Everything You Should Know About Section 66A of the IT Act and Cybersecurity Policy

India is said to have the third–largest number of users of internet in the world.Our country is rapidly expanding its digital markets. Though this is quite reassuring in many ways, the growing digitalization inevitably brings forth the fear of being hacked. In fact, there were over 1.1 million cyber-attacks reported in India alone in 2020. The statistics also indicate that over 66% of organisations present in India experienced data breaches in the same year. Hence, it is important to safeguard your information that is present on the internet. This is especially essential for companies that handle vast amounts of sensitive personal information about their customers.This is where a cyber cyber insurance policy can come in handy. In this article, we will take a quick look at what cyber insurance is and how it can help you. What is a Cyber Insurance Policy? Cybersecurity insurance protects you financially against many of the expenses that arise due to data breaches such as the legal fees and extortion that the hacker may compel you to pay. Cyber insurance coverage works just like any other form of insurance. You pay a certain amount of premium in exchange for financially protection against the damages caused by a data breach during the insured period. What Makes Cyber Insurance So Important? The internet is like a big basket of data where the open public network is accessible to anyone with sound knowledge of relevant technology. Many companies use the internet to store and process several types of data such as a customer’s personal information, company revenue statistics and employee bank details. This makes the company a hub of sensitive information that is susceptible to multiple cyber risks. Hackers who steal sensitive data and use the same for their benefit can cause substantial damage to the company’s reputation and potentially decrease its market capitalization as well! If all the bank accounts of your customers were stripped by a hacker,it is your company that will be held liable. Hence, if you own a company that stores data on the internet, it is better to get a cyber insurance policy as it protects you financially against many of the expenses that can arise due to illegal activities by hackers. Getting a cyber insurance policy can help you with proper risk management of your business. You may also want to get a cyber insurance policy if you have recently been receiving threats of cyberattacks. How Extensive is Cyber Insurance Coverage? Cyber security insurance coverage is inherently quite extensive in its coverage. To give you a clearer idea, here is a look at what a cyber insurance policy can potentially cover: It provides you with a worldwide coverage Reputed insurance providers offer worldwide coverage with their cyber insurance policies. This global protection can be quite beneficial for you if you have company branches in other parts of the world. It can cover damages to your system due to the cyber attack Quite often, a cyber–attack not only damages the software but also the hardware of the computer system that it targets. A cyber insurance policy will cover you against any loss or damage to IT records/data. It also covers the costs for the repair of the computer systems that are not operational due to the cyberattack. It covers you against data breaches and identity theft Hackers usually attack the servers of a company to either steal data or cause disruptions in the workings of a company. The cyber security insurance cover will financially protect a company against third–party claims for loss of personal information. Cyber insurance also protects a company against the loss of commercially confidential information, such as the information on the competitive advantage held by your company. It covers you for losses due to interruption of business It is quite obvious that a company will stop operating when its databases is hacked. As a result, the company will probably not be able to generate revenue until the breach is resolved. This could result in a serious cash–flow problem for the company. Under such circumstances, cyber insurance can have your back. It will cover the loss of profits that are caused due to the disruption. It covers penalties that are borne by the company It is the responsibility of a company to ensure the security of the data it stores. The government has many guidelines in place that should be followed by business owners to reduce their susceptibility to a cyber–attack. However, it can sometimes be quite difficult to ensure that your company follows all the guidelines if you do not have sufficient computer knowledge. A cyber insurance cover will also cover you against many (if not all) penalties and fines imposed by the government. Cyber insurance helps you protect your brand image The news of a cyber–attack on your company can easily tarnish your company’s reputation among your customers. Thus, you will need to increase your expenditure on fixing the public relations that are damaged due to the cyber–attack. This cost can be compensated for by the insurance company through a cyber insurance policy. What is Not Covered in a Cyber Insurance Policy? Though a cyber insurance policy is quite extensive in its coverage, there are a few things it does not cover, such as: Physical injuries Electronic disturbances (these are not cyber–attacks) Any fraudulent activity in the cyberspace that is caused by the insured person Damages incurred due to hack that occurred before or after the insurance policy tenure With the digitalisation of the world, it has become quite important for companies to get a cyber defence insurance policy. So, get yourself a cyber defence insurance policy directly and keep your data and online presence protected. Disclaimer: The above information is indicative in nature. For more details on the risk factor, terms and conditions, please refer to the Sales Brochure and Policy Wordings carefully before concluding a sale.

