/images/ppid_59c68470-image-177046753706312192.webp)
What is the story about?
Cyber insurance is adopted by businesses in India as a measure to manage risks associated with cyber incidents. Experts note that incidents such as data breaches, ransomware attacks, and extortion attempts have become more frequent in recent years, prompting organisations to consider coverage as part of their operational planning.
Cyber insurance requirements
Ravi Goyal, Partner at Scriboard, who advises businesses on cyber fraud and data breach matters, explained that insurers often require businesses to implement adequate
cybersecurity measures before issuing policies.
Coverage typically considers access controls, data protection measures, and incident-response protocols.
Policies may also include financial support for forensic investigations, legal advice, and system restoration, depending on terms, sub-limits, and exclusions.
Common cyber risks in India
Indian companies face a range of cyber risks, including data breaches, ransomware attacks, and extortion threats where sensitive data is stolen and ransoms demanded.
While large technology firms and multinational corporations generally maintain robust coverage—often mandated under client contracts—many small and medium enterprises remain underinsured or unaware of the policies available.
“Even if the protection of a policy exists, scope and exclusions can leave businesses exposed,” Goyal noted. “Some policies cover system downtime and IT disruptions but may exclude ransom payments or data extortion costs, which are increasingly common.”
Supporting recovery, not preventing attacks
While cyber insurance helps businesses absorb the financial impact of cyber incidents, experts emphasise that it cannot replace proactive cybersecurity measures.
“Insurance works best when basic safeguards—multi-factor authentication, secure backups, access controls, and incident-response plans—are already in place,” said Goyal. “It supports remediation, but does not prevent attacks.”
Drawing on his experience handling cyber security incidents, Goyal also highlighted the role of preparedness.
“Organisations that have tested post-incident response protocols can reduce disruption, preserve evidence for insurers, and manage communications more efficiently. Lack of preparedness often increases losses despite having insurance.”
Industry leaders echo this view.
Mohd. Arif Khan, Deputy CEO of SBI General Insurance, said, “Cyber insurance now offers holistic recovery support, including legal assistance, IT experts for breach investigation, and even counselling for psychological impacts.”
Ankit Gupta of Policybazaar for Business added that for households and small businesses, policies act as a digital safety net covering direct financial losses, third-party liabilities, and recovery expenses.
Goyal also noted the importance of ongoing review.
“Cyber threats evolve rapidly. Companies should regularly update their systems, security tools, and policies to ensure coverage remains aligned with current risks. Insurance is part of a broader risk-management framework that includes technology, processes, and people," he said.
Cyber insurance requirements
Ravi Goyal, Partner at Scriboard, who advises businesses on cyber fraud and data breach matters, explained that insurers often require businesses to implement adequate
Coverage typically considers access controls, data protection measures, and incident-response protocols.
Policies may also include financial support for forensic investigations, legal advice, and system restoration, depending on terms, sub-limits, and exclusions.
Common cyber risks in India
Indian companies face a range of cyber risks, including data breaches, ransomware attacks, and extortion threats where sensitive data is stolen and ransoms demanded.
While large technology firms and multinational corporations generally maintain robust coverage—often mandated under client contracts—many small and medium enterprises remain underinsured or unaware of the policies available.
“Even if the protection of a policy exists, scope and exclusions can leave businesses exposed,” Goyal noted. “Some policies cover system downtime and IT disruptions but may exclude ransom payments or data extortion costs, which are increasingly common.”
Supporting recovery, not preventing attacks
While cyber insurance helps businesses absorb the financial impact of cyber incidents, experts emphasise that it cannot replace proactive cybersecurity measures.
“Insurance works best when basic safeguards—multi-factor authentication, secure backups, access controls, and incident-response plans—are already in place,” said Goyal. “It supports remediation, but does not prevent attacks.”
Drawing on his experience handling cyber security incidents, Goyal also highlighted the role of preparedness.
“Organisations that have tested post-incident response protocols can reduce disruption, preserve evidence for insurers, and manage communications more efficiently. Lack of preparedness often increases losses despite having insurance.”
Industry leaders echo this view.
Mohd. Arif Khan, Deputy CEO of SBI General Insurance, said, “Cyber insurance now offers holistic recovery support, including legal assistance, IT experts for breach investigation, and even counselling for psychological impacts.”
Ankit Gupta of Policybazaar for Business added that for households and small businesses, policies act as a digital safety net covering direct financial losses, third-party liabilities, and recovery expenses.
Goyal also noted the importance of ongoing review.
“Cyber threats evolve rapidly. Companies should regularly update their systems, security tools, and policies to ensure coverage remains aligned with current risks. Insurance is part of a broader risk-management framework that includes technology, processes, and people," he said.
/images/ppid_a911dc6a-image-17708236282147011.webp)
/images/ppid_59c68470-image-177082256615070290.webp)
/images/ppid_59c68470-image-177082252977485298.webp)
/images/ppid_59c68470-image-177082253958777729.webp)