Cyber insurance in India has become an acceptable reality in India these days. Many companies have shown their interests in obtaining cyber insurance and some of them have actually obtained the same.
Before taking up a cyber insurance policy in India, the concerned company or individual must be well aware of the techno legal compliance requirements of India and the potential cyber risks. This alone would help it/him/her to take the most appropriate cyber insurance policy.
Similarly, an improper cyber insurance policy that is not covering the cyber risks in entirety and leaves scope for ambiguity and legal complications while claiming the insured amount should be avoided. A techno legal vetting of cyber insurance polices obtained in India is an absolute must before obtaining the same.
Just like legal due diligence, a techno legal cyber insurance policy due diligence must be conducted before signing any such cyber insurance policy. The terms and conditions of such cyber insurance policy must be thoroughly analysed line by line to avoid any unfavorable and surprise outcome. Merely signing of a cyber insurance policy does not mean that in case of a cyber breach the concerned insurance company would release the insured amount.
Insured companies and individuals who have obtained a cyber insurance policy must also be aware if the issues like privacy, data protection (PDF), data security, e-discovery, cyber forensics, cyber crimes investigation, etc. This does not mean that those insured themselves must be capable of managing the techno legal aspects of these issues and fields.
Similarly, insurance companies must also make it sure that Indian companies and other stakeholders have already introduced and implemented cyber security best practices, cyber forensics best practices, e-discovery best practices, cyber law due diligence (PDF), e-commerce due diligence, etc. This would prevent future disputes between the insurance companies and the insured stakeholders when a cyber breach occurs. Insurance companies can also provide a more comprehensive cyber insurance policy to those companies and individuals who can demonstrate using of a robust cyber security infrastructure and techno legal best practices for their business activities.
We at Perry4Law believe that there is an urgent need to formulate suitable techno legal regulations for various sectors, including cyber insurance in India. In particular, Indian government needs to enact cyber security laws, data security laws, privacy laws, data protection laws, cyber security breach disclosure laws, etc. As on date, all of these laws are missing and this has created a state of uncertainty and chaos in Indian cyberspace. This environment is also not conducive for the growth and adoption of cyber insurance in India.