With most businesses relying on the internet to run their operations, cybercriminals have become more active than ever. Cyberattack victims typically face financial losses that can be detrimental to their business. As a business owner, you could be susceptible to cybersecurity risks, which is why you must invest in cyber insurance. Let us learn more about cybersecurity insurance coverage in this article. What is cyber insurance? Cyber insurance is a contract between an individual or business and an insurance company. Under the contract, the insurer promises to pay a pre-specified sum insured to cover financial losses resulting from cyberattacks, identity theft, cyber extortion, online shopping scams, cyberbullying, etc. What Does Cyber Insurance Cover? A typical cyber insurance policy covers the following: Theft of funds: Cyber insurance covers losses from unauthorised access to your finances, including bank accounts, credit cards, debit cards, digital wallets, etc. Any legal costs necessary to prosecute cybercriminals are covered as well. Identity theft: Hackers may use your personal information to commit fraud. In such cases, the insurer indemnifies you for expenses associated with credit and identity monitoring services as well as legal and psychological assistance costs. Malware decontamination: Malware decontamination is caused when malicious software gets installed in your computer systems. Here, the insurer covers the cost of hiring experts to restore company or personal data, provided you file the claim within the specified timeframe. Cyberbullying: Cyber insurance policy also covers the legal fees for civil proceedings against criminals guilty of cyberbullying or cyberstalking. It also covers the costs associated with any temporary actions you may need to take to safeguard yourself from their actions. Cyber extortion: Cyber extortionists hold sensitive information for ransom. Data may include customers’ information, private emails, secret projects, etc. The policy indemnifies you for ransom paid up to the indemnity limit. Online shopping: If you are a victim of online shopping scams, your cyber insurance covers pure financial losses after failed attempts at getting refunds. However, you must report the fraud to your bank or credit card company within 48 hours. Social media liability: If a third party prosecutes a policyholder for defamation, copyright or privacy rights breach arising from media activities, a cyber insurance policy reimburses the legal costs. Online sales: As a business owner, if a third party has not compensated you for your non-commercial goods, cyber insurance can help. It covers direct and pure financial losses as long as you cannot access the goods. Smart home cover: Thanks to the Internet of Things (IoT), smart homes have become increasingly popular. Cybersecurity insurance coverage includes expenses associated with hiring IT experts to decontaminate smart home systems. Privacy and data breach liability: If the policyholder is legally liable for any third-party claims, the same is covered by a cyber insurance policy. The policy also pays for legal costs you may incur for damages caused by a third party. Invest in Cyber Insurance Now Cybersecurity attacks can cause substantial financial losses and mental stress. Cyber insurance covers you against monetary losses and relieves you of the stress caused by such losses. It is a crucial investment that everyone must have in today’s world. Disclaimer: The above information is indicative in nature. For more details on the risk factor, terms and conditions, please refer to the Sales Brochure and Policy Wordings carefully before concluding a sale.

