New Delhi, Sep 23 (Agency) With cybersecurity issues evolving daily, the Insurance Regulatory and Development Authority of India (IRDAI) will focus on making the relevant changes and guiding the insurance companies as per the evolving requirement, a top insurance watchdog official said at an ASSOCHAM virtual event held on Thursday. “I will say it will be evolving every day and the regulator and the insurance companies together will be focusing on improving the cybersecurity as per the need of the hour. It is not that we have reached a final stage there,” S N Rajeswari, Member, IRDAI, said at an ASSOCHAM National E-Summit on Cyber Insurance – “Reinvigorating the Future for Bridging the Gap.” She said the cyber risks were not static, so, the cyber insurance was also not going to be static.
“There is a need to create awareness and have a cyber insurance ecosystem, cyber literacy, each agency, companies should coordinate with each other and there should be training session to promote awareness on the risk of remote working,” she said. Ms Rajeswari said considering insurance companies manage very huge data of the customers, policyholders and were always running at the risk, IRDAI in its guidance document issued on product structure for cyber insurance had come out with the guidelines and parameters each company should have. “There has to be an information security policy is in place, how it is being reviewed and also where the data and backup data has to be kept, so, IRDAI is focusing on this and there is also proper guideline and FAQ on the cybersecurity update,” she said. The official said the objective of the guidance document issued by the IRDAI on September 8, 2021, was to enable the insurers they could evaluate what were the new technologies that were posing the cyber risk and identify what was the protection gap.
“Of course, there are cyber insurance products available in the market, both for commercial and individual. So now they can identify when IRDAI elaborates what are the possible risks, recommendations they give that can be covered. So, the insurers can identify what are the protection gaps, existing products and they can address according to the needs of the market and even they can develop the standalone cyber insurance product,” she said. The IRDAI Member said while cyber insurance products were mostly for the commercial purpose as it was a standalone product, but it could also be issued to the individuals. “We have discussed the individual cyber need policy and what are the coverages as it is already. It can take care of the identity theft, social media coverage, emails pooling and exhaustion, media liability cover, data breach, privacy breach and whatnot. So, IRDAI has given the model policy wordings what are the do’s and don’ts, and they have also discussed internationally what are the coverages that are available in various other jurisdiction and what is not available in India at present and what is available in limited cover like what we were discussing about that silence cyber cover, whether a D&O policy covers automatically,” she said. Focusing on the micro, small and medium enterprises (MSMEs) and the lower income group, she said there was a need to create awareness and support the ecosystem there.
As per the statistics 43 per cent of all the cyber-attacks are aimed at SMEs because they are highly vulnerable, they have the less sophisticated IT security infrastructure, the awareness is very low and the security measures are very low. “There is a need to have an ecosystem model to support the SMEs with a cover specifically for them so that they are also protected,” she said. Other key speakers, who addressed the ASSOCHAM e-summit, included G Srinivasan, Chairman, ASSOCHAM National Council for Insurance and Director, National Insurance Academy, Kartik Shinde, Partner, EY, V Rajaraman, ED, IFFCO Tokio General Insurance Company Ltd and Tanuj Gulani, Head- Liability Lines, Prudent Insurance Brokers Pvt Ltd.