The traditional form of cyber-insurance for non-ransomware attack contracts in India does not apply to ransomware attacks. Here's a look at how the cyber-insurance products are evolving
There is a fast-growing market for cyber-insurance in India, if not the fastest-growing market within the Indian insurance industry. The amount of yearly cyber insurance coverage companies in India usually buy today (as of 2023) ranges from $1 million (small companies) to $200 million (large IT service providers), and it is growing at a CAGR of 35 percent for the past three years. To shield against the adverse impacts of client moral hazard and imperfect information on their organisational cyber-posture, the usual form of cyber-insurance contracts accompanies short policy periods, relatively low policy limits, and dynamic repricing. However, these cyber-insurance market practices are increasingly being called into question with the advent and rapid rise of cyber-extortion-based ransomware attacks on the Indian IT/OT industry (that are getting increasingly sophisticated over time).
[This article has been published with permission from IIM Calcutta. www.iimcal.ac.in Views expressed are personal.]