Expert Speak Digital Frontiers
Published on Apr 19, 2024

The increased reliance on digital platforms have heightened the risk of cybercrime in the MSME sector. Cyber insurance can serve as a support system for MSMEs to mitigate this risk.

Cyber insurance: A poignant aid for MSMEs

Technology is advancing at an unprecedented rate, yielding benefits across various sectors. However, this rapid progress underscores the growing importance of cybersecurity, with an increasing number of vulnerabilities coming to light. Micro, Small, and Medium Enterprises (MSME) are vital, often serving as the backbone of emerging economies as they help in fostering economic growth, and stability, and empowering women. They serve as a source of income for millions of families engaged in small businesses, particularly in developing nations.

However, amidst the COVID-19 pandemic, numerous MSMEs, during their transition to online operations, were rendered vulnerable to cyberattacks. The emergence of rapidly evolving technologies and increased reliance on digital platforms have heightened the risk of cybercrime in the MSME sector. Given their significance to a nation's economy, it is imperative to safeguard MSMEs. In this context, cyber insurance can serve as a support system for MSMEs.

The emergence of rapidly evolving technologies and increased reliance on digital platforms have heightened the risk of cybercrime in the MSME sector. Given their significance to a nation's economy, it is imperative to safeguard MSMEs.

From awareness to action

Cyber insurance, often referred to as cyber liability insurance, has emerged as a potential safeguard for businesses to mitigate the risks posed by cyberattacks. It aims to protect businesses from financial losses incurred due to cyber threats and data breaches. Beyond financial compensation, cyber insurance also encompasses risk management. It provides businesses with resources and support to enhance their cybersecurity measures. Awareness of cyber insurance is crucial for the burgeoning businesses in our country, yet many MSMEs remain unaware of its significance. The primary threat remains the same, particularly in India, as businesses increasingly rely on the internet, exposing themselves to cyber threats. This underscores the need for the development of robust security measures, including proactive threat hunting, which refers to continuously monitoring threats and managing Information Technology (IT) risk by establishing government structures that increase cybersecurity maturity.

The Ministry of MSME has taken a few steps in this direction. It has initiated a scheme providing technology and quality upgradation support to MSMEs and Credit-linked Capital subsidy for technology upgradation. However, these schemes do not guarantee the cyber insurance market for the cyber threats faced by small businesses in India.

Hackers often target businesses for financial gain, often through ransomware attacks, posing a significant threat to MSMEs.

Effective cyber risk management is crucial in raising awareness and safeguarding businesses from cyber threats. It involves a detailed process of identifying, prioritising, managing, and monitoring risks to information systems that are vulnerable to cyber threats. This approach is integral to cybersecurity risk management, helping entrepreneurs and businessmen establish effective controls over their enterprises' most sensitive assets and respond to cyber disruptions. Hackers often target businesses for financial gain, often through ransomware attacks, posing a significant threat to MSMEs. Therefore, it is essential to analyse the field of cyber insurance and establish a transparent risk management system to prevent and mitigate cyber threats.

A case for cyber insurance

India has experienced a substantial surge in cybercrime, with reported incidents skyrocketing by 121 percent from 2016 to 2018, placing India as the second most cybercrime-affected country worldwide. Additionally, the transition to digital operations following the COVID-19 pandemic has exposed MSMEs to fresh challenges. These include a lack of awareness regarding cyber threats and inadequate technological support. The recent ransomware attack on Haldiram, a major Indian FMCG, exemplifies the vulnerability of MSMEs to cyber threats. The attack targeted the company's servers, with hackers demanding a ransom of INR 750,000. This incident underscores the importance of robust cyber insurance policies for MSMEs. Cyber insurance could thus provide coverage for both first-party and third-party liabilities resulting from cybersecurity breaches, such as data breaches, cyberattacks, business disruptions, and incidents involving electronic media. However, the specifics of these policies can vary based on industry-specific needs.

Cyber insurance could thus provide coverage for both first-party and third-party liabilities resulting from cybersecurity breaches, such as data breaches, cyberattacks, business disruptions, and incidents involving electronic media.

There are four main types of cyber insurance coverage in India which include encompassing direct financial losses related to business interruptions, the regulatory investigation coverages for the legal fees involving the the General Data Protection Regulation (GDPR) compliance. Additionally, the insurance includes crisis management expenses along with privacy and data liability claims from damages directly arising from an error on the company’s side. These coverages involve various measures taken during a crisis coordinating with the service provider of the insurance company.

Table 1: Types of cyber insurance coverage

Types of Coverage Details
First-party expenses coverage This covers financial losses, business interruption costs, recovery expenses, and other related costs.
Regulatory investigation coverage This reimburses legal fees for lawyers involved in the case.
Crisis management expenses These cover security consultation, credit, and identity theft monitoring, ransomware, and cyberstalking.
Third-party legal liability coverage This coverage includes privacy and data liability claims.

Source: Author’s own

Despite the critical role of cyber insurance in mitigating cyber threats, many MSMEs in India have yet to invest in it.

Protecting MSME’s progress

Media reports highlight the increased risk of cyberattacks on small businesses in India, particularly those with around 500 employees. These businesses accounted for 54 percent of ransomware attacks between January 2020 and July 2022. Given these findings, it is crucial to take measures through cyber insurance policies. Cyber insurance providers that include the stakeholders and service providers such as banks and equity funds should conduct thorough risk assessments to identify vulnerabilities and categorise specific risks faced by small businesses Additionally, employees of these small businesses should undergo cybersecurity training and awareness programmes, focusing on recognising phishing attempts, to cultivate a culture of cyber vigilance. Moreover, cyber insurance policies should undergo regular updates to ensure their continued relevance and effectiveness.

Employees of these small businesses should undergo cybersecurity training and awareness programmes, focusing on recognising phishing attempts, to cultivate a culture of cyber vigilance.

Since cyber insurance companies are new entrants in the field and mostly operate from the private sector, many MSMEs struggle to confide their trust in investing in this sector. In this regard, for organisations and individuals to adopt and implement cyber insurance, the Ministry of MSME must advance its policy characteristics and scope regarding insurance coverages that will contribute to the gap of understanding among buyers of the insurance and sellers by evaluating the level of risk, protecting against the ever-changing threats that accompany the advancement and evolution of technology worldwide.


Bhairabi Kashyap Deka is a Research Intern at the Observer Research Foundation

The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.