The insurance regulator has issued guidelines for insurance companies to structure cyber insurance products.
Insurance Regulatory and Development Authority of India (IRDAI) has issued norms for non-life insurance companies for cyber insurance products.
The norms will enable insurers to evaluate new technologies posing heightened risk, identify protection gaps in existing products and address the changing needs of customers.
A working group had concluded that standardization of policy wording for cyber insurance is not desirable because of the evolving nature of legislative framework in dealing with cyber risk, fast growing digital ecosystem and increasing connectedness globally and complexity of IT systems.
The current policies offered by insurance companies only cover first party losses such as direct financial loss, data recovery and regulatory actions. IRDAI also suggests some features such as individual cyber insurance policy which could protect theft of funds, provide protection against theft of funds due to hacking of insured’s bank account.
IRDAI has suggested for insurers to keep the policy wording of cyber insurance policies simple and easy to understand. The claim process must also be easy to comprehend and implement. The regulator has suggested insurers to offer cyber insurance as a part of package policy like householder package policy.