would trigger the cyber insurance policy.” Cyber insurance protects companies by securing them against financial losses and losses associated with cyber attacks. Commonplace financial outgoes are forensic costs, data restoration costs and notification costs. Other losses include regulatory investigations and fines and third-party liability. Speaking about exclusions in the cyber-insurance policies, Mr Sarin said, “We have not brought in any new exclusions in view of the current COVID-19 pandemic. The regular exclusions such as body injury, property damage, intentional damage, wars and some more of course continue.”

From his point of view, the most important factor to consider while buying a cyber insurance cover should be the claim handling ability of the insurer. Cyber insurance claims are complex in nature and only insurers who have dedicated claims teams to handle such claims will be able to help clients when an incident occurs. “We expect our cyber insurance policyholders to notify as soon as they become aware of a cyber incident. This can be done easily by intimating brief details of the incident and the insurance cover to the insurer. “The claims team then works with the policyholder right through the resolution of the incident, from hiring a forensic expert – amongst the first steps taken, to preparing for defence against third party liability for data breach, which usually happens after the initial response to a cyber incident is over, said Mr Sarin.

Referring to the good practices that the companies should adopt to ensure maximum cybersecurity Mr Sarin said, “Strong firewalls, regular and dependable backup and encryption of critical data, two factor authentication should be a great help to avert major cyber incidents. In addition a strong business continuity plan would serve the policyholder well.” He said, “While these protect you to an extent, there is no guarantee against being hacked. If and when you are hacked, cyber insurance works well as plan B.”
Mr Sarin said, cyber criminals are exploiting the present COVID-19 pandemic and with IT teams under stress in almost all organisations due to large dependency on the existing infrastructure, which may or may not be fully geared up to meet all exigencies.

Mr Sarin said, “In such situations we at Tata AIG offer value added services to our customers, such as cyber-security rating and access to a security scorecard which enables customers to benchmark their security profile. “These services come from world leaders in cyber security assessments. For select clients, our cyber security experts engage with the clients’ security team to review their cyber-security posture and advise them on opportunities for improvement.”