A few days back, the Reserve Bank of India (RBI) once again advised the people to exercise caution while using digital banking practices as the incidence of cyber frauds are surging. “... the Reserve Bank cautions members of public to be aware of fraudulent messages, spurious calls, unknown links, false notifications, unauthorised QR codes, etc. promising help in securing concessions/ expediting response from banks and financial service providers in any manner,” said the apex bank.
It is a huge concern that people are robbed of their hard earned money by cyber criminals at will. During the ongoing pandemic, the cyber space has been proving a green pasture for the cyber criminals as people have been pushed to board the e-platforms to conduct their financial transactions. However, in the risky atmosphere, there are financial products emerging on the scene which cover the loss suffered by anyone in a cyberattack.
Actually, the outbreak of coronavirus pandemic unprecedentedly triggered major social, economic, political and technological changes. In fact, these changes continue unabated as the pandemic is yet to end with Omicron variant driving the third wave. In the financial sector, these virus-induced changes have resulted in innovation of financial products for the well-being of individuals, households and businesses.
Apart from banks, we find a lot of innovation and customization of products rolled out by the insurance companies in line with the changes influenced by the ongoing pandemic.
The insurers in line with the Insurance Regulatory and Development Authority of India (IRDAI) guidelines not only restructured the existing insurance products but also launched (and continue to launch) many new schemes covering the impact of the Covid-19.
From a business point of view, huge opportunities abound for insurance companies in the post-pandemic world. Individual and corporate awareness of risks to life, health, income and wealth has reached new heights. At the same time, the insurers need to step up their game in terms of narrowing the many protection gaps exposed by the virus.
Health insurance no doubt has been the most bought insurance products during the pandemic, but there has also been a rise in demand for other insurance policies and covers. Notably, among others, the pandemic gave rise to an urgent need of a customised insurance scheme to protect the people from the loss owing to cyberattacks.
Precisely, an era of cyber protection insurance policies that include protection against cyberbullying and other cyber risks such as identity theft or extortion, has begun. Though the cyber insurance product at the moment is at a nascent stage, the growing cyber attacks in the post pandemic world necessitates a need to have a cyber insurance policy in near future. If experts are to be believed, every major insurance company will be offering this product and will sell like hot cakes.
What is the modus operandi being used by fraudsters highlighted by the RBI?
The apex bank has highlighted Vishing, Phishing, and Remote Access as typical modes adopted by cyber criminals to rob people of their money. Vishing refers to phone calls pretending to be from bank/ non-bank e-wallet providers/ telecom service providers in order to lure customers into sharing confidential details in the pretext of KYC-updation, unblocking of account/ SIM-card, and crediting debited amount.
Phishing means spoofed emails and/ or SMSes designed to dupe customers into thinking that the communication has originated from their bank/ e-wallet provider and contain links to extract confidential details.
By using Remote Access, fraudsters lure customer to download an application on their mobile phone/ computer which is able to access all the customers’ data on that customer device.
Fraudsters also misuse the ‘collect request’ feature of UPI by sending fake payment requests with messages like ‘Enter your UPI PIN’ to receive money.
Notably, fake numbers of banks/ e-wallet providers on webpages/ social media and displayed by search engines.
What is the Indian scenario of cyber insurance?
First of all, let’s understand that the wonders of the Internet have brought pleasure into the lives of people irrespective of their locations. But at the same time, it has exposed them to unimaginable risks of becoming a victim of social engineering. In social engineering, the cyber fraudsters try to manipulate the victim into divulging sensitive information, like password, personal credit card information etc. Nearly all fraudsters bank on exploiting the trust and curiosity of the browser and steal his credentials which are enough to even bankrupt him.
In other words, in the world of the Internet, we are all at risk and at the same time we are also a risk to others. This kind of scenario is keeping everybody guessing as cyber frauds have become the order of the day. The risk of stealing credentials of the browsers is widespread which the fraudsters then use for everything from finance fraud to outright identity theft.
Now coming to the ongoing pandemic situation, where incidences of cyber attacks have been growing exponentially leaving people in loss. Reports of high profile data breaches have been pouring in continuously as the pandemic forced the individuals, businesses, offices and other establishments to bank upon online mode to execute their jobs. Reportedly, cyber risks have accelerated by as much as 500% since the first lockdown was imposed in India in March 2020. The IRDA in a circular has pointed out that there is an increase in coronavirus-themed spam, likely resulting in more infected personal computers and phones.
In other words, in the given environment, when even gullible people have been forced to take Internet route to conduct their day to day activities, an element of risk involved in every online activity has heightened to alarming levels. For example, the way people use online services, be it storing credit card details on a retailer’s website, sharing sensitive personal data over unprotected networks, or using unencrypted websites, exposes them to huge risks.
As per the national cybersecurity agency The Computer Emergency Response Team of India (CERT-In), there has been an increase in the number of cyberattacks on personal computer networks and routers since professionals were asked to work from home in the wake of the covid-19 outbreak in the country.
Precisely, pandemic has accelerated the threat to cybersecurity for individuals as well as the enterprises owing to work from home model and an increase in dependency on technology. A rise in sophisticated cyber crimes has heightened vulnerability to cyber attacks.
What are the IRDAI guidelines regarding cyber insurance?
Insurance Regulatory and Development Authority of India (IRDAI) has issued a guidance document on product structure for cyber insurance. The Insurance regulator has advised the general insurers who have already developed some cyber insurance products with exclusive coverage for individuals to protect against cyber perils and currently offering the products that mainly focused on commercial business, may review the product structure based on the coverages advocated in the document. The filing of the such product/s may be undertaken at the earliest to respond to the needs of customers who are increasingly exposed to the cyber threat of digital services.
According to the regulator’s guidelines, losses and costs that will be normally covered under a cyber insurance policy can be split into four categories.
First party losses: These are direct financial loss, data loss, business interruption loss and mitigation losses.
Regulatory action costs: Cost of regulatory action and investigation, civil fines and penalties, and defence costs.
Crisis management costs: Forensic expert costs, including security consultation, reputation damage costs, legal costs for matters including notification, coordination with service providers, and strategy, credit and identity theft monitoring costs, cyber extortion/ ransomware cover, operation of a 24x7 hotline, cyber stalking, counselling, information removal and pursuing action.
Liability claim costs: Legal liability/damages directly arising from privacy or data/ security breach, defamation, intellectual property rights (IPR) infringement and defence costs.
(Inputs from insurance & IT experts acknowledged)
Disclaimer: The views and opinions expressed in this article are the personal opinions of the author.
The facts, analysis, assumptions and perspective appearing in the article do not reflect the views of GK