Cyber insurance
FarheenKhilji
1,576 views
60 slides
Apr 18, 2020
Slide 1 of 60
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
About This Presentation
A PROJECT REPORT ON
STUDY OF CYBER INSURANCE WITH REFERENCE APEX INSURANCE BROOKING SERVICES
IN PARTIAL FULFILLMENT OF THE AWARD OF THE DEGREE OF BACHELOR OF MANAGEMENT STUDIES
Slide Content
University OfMumbai
A PROJECT REPORT ON
STUDY OF CYBER INSURANCE WITH REFERNC APEX INSURANCE
BROKING SERVICES
IN PARTIAL FULFILMENT OF THE AWARD OF THE DEGREE OF
BACHELOR OF MANAGEMENT STUDIES
T.Y.B.M.S. Semester-V
1| P a ge
A PROJECT REPORT ON
STUDY OF CYBER INSURANCE WITH REFERNC APEX INSURANCE
BROKING SERVICES
IN PARTIAL FULFILMENT OF THE AWARD OF THE DEGREE OF
BACHELOR OF MANAGEMENT STUDIES
T.Y.B.M.S. Semester-V
1| P a ge
TABLE OFCONTENT
SR.NO. TITLE PAGENO.
Declaration 2
Certificate 3
Acknowledgement 4
Table ofcontents 5-6
Abstract 7
CHAPTERNO.
1
INTRODUCTION 8
1.1 Introduction Ofinsurance 9
1.2 History Of Insurance Sector InIndia 10
1.3 Structure Of Insurance 11-14
1.4 Cyber Insurance 15-16
1.5 Score/ Coverage AndNature 17-19
1.6 Advantage Of CyberInsurance 20
1.7 Disadvantage Of CyberInsurance 21
1.8 Wannacry Creates Awareness OfCyber
Insurance
22
1.9 InsuranceRegulatory 23
1.10 The Cyber Security Initiative InIndia 24-26
1.11 THE CYBER SECURITY INITIATIVEIN
INDIA
27
CHAPTERNO.
2
NEED OF THESTUDY 28
2.1 LiteratureReview 29
2.2 Need Of TheStudy 30
CHAPTERNO.
3
RESEARCHMETHODOLOGY 31
3.1 Area OfStudy 32
3.2 Objective Of TheStudy 32
3.3 ResearchMethodology 32-33
3.4 ResearchDesign 34
3.5 SampleDesign 35
3.6 Sampling Area 35
2| P a ge
SR.NO. TITLE PAGENO.
Declaration 2
Certificate 3
Acknowledgement 4
Table ofcontents 5-6
Abstract 7
CHAPTERNO.
1
INTRODUCTION 8
1.1 Introduction Ofinsurance 9
1.2 History Of Insurance Sector InIndia 10
1.3 Structure Of Insurance 11-14
1.4 Cyber Insurance 15-16
1.5 Score/ Coverage AndNature 17-19
1.6 Advantage Of CyberInsurance 20
1.7 Disadvantage Of CyberInsurance 21
1.8 Wannacry Creates Awareness OfCyber
Insurance
22
1.9 InsuranceRegulatory 23
1.10 The Cyber Security Initiative InIndia 24-26
1.11 THE CYBER SECURITY INITIATIVEIN
INDIA
27
CHAPTERNO.
2
NEED OF THESTUDY 28
2.1 LiteratureReview 29
2.2 Need Of TheStudy 30
CHAPTERNO.
3
RESEARCHMETHODOLOGY 31
3.1 Area OfStudy 32
3.2 Objective Of TheStudy 32
3.3 ResearchMethodology 32-33
3.4 ResearchDesign 34
3.5 SampleDesign 35
3.6 Sampling Area 35
2| P a ge
3.7 Sampling Unit 35
3.8 Source Of DataCollection 36
3.9 Survey Method 36
3.10 Questionnaire 36-37
3.11 Tools Used For Interpretation 37
3.12 Limitations Of TheStudy 38
CHAPTERNO.
4
COMPANYPROFILE 39
4.1 About Us 40
4.2 What Drivesus 41
4.3 What WePropose 41
4.4 ServicePledge 41-42
4.5 SWOT Analysis 43
CHAPTERNO.
5
Data Analysis AndInterpretation 44-53
CHAPTERNO.
