increasing use of and dependence on information technology in business
activities – while creating significant benefits in terms of productivity and
efficiency – is also leading to significant risks. Among them are “digital security risks”
which, when they materialise, can disrupt the achievement of business by
compromising the confidentiality, integrity and availability of information and
information systems. It is widely assumed that most companies have been or will
be affected by such “cyber” attacks. Businesses across a wide range of industry
sectors are exposed to potentially enormous physical losses as well as
liabilities and costs as a result of cyber-attacks and data breaches.
of recent attacks include such well-known brands as eBay, Target, Neiman
Marcus, Michaels Stores, the University of Maryland, NATO, JPMorgan Chase,
Adobe, and Living Social.
Cyber Legislation in India
Information Technology Act 2000 was passed and enforced on 17th May 2000.
major amendments were carried out to IT Act2000 by the Information Technology
Amendment Act, 2008.
were also carried out in the Indian Penal Code 1860, the Indian Evidence Act
1872, the Banker’s Book Evidence Act 1891 and the Reserve Bank
of India Act 1934.
Types of cyber risk coverage
Loss/Corruption of Data – Covers damage to, or destruction of,
valuable information assets as a result of viruses, malicious code and Trojan
Business Interruption – Covers loss of business income as a
result of an attack on a company’s network that limits its ability to conduct
business, such as a denial of-service computer attack. Coverage also includes
extra expenses, forensic expenses and dependent business interruption.
Liability – Covers defense costs, settlements,
judgments and, sometimes, punitive damages incurred by a company as a result
of privacy due to theft of data (such as credit cards, financial or health
of a computer virus or other liabilities resulting from a computer attack,
which causes financial loss to third parties;
of security which causes network systems to be unavailable to third parties;
rendering of Internet Professional Services;
of copyright or trademark infringement, libel, slander, defamation or other
“media” activities in the company’s website, such as postings by visitors on
bulletin boards and in chat rooms. This also covers liabilities as postings by
visitors on bulletin boards and in chat rooms. This also covers liabilities
associated with banner ads for other businesses located on the site.
Cyber Extortion – Covers the “settlement” of an extortion
threat against a company’s network, as well as the cost of hiring a security
firm to track down and negotiate with blackmailers.
Crisis Management – Covers the costs to retain public
relations assistance or advertising to rebuild a company’s reputation after an
incident. Coverage is also available for the cost of notifying consumers of a
release of private information, as well the cost of providing credit-monitoring
or other remediation services in the event of a covered incident.
Criminal Rewards – Covers the cost of posting a criminal
reward fund for information leading to the arrest and conviction of a cyber-criminal
who has attacked a company’s computer systems.
Data Breach – Covers the expenses and legal liability
resulting from a data breach. Policies may also provide access to services
helping business owners to comply with regulatory requirements and to address
Identity Theft – Provides access to an identity theft call
center in the event of stolen customer or employee personal information. Social
Media/Networking – Insurers are looking to develop products that cover a
company’s social networking activities under one policy. Some cyber policies
now provide coverage for certain social media liability exposures such as
online defamation, advertising, libel and slander.
created by you are not covered;
caused by self-replicating code which has not been specifically targeted at you
are not covered.
caused by infringement of patents;
or reckless acts are not covered;
Cyber insurance typically
covers expenses related to first parties as well as claims by third parties.