Virtual cover: Buying insurance against cyber crimes gets simpler, but conditions apply


If you are 30 years and above, it is likely that you have been a victim of some sort of a cyber fraud. It could be clicking on a random email link only for your laptop/computer to crash, your card being used for online transactions or phishing used to steal your personal data.

Getting financial compensation from financial institutions for these cyber crimes is next to impossible. But insurance could be one way to protect oneself against such liabilities.

In India, the biggest problem is that the handful of cyber insurance products for individuals have more exclusions than inclusions.

Losing money in online marketplaces where product is sold but money not received, card cloning to buy products online is excluded as also replacement of computer hardware after a hacking attempt.

Insurance regulator IRDAI now wants this situation to change and enable comprehensive cyber covers.

A working group set by the regulator has suggested that insurance companies expand their coverage to include unauthorised access to devices, worldwide territory, card cloning and online shopping fraud in their policies.

This will of course, come at a price. For instance, a Rs 20 lakh cyber insurance cover could be priced at Rs 12,000-14,000 per annum.

Right now, basic cyber covers for Rs 20 lakh (with a long list of exclusions) are priced between Rs 5,000-6,200 per annum and typically cover online transaction fraud and legal (lawyer) charges for cyber fraud incidents.

And, conditions apply. For instance, if money got debited from your account during a banking transaction and was stuck, it will be the bank’s responsibility to refund the money. Your insurer will not pay for these losses.

It will be the responsibility of the insurer to do periodic review of the antivirus software installed in the computer and report suspicious files and malware.

Similarly, in case of a fraud using a debit/credit card, it will be the insured’s responsibility to block the card within 24 hours of this incident. Any delay would mean that the claim won’t be paid.

Also, if you are a bitcoin enthusiast and lose money to an online fraud, your insurer won’t pay this claim. The same goes for trading in other cryptocurrencies, securities (equity and debt market), foreign exchange, derivatives and commodities.

Pornographic sites are of course, a clear exclusion. Since pornography is illegal in India, any payment fraud in porn sites is excluded from coverage.

There have been instances where individuals have inadvertently shared their bank account/debit card details or even user identity and passwords of bank accounts/mobile wallets leading to online theft. This will also be excluded under cyber liability covers.

The exclusions here are also long, but coverage scope has been improved. The most common cyber frauds related to card cloning, credit card hacking and phishing will be covered.

But it will be the responsibility of the insured to file claims within 7-14 days of the cyber crime. Any delay would mean claim rejection. You will also have to file a police complaint and submit a copy of the FIR to your insurer. Some exemption could be provided in cases where financial loss is less than Rs 5,000.

At the face of it, the cyber liability coverage proposed by the IRDAI working group is a good starter. Once customers start taking cyber liabilities seriously and depending on the individual digital habits (use of net banking, mobile wallets and frequent online shopping), the policy limits and premiums could be fixed in the future.