IRDAI has set up a working group that concluded the policy wording standardization is not desirable in cyber insurance. It is because of the nature of the complexity of IT systems, legislative frameworks in dealing with cyber risks and the fast-growing digital ecosystem are evolving. As per the expert, the guidance will make the market of cyber insurance better with upcoming plans and increase the benefits for the policyholders.
At present, cyber insurance plans offer first-party coverage for perils such as direct financial loss, regulatory actions, data recovery, etc. However, the features that the regulatory has suggested in the documents that the individual cyber insurance plan will protect the policyholder from theft of funds because of the hacking to the policyholder’s bank account, credit/debit card as well as mobile wallets.
The guidance also mentioned protection from identity theft against the policyholder as well as the phishing attack that caused financial losses and provide the cost of prosecuting the perpetrators. The regulatory has suggested keeping the cyber insurance policy wording in simple words and easy to understand. The guidance has also suggested the insurers offer the cyber insurance plan as a package policy just like the householder's package, first offer a standard plan at an affordable premium amount and then offer the customers to choose additional covers as well as group covers that include affinity policies.
Apart from this, the regulators have also advised the insurers to address the gaps to make the cyber insurance policies customer-friendly. It is because in a recent event, where an FIR was supposed to be mandatorily filed in a cyber incident and while filling the claim form when they could not provide an FIR became the reason behind non-settlement of their raised claim. As per the guidelines, it is mandatory to file an FIR and submit it along with the claim form but in case of a small amount up to Rs. 5000, the insurance company can ask for the e-complaint files at the National cybercrime reporting portal.
Under the present policies, policyholders should be reasonable, be careful and take precautions to safeguard their identity and personal data while on the web and claims are admissible only if the insurer find the policyholder innocent victim of cyber attack and the gross negligence is not covered. This making a grey area in the coverage, the regulatory has suggested making the exclusion language clearer and to the point.
Talking about international cyber attacks such as ransomware and phishing, the regulatory has suggested offering the worldwide coverage option as many of the cyber plans are limited to the attacks happening within Indian territory and make sure the jurisdiction for the settlement of the claims should be India.
There is one major reason for cyber losses that unsolicited communications are not included in the coverage, observing this issue the regulatory has suggested the insurance companies to provide this cover as well as coverage for the loss due to sim-jacking, skimming, cloaning of cards, etc.
Expert advice made easy
