The increasing use of and dependence on information technology in business activities – while creating significant benefits in terms of productivity and efficiency – is also leading to significant risks. Among them are “digital security risks” which, when they materialise, can disrupt the achievement of business by compromising the confidentiality, integrity and availability of information and information systems. It is widely assumed that most companies have been or will be affected by such “cyber” attacks. Businesses across a wide range of industry sectors are exposed to potentially enormous physical losses as well as liabilities and costs as a result of cyber-attacks and data breaches.
Victims of recent attacks include such well-known brands as eBay, Target, Neiman Marcus, Michaels Stores, the University of Maryland, NATO, JPMorgan Chase, Adobe, and Living Social.
Cyber Legislation in India
- The Information Technology Act 2000 was passed and enforced on 17th May 2000.
- Thereafter major amendments were carried out to IT Act2000 by the Information Technology Amendment Act, 2008.
- Amendments were also carried out in the Indian Penal Code 1860, the Indian Evidence Act 1872, the Banker’s Book Evidence Act 1891 and the Reserve Bank of India Act 1934.
Types of cyber risk coverage include:
- Loss/Corruption of Data – Covers damage to, or destruction of, valuable information assets as a result of viruses, malicious code and Trojan horses.
- Business Interruption – Covers loss of business income as a result of an attack on a company’s network that limits its ability to conduct business, such as a denial of-service computer attack. Coverage also includes extra expenses, forensic expenses and dependent business interruption.
- Liability – Covers defense costs, settlements, judgments and, sometimes, punitive damages incurred by a company as a result of
- Breach of privacy due to theft of data (such as credit cards, financial or health related data);
- Transmission of a computer virus or other liabilities resulting from a computer attack, which causes financial loss to third parties;
- Failure of security which causes network systems to be unavailable to third parties; rendering of Internet Professional Services;
- Allegations of copyright or trademark infringement, libel, slander, defamation or other “media” activities in the company’s website, such as postings by visitors on bulletin boards and in chat rooms. This also covers liabilities as postings by visitors on bulletin boards and in chat rooms. This also covers liabilities associated with banner ads for other businesses located on the site.
- Cyber Extortion – Covers the “settlement” of an extortion threat against a company’s network, as well as the cost of hiring a security firm to track down and negotiate with blackmailers.
- Crisis Management – Covers the costs to retain public relations assistance or advertising to rebuild a company’s reputation after an incident. Coverage is also available for the cost of notifying consumers of a release of private information, as well the cost of providing credit-monitoring or other remediation services in the event of a covered incident.
- Criminal Rewards – Covers the cost of posting a criminal reward fund for information leading to the arrest and conviction of a cyber-criminal who has attacked a company’s computer systems.
- Data Breach – Covers the expenses and legal liability resulting from a data breach. Policies may also provide access to services helping business owners to comply with regulatory requirements and to address customer concerns.
- Identity Theft – Provides access to an identity theft call center in the event of stolen customer or employee personal information. Social Media/Networking – Insurers are looking to develop products that cover a company’s social networking activities under one policy. Some cyber policies now provide coverage for certain social media liability exposures such as online defamation, advertising, libel and slander.
- Viruses created by you are not covered;
- Losses caused by self-replicating code which has not been specifically targeted at you are not covered.
- Claims caused by infringement of patents;
- Deliberate or reckless acts are not covered;
- Cyber insurance typically covers expenses related to first parties as well as claims by third parties.