Page 39 - Info_Jan_2024
P. 39
Technology Update
Cyber Extortion breach. The expenses to mitigate any negative There exists a cyber-crime business model
publicity and cyber defamation due to the called Ransomware as a Service where malicious
Payment of extortion money is not generally security incident are also often covered by such elements hire the services of operators who are
recommended in case of ransomware attacks. policies. technically skilled to develop malware and launch
However, recovering from such attacks may ransomware attacks. State and non-State Hackers
sometime require payment of ransom. Cyber Notification Expenses as well as Hacktivists form another major source
insurance provides compensation of expenses of cyber-attacks which jeopardizes the services
towards payments to extortionists who encrypted This includes the costs of notifying third parties of any business house. Corporate espionage and
the data and/or threaten to disclose sensitive potentially affected by a security breach. This malicious stakeholders (such as vendors in supply
information. The cost of hiring the services of a often deserves importance considering the vast chain) are also serious cause of concern for many
professional negotiator is also covered under extend and strategic nature of the clientele of the organisations. Proper risk assessments and
such insurance policies. affected organisation. contractual agreements will enable businesses to
function in a realistic environment.
Business Interruption Privacy Liability
Side Benefits
Loss of income due to actual or potential Cyber insurance policies provide indemnity
impairment or denial of operations in the against third-party damages that result from the Cyber Risk Insurance has a couple of side
aftermath of cyber-attacks is a major concern for disclosure of confidential information handled benefits as well. A comprehensive security audit
many business establishments. Cyber insurance by the insured. This also includes coverage of the digital assets is one of the pre-requisite for
covers the loss of income as well as the extra for vicarious liability where a vendor loses the candidate organisations to avail the coverage
expenses incurred during the recovery period. information the insured had entrusted to them. of the risk insurance. This effort will help the
entities to determine the existing vulnerabilities
Response Cost System Liability and to undertake necessary remedial measures
to fix those vulnerabilities. This process in-turn
Businesses sometimes find it difficult to cop- Damages that result from the failure to protect improves the security posture of the organisation
up with the expenses for Forensic Investigation the electronic data of a third party during a and reduces the chances of security incidents.
to assess the spread and depth of the attack cyber-attack is a major cause of concern for
following a security breach. As a result a many organisations. Policies provide coverage for A qualitatively superior and quantitatively
complete root cause analysis is often avoided defense costs for which the insured is liable for accurate assessment of risk is another
and the security holes are left unidentified third-party damages. prerequisite to arrive at the premium of cyber
and unattended. Cyber insurance comes to the risk insurance policies. This exercise distributes
aid of such organisations so that the chances Access Liability risks fairly among all the parties involved and
of recurrence of similar security incidents are avoids concentration of risk with any one of the
minimised. Businesses often may have to compensate stakeholders. This ultimately will put an end to
for denial of services to the clients in the free-rides by some players and burden each one
Legal Recourse wake of cyber-attacks. Insurance policies with their share of risk. Ensuring security audit and
provide indemnity from claims resulting from risk assessment, whenever the insurance policies
Cyber insurance policies provide reimbursement unavailability of IT systems to such customers. are renewed, will maintain the organisation in
of expenses towards legal advice and regulatory a healthy condition vis-a-vis cyber security and
compliance in the wake of a cyber incident. This Source of Cyber Threats financial stakes.
includes cost of determining indemnification
obligations in the contracts of the organisations Cyber threats can emanate from internal as well Conclusion
with a third party. Policies also provide indemnity as external source, and insurance policies usually
against violation of privacy laws caused by a provide coverage for such threats irrespective of With the increasing frequency of cyber-attacks,
security breach. their source and cause. Ignorance and negligence it’s more important than ever to have the right
of employees are the most common cause of people, policies and technologies in place to
Public Relation internal threats. Lack of awareness and training protect organization’s sensitive information and
among employees causes improper handling of assets. It is increasingly becoming important
Media handling is a vital activity in management to establish a backup mechanism to shoulder
of any crisis. Cyber insurance policies can be systems which may ultimately pave way to cyber- the financial burdens of any such attacks. Like
customized to include the cost of handling attacks. Negligence among employees may lead to any other insurance product, consumers feel
reputation attacks in the event of a security serious security issues such as misconfiguration the premium spent on cyber insurance policies
of systems and loss of credentials and even the as a wasteful expenditure until they once claim
devices. Malicious and disgruntled employees are the benefits of the same. While every endeavor
another common cause for internal threats which may be made to secure one’s data by deploying
may lead to loss of data and denial of services. appropriate cyber security solutions, the benefit
of an insurance policy that provides coverage for
Ransomware attacks are the prominent form of financial liabilities arising from cyber incidents
external threats covered under cyber insurance. also may be simultaneously ensured for a healthy
and peaceful business atmosphere.
Contact for more details
C.J. Antony
Deputy Director General & SIO
NIC Tamil Nadu State Centre
E-2-A, Rajaji Bhavan, Besant Nagar, Chennai - 600090
Email: antony@nic.in, Phone: 044-2490 8001
January 2024 informatics.nic.in 39