With ever advancing technology, the threats of personal as well as financial cyber attacks are on rise, which necessitates people to get themselves secured against such attacks. Cyber insurance is a modern-day tool that ensures your safety in the situation of such an attack; with a cyber insurance plan, you may never have to worry about losing your data through malware theft or losing money through a scam. A carefully designed cyber security plan can change your overall IT experience, thereby securing your online presence and making your interactions fulfilling. As with any insurance, the question of ‘how to claim cyber insurance when needed’ is also faced by individuals seeking cyber security. You can find some information crucial to understanding cyber security claim process. How to claim cyber insurance Similar to any other insurance plan, you must read the policy document carefully to understand the terms and conditions of your plan and to ensure that the claim request is raised in a timely manner. The process to raise a cyber insurance claim may differ from insurer to insurer. The commonly involved steps to claim cyber insurance that must be followed by you and most insurance companies are summarised here 1. Identify the security breach This is the most important step toward claiming cyber insurance. If a third-party, i.e., an unknown person/organisation, succeeds to breach your private data/information, you must become aware of or discover the breach. Such an attack on information can happen at any time. All the devices, irrespective of the model, are susceptible to cyber threats. 2. File a first information report (FIR) As soon as you become aware that your security has been breached, you are advised to make a legal complaint or file an FIR with your nearest police station or cyber security department. You should promptly take this action and keep a copy of the compliant or FIR safe with you for submission to your insurance provider. 3. Intimate your insurer You need to notify your insurance provider about the claim within 1 or 2 days or the time limit specified in your policy. You must provide them all the required information. Some insurance companies even offer you 24×7 customer service to help you with the process and resolve your queries. 4. Submit requested documentation Once you inform your insurance company of the incident, your insurance provider will ask you to share some documents with them along with a claim form. The documents commonly requested by an insurance company to settle your claim promptly include FIR copy or a photocopy or complaint. 5. Forensic analysis After the submission of required documents, you need not take any other actions. Immediately after you submit all the documents, your insurer will initiate the claim processing at their end. Your insurer will check the documents you share to determine authenticity of your claim. They will also get your claim verified forensic and authenticated from experts to determine whether the claim is valid. 6. Settlement Once the insurance company gets your claim validated from the forensic team or cyber expert, you can receive the insured amount within a few days depending on the terms and conditions of your policy. When are you eligible to claim cyber security insurance? Just as any other insurance policy, cyber security insurance plans have set some stringent rules and conditions for a person or an organisation to be able to buy and claim cyber security insurance. Any individual wishing to purchase a cyber insurance policy must be at least 18-year old. They should also be a citizen of India to buy cyber insurance in the country. Thus, an underage person will not be able to buy a cyber insurance plan, and thus, to raise cyber insurance claim. Furthermore, your claim request for cyber insurance can only be approved when your insurance provider confirms you as eligible for the claim. To assess whether you are eligible to claim cyber insurance, your insurer will determine the authenticity of the documents shared by you along with the claim form. Then, a forensic team appointed by your insurer determine whether the cyber breach incident reported by you is valid. You are only considered eligible for a cyber insurance claim once both, your insurance provider and the forensic team, approve your claim as authentic. Which documents are required to raise a cyber security insurance claim? To get your cyber insurance claim approved and settled at earliest, you must contact your insurance provider when you become aware of data breach and follow the instructions given by them to book. Your insurer may ask you to share some information and documents with them so that they can process your claim request further. The required documents may differ with insurer to insurer, but a list of some commonly requested documents is presented here. Claim form (this form must be filled properly and signed) A copy of FIR filed with the police station Proof for losses borne by you Forensic report (if available) Bills for restoration expenses Evidence and details of loss Screenshots or photocopies of findings Copies of legal documents such as notices and summons (if applicable). In addition to these, you must also share any other documents available with you that may be related to your loss. In some cyber insurance claim scenarios involving attacks on an organisation, the insured organisation may choose to investigate the breach with internal cyber team. Any finding obtained from such an investigation should also be shared. What is the waiting time for a cyber insurance plan? Waiting time is set by your insurance provider and can differ with the insurance company. The time you must wait for before raising a claim once you purchase an insurance policy is termed as waiting period or time. You cannot raise a claim for any data breach or cyber attack that occurs during your waiting period. For most cyber security insurance plans, the waiting period is between 8 and 12 hours. Importance of cyber security insurance Technology is a significant aspect of modern word businesses and households. Nonetheless, this aspect brings several threats, such as data breach or cyber attack, with it. As we are aware, the effects of cyber crime can be manifold. It can cause an individual to experience not only financial losses but also mental stress, which may further affect their life. A cyber security insurance plan safeguards you against any losses incurred due to breach of your personal data. It can provide you with the coverage for your direct financial losses as well as any expenses incurred from the incident of data breach. You can look into cyber insurance claim examples online to understand different types of attacks; doing so can also help you stay aware of various frauds happening online and safeguard yourself against them in advance. FAQs What is cyber crime or attack? Cyber crime or attack is unauthorized transmission of data of a person or an organization achieved digital means. What is the cyber security claim process? The cyber security claim process differs from general insurance claim processes. To claim cyber insurance, you first have to inform your insurer about the incident and submit relevant documents to them for further processing. After this, your insurer will assess your claim request and approve it post validation. What is the waiting period for cyber security insurance? Most cyber security insurance plans offer a waiting period of 8 to 12 hours. This period differs with the insurance provider. What is cyber security? Cyber security is a defense system that protects your computers and data or your company’s network, programs, and data from online attacks. What are the different types of cyber attacks? Some of the types of cyber attacks include phishing and unpatched software, such as malware. Disclaimer: The above information is indicative in nature. For more details on the risk factor, terms and conditions, please refer to the Sales Brochure and Policy Wordings carefully before concluding a sale.

