The Indian banking industry has significantly increased its cyber insurance cover in FY24, driven by a rise in cyber-related incidents, an uptick in claims, and enhanced regulatory scrutiny. According to insurance brokers, the coverage by banks and financial institutions has grown by nearly eight percent compared to the previous fiscal year.
The cyber insurance claims ratio in the Indian banking sector surged to over 50 percent in FY23, up from 40 percent in FY22. Manoj Rane, Senior Vice President and Practice Head – Liability Vertical at Alliance Insurance Brokers, noted that the overall claims ratio for cyber insurance in India ranges between 150 percent and 200 percent compared to the previous year, with the financial sector exceeding a 50 percent claims ratio in FY24.
Protecting sensitive personal and financial data, along with safeguarding the reputation of institutions, are paramount concerns for financial entities. Cyber-related incidents also pose significant risks of business interruption. The evolving cyber threat landscape, which includes phishing schemes and ransomware attacks, continues to challenge financial institutions in securing their digital assets and maintaining customer trust. Outsourcing IT services to third parties further compounds these risks.
In response to these threats, banks have been proactive in securing cyber insurance. Established banks were among the initial adopters of cyber insurance when it first emerged. The digital expansion of the banking sector post-COVID-19 has increased vulnerability to cyber-attacks, leading to multiple claims, according to industry officials.
Cyber risk insurance and cyber crime insurance are typically separate policies, but banks often combine them with the traditional Bankers Blanket Indemnity Policy. The Bankers Indemnity Policy, as outlined by Oriental Insurance Company, protects banks from the loss of money or securities on premises or during transit due to various threats. It also covers financial losses arising from forgery, fraud, and dishonesty.
Ritesh Thosani, Senior Vice President and Cyber Practice Leader at Marsh India, highlighted that insurers have started to restrict coverage for losses from business interruption and ransomware by introducing sub-limited coverage and longer waiting periods. Banks now demand comprehensive, full-limit covers for business interruption and ransomware protection, with waiting periods (hourly deductibles) ranging from 8-10 hours.
Regulatory emphasis on cybersecurity has also driven the increased demand for cyber insurance products among banks and financial institutions. Amit Solanki, Head of Liability & Special Risk at Howden India, mentioned that more financial institutions have opted for cyber insurance this year, with many small and medium-sized entities seeking cover for the first time.
In conclusion, the Indian banking industry’s response to the rising tide of cyber threats and regulatory demands has been to significantly increase their cyber insurance coverage in FY24. This proactive approach aims to mitigate risks, ensure the protection of critical data, and maintain operational continuity in the face of escalating cyber threats.