6
FINDINGS ANDSUGGESTION 54-56
CHAPTER
NO.7
CONCLUSION 57
CHAPTERNO.
8
REFERENCE/BIOBLIOGRAPHY 58
ABSTRACT
This paper focuses on Cyber Insurance with reference to Apex Insurance Broking Service
Pvt. Ltd.
Apex Insurance Broking Service Pvt. Ltd. has been started by two senior veterans from
General InsuranceIndustry.
3| P a ge
3.8 Source Of DataCollection 36
3.9 Survey Method 36
3.10 Questionnaire 36-37
3.11 Tools Used For Interpretation 37
3.12 Limitations Of TheStudy 38
CHAPTERNO.
4
COMPANYPROFILE 39
4.1 About Us 40
4.2 What Drivesus 41
4.3 What WePropose 41
4.4 ServicePledge 41-42
4.5 SWOT Analysis 43
CHAPTERNO.
5
Data Analysis AndInterpretation 44-53
CHAPTERNO.
6
FINDINGS ANDSUGGESTION 54-56
CHAPTER
NO.7
CONCLUSION 57
CHAPTERNO.
8
REFERENCE/BIOBLIOGRAPHY 58
ABSTRACT
This paper focuses on Cyber Insurance with reference to Apex Insurance Broking Service
Pvt. Ltd.
Apex Insurance Broking Service Pvt. Ltd. has been started by two senior veterans from
General InsuranceIndustry.
3| P a ge
IthasspecialexpertiseinhandlingallkindofGeneralInsurancePoliciesE.g.Motor
Insurance,CPM,WC,GMC,EAR,CAR,GroupPersonalAccident,FireInsurance,Transit
Insurance,FidelityInsuranceetc.
Inashorttime,ApexInsuranceBrokinghascreatedawideandextensivegamutofclients
acrossthecountrywhichisrelyingonforalltypesofconsultancyrequiredfortheirRisk
mitigationandsuggestionsoncompleteinsurancepackage.
Thepurposehereishowtheresearchhasbeenbeneficialtothecompany.Themethodology
usedforthesurveyisstatedandtheconclusionismade.Thebenefitsfromtheresearchare
alsogivenhere.Methodologyusedbytheresearcherinvolvesthesurveymethod.Thesample
typeusedissimplerandomsamplingandsamplesizeforthesurveyis50.Ashortdescription
aboutthesampleandresearchtechniqueusedisexplained.Thecompanyprofileandhistory
andfinallythetoolsusedforthedataanalysisaregiven.Presentationandanalysisofdata,
interpretationisgiventounderstandthebaselineusedfortheCyberinsurancewithreference
toApexInsuranceBrokingServices.Lastlytheannexurecontainsacopyofquestionnaire,
bibliography.
4| P a ge
Insurance,CPM,WC,GMC,EAR,CAR,GroupPersonalAccident,FireInsurance,Transit
Insurance,FidelityInsuranceetc.
Inashorttime,ApexInsuranceBrokinghascreatedawideandextensivegamutofclients
acrossthecountrywhichisrelyingonforalltypesofconsultancyrequiredfortheirRisk
mitigationandsuggestionsoncompleteinsurancepackage.
Thepurposehereishowtheresearchhasbeenbeneficialtothecompany.Themethodology
usedforthesurveyisstatedandtheconclusionismade.Thebenefitsfromtheresearchare
alsogivenhere.Methodologyusedbytheresearcherinvolvesthesurveymethod.Thesample
typeusedissimplerandomsamplingandsamplesizeforthesurveyis50.Ashortdescription
aboutthesampleandresearchtechniqueusedisexplained.Thecompanyprofileandhistory
andfinallythetoolsusedforthedataanalysisaregiven.Presentationandanalysisofdata,
interpretationisgiventounderstandthebaselineusedfortheCyberinsurancewithreference
toApexInsuranceBrokingServices.Lastlytheannexurecontainsacopyofquestionnaire,
bibliography.
4| P a ge
CHAPTER1
INTRODUCTION
CHAPTER 1
INTRODUCTION
1.1.INTRODUCTION
Whenunexpecteddisastersoccur,insurancesavespeople.Insuranceisusedtopayfor
damagesormedicalbills.Itisalifesaverbecausesometimesexpensescanbequitecostly.It
canalsoprovideprotectionfromliability,damages,andfinancialloss.Inthecaseof
automobileinsurance,thereasoninsuranceisimportantisthatitprotectsyoufromhavingto
paydamagesifyouarefoundatfaultfortheaccident.
