“This growth is expected to continue for the next 3-5 years, driven by an increased awareness of the need for cyber insurance,” the report ‘Cyber Insurance in India’ said.
It identifies industries heavily involved in digitisation, such as IT, pharma, and manufacturing, as well as those integrated with broader economic sectors like supply chain, retail, critical industries, and finance, to be the prime targets of cybercriminals.
“These sectors are typically early adopters of cyber insurance,” it said.
The report included a survey of several Chief Information Security Officers (CISO), with 70 per cent of respondents expressing willingness to increase spending on securing their digital infrastructure over the next three years.
“Notably, willingness was most prominent among mid-sized firms. Conversely, certain leading companies in the consumer sector overseeing substantial consumer databases exhibited a cautious approach when expanding their digital infrastructure budgets,” Deloitte said in a statement. However, they expressed an interest in boosting their insurance coverage. “About 60 per cent of respondents wanted to increase insurance coverage without wanting to invest much in improving their digital infrastructure security,” it said.
The survey suggests that the cyber insurance market will experience modest growth in the short term, expecting exponential acceleration with momentum.
In India, the cyber insurance market trajectory will be influenced by three key factors – the pace at which firms achieve digital maturity, government initiatives to digitise and enforce stringent cyber laws, and the evolving landscape with non-traditional players including technology giants and MNCs entering the cyber insurance domain, intensifying competition.
Debashish Banerjee, Partner and Insurance sector leader, Deloitte India, said, “It is crucial to shift the perception that cyber insurance isn’t merely an expense; it is a strategic investment. The dynamic cyber insurance market caters to rising demand to counter cybercrime losses. In this era of rapid digitisation, businesses must see proper coverage of cyber insurance as indispensable.”
“As organisations embrace the digital realm, they must prepare to tackle surging cyber threats. The boards and CEOs of organisations need to elevate their cybersecurity knowledge, acknowledging that cyber risks are now central to comprehensive risk management,” he added.
Anand Venkatraman, Partner, Risk Advisory, Deloitte India, said, “Despite the current market fluctuations and uncertainties, we anticipate significant growth in cyber insurance in the next decade, making cyber insurance products more common and valuable for businesses of all sizes. To achieve this successfully, we need appropriate products that cater to both buyers and sellers. Technological advancements and government support are imperative in making this transformation happen.”
Cyber insurance represents a specialised market, and its prospects hinge on aspects like buyers understanding their cyber insurance needs and conducting thorough risk assessments to ascertain the required level of protection and coverage.
Also, sellers must prioritise simplifying insurance policies and educate their clientele on diverse coverage types to underscore the importance of these risk management tools.
The government must play a pivotal role in establishing an effective data protection framework that ensures citizens’ privacy. Additionally, facilitating data exchange through a centralised agency for cyberattacks can be leveraged to build risk models for cyber insurance, enhancing risk evaluation.
Other key highlights from the survey included three-fourths of respondents possessing cyber insurance coverage of Rs 100 crore or less, with over 50 per cent having less than Rs 10 crore of coverage.
Finance and banking along with IT firms emerged as major investors, while consumer firms exhibited lower spending. However, no respondents expressed a desire to discontinue their existing policies, it said adding 30 per cent of respondents believed purchasing cyber insurance provides value for money while 15 per cent considered it costly.
About 45 per cent of respondents noted a substantial mismatch between the premium paid and the insurance coverage received. Most of these firms belonged to the consumer sector.
“As organisations face increasing accountability and regulatory scrutiny in personal data protection, they are motivated to proactively address cyber risks and data breaches. Cyber insurance can provide financial protection, aiding in DPDP (Digital Personal Data Protection) Act compliance,” Deloitte said.