The world has changed in an unprecedented way in just a few weeks owing to the evolving situation around the coronavirus pandemic. This crisis has brought out the best of humanity in several ways but as is the case with any crisis, it can also draw out the worst in some.   Cyber-criminals are using people’s fear and need for information to execute phishing attacks to steal sensitive data. They are also using it to spread malware in computer systems for profit. One can only hope that hacker groups won’t be attacking health systems, hospitals and nursing homes, the reality is, that no one can fully control how the malware spreads. We have our hands full adapting to the crises already, a little meticulousness and vigilance can go a long way in protecting us from these attacks. In tandem with the global public health crisis, Covid-19 is wreaking havoc in the virtual world as well. The paranoia about the disease is being leveraged as clickbait for cyber-crimes. Emails under the guise the World Health Organization, United Nations and Indian Council of Medical Research or even larger corporations – along with messages, apps and websites, are being used to steal personal information from unsuspecting people. These crimes are committed  by luring the person with various freebies, huge discounts on products, listing preventive measures against the virus and up-to-date information on coronavirus. Through  these attacks, people are further being lured to buy fake vaccines, testing kits and masks which are desperately sought. Scammers are even trying to lure unsuspecting users on social media to raise funds for coronavirus victims.   In case of  information theft, the modus operandi seems simple. A malware is injected into the device via links, attachments in the mail and a ransomware being circulated as part of a mobile app. These malwares can access your banking logins, passwords and credit-card information by logging your keystrokes on the keyboard. Once a user’s system is affected/infected by the malware, users could lose money and confidential information as it gives scammers access to both. What seems to be accelerating these attacks is the curiosity and fear and the rise in coronavirus searches online.     All of us certainly need to be vigilant in these times. There are tell-tale signs of identifying fraudulent mails.   Check if the sender’s email address looks different from the name shown in the display or if it contains unknown URLs Always check if the email contains an attachment and urges you to download the attachments for more details or the promise of an award.   Another pattern with fraudulent emails is the use of poor language in the copy text. They are often riddled with grammatical errors. Closely scrutinise the details.   Watch out for any communication claiming to be from sources that you normally would not receive emails from Phishing emails are likely to come in the name of a recognized global/national public health body like WHO, ICMR or a similar UN or government body. It may have a similar looking domain names and an identical logo. You should scrutinize the emails before opening, especially which are sent from not so regular or unknown names. For example: WHO is not going to send you emails if you don’t regularly receive emails from them already. Hover your mouse over links; the info dialog box should give you an idea about whether it’s a genuine link or not. Don’t click if it looks suspicious.   Brand impersonation on the rise; verify emails from familiar sources as well Phishing emails could come from anywhere, it could even be in the name of HR department of your own company. Brand impersonation is quite prevalent in coronavirus-related email attacks, so use caution opening emails with organization from organization you expect to hear from. Never ever respond to any email that asks you for your personal information. Also be wary of any suspicious/phishing emails for policy renewals or premium payments.   Find legitimate charities for donations A common scam strategy adopted by attackers is seeking donations to help victims of coronavirus. To avoid falling for these scams, do not respond to email requests for donations, instead, do your own research and find charities to directly donate to.   Stay vigilant, stay safe.   Disclaimer: SBI General will never ask you for confidential details over calls, emails or text messages. Pushan Mahapatra, MD & CEO, SBI General Insurance