5| P a ge
INTRODUCTION
CHAPTER 1
INTRODUCTION
1.1.INTRODUCTION
Whenunexpecteddisastersoccur,insurancesavespeople.Insuranceisusedtopayfor
damagesormedicalbills.Itisalifesaverbecausesometimesexpensescanbequitecostly.It
canalsoprovideprotectionfromliability,damages,andfinancialloss.Inthecaseof
automobileinsurance,thereasoninsuranceisimportantisthatitprotectsyoufromhavingto
paydamagesifyouarefoundatfaultfortheaccident.
5| P a ge
Liabilityinsuranceisapartofthegeneralinsurancesystemofriskfinancingtoprotectthe
purchaser(the"insured")fromtherisksofliabilitiesimposedbylawsuitsandsimilarclaims.
Itprotectstheinsuredintheevent;heorsheissuedforclaimsthatcomewithinthecoverage
oftheinsurancepolicy.
Insuranceisameansofprotectionfromfinancialloss.Itisaformofriskmanagement
primarilyusedtohedgeagainsttheriskofacontingent,uncertainloss
2.HISTORY OF INSURANCE SECTOR IN INDIA
In India, insurance has a deep-rooted history. It finds mention in the writings ofManu
( Manusmrithi ), Yagnavalkya ( Dharmasastra ) and Kautilya ( Arthasastra ). The writings
talk in terms of pooling of resources that could be re-distributed in times of calamities such as
fire, floods, epidemics, and famine. This was probably a pre-cursor to modern day insurance.
Ancient Indian history has preserved the earliest traces of insurance in the form of marine
trade loans and carriers’ contracts. Insurance in India has evolved over time heavily drawing
from other countries,England.
➢In 1818 the Oriental Life Insurance Company in Calcutta establishment Life
insurance business in India. This Company however failed in1834.
6| P a ge
purchaser(the"insured")fromtherisksofliabilitiesimposedbylawsuitsandsimilarclaims.
Itprotectstheinsuredintheevent;heorsheissuedforclaimsthatcomewithinthecoverage
oftheinsurancepolicy.
Insuranceisameansofprotectionfromfinancialloss.Itisaformofriskmanagement
primarilyusedtohedgeagainsttheriskofacontingent,uncertainloss
2.HISTORY OF INSURANCE SECTOR IN INDIA
In India, insurance has a deep-rooted history. It finds mention in the writings ofManu
( Manusmrithi ), Yagnavalkya ( Dharmasastra ) and Kautilya ( Arthasastra ). The writings
talk in terms of pooling of resources that could be re-distributed in times of calamities such as
fire, floods, epidemics, and famine. This was probably a pre-cursor to modern day insurance.
Ancient Indian history has preserved the earliest traces of insurance in the form of marine
trade loans and carriers’ contracts. Insurance in India has evolved over time heavily drawing
from other countries,England.
➢In 1818 the Oriental Life Insurance Company in Calcutta establishment Life
insurance business in India. This Company however failed in1834.
6| P a ge
➢In 1829, the Madras Equitable had begun transacting life insurance business in
the Madras Presidency.
➢1870 saw the enactment of the British Insurance Act and in the last three
decades of the nineteenth century, the Bombay Mutual (1871), Oriental(1874)
and Empire of India (1897) were started in the Bombay Residency. This era,
however, was dominated by foreign insurance offices which did goodbusiness
in India, namely Albert Life Assurance, Royal Insurance, Liverpool and London
Globe Insurance and the Indian offices were up for hard competition fromthe
foreign companies.
1.3. STRUCTURE OF INSURANCE SECTOR IN INDIA
7| P a ge
the Madras Presidency.
➢1870 saw the enactment of the British Insurance Act and in the last three
decades of the nineteenth century, the Bombay Mutual (1871), Oriental(1874)
and Empire of India (1897) were started in the Bombay Residency. This era,
however, was dominated by foreign insurance offices which did goodbusiness
in India, namely Albert Life Assurance, Royal Insurance, Liverpool and London
Globe Insurance and the Indian offices were up for hard competition fromthe
foreign companies