/images/ppid_59c68470-image-176597506133122525.webp)
Tejas Jain, Founder & CEO of BimaKavach, noted that while regulated sectors like banking have long-established cybersecurity requirements, SMEs and independent professionals typically have fewer protections, making them more vulnerable to cyberattacks.
Cyber risks for smaller businesses have expanded as operations become digital. Payments often run on UPI, accounting is cloud-based, teams work remotely, and customer data is stored across multiple platforms.
A single cyber incident can disrupt operations, compromise sensitive information, or affect cash flows. Regulatory frameworks such as the Data Protection and Privacy Act, which can impose penalties of up to ₹250 crore, increase potential financial exposure.
Jain said cyber insurance can provide coverage in such events, although it is considered a reactive measure and is most effective when combined with robust cybersecurity practices.
Common risks include ransomware attacks, social engineering fraud, phishing, and operational downtime. Ransomware can lock or steal critical data, and SMEs often lack internal resources for incident management. Social engineering and phishing exploit human error, sometimes resulting in unauthorised fund transfers or invoice manipulation. Business interruption following cyber incidents can also generate significant financial losses, which insurance policies may cover.
Cyber insurance costs for SMEs vary based on the scale of potential losses.
Jain noted that the median ransom payment in recent Indian cases was approximately $482,000 (₹4 crore). Digital-first insurance products for SMEs are available with premiums starting around ₹25,000-45,000, offering coverage levels from ₹10-20 lakh.
Policies typically cover first-party losses, such as system restoration and business interruption, and third-party losses, including legal liabilities to clients, vendors, or partners. Coverage may also include fund transfer fraud, ransomware, employee fraud, social engineering fraud, and PR expenses.
The frequency of attacks targeting SMEs — estimated at nearly 43% — has influenced premium trends and policy terms.
Jain explained that higher claim volumes and limited insurance pools have led to increased premiums and stricter underwriting standards. Analysts indicate that as more SMEs adopt cyber insurance, the market may stabilise.
Overall, SMEs operating in digital environments face growing cyber risks, and insurance is increasingly considered a component of financial risk management alongside preventive cybersecurity measures.
ALSO READ | Cybersecurity in the public sector is ultimately a data problem
/images/ppid_a911dc6a-image-176578747308692204.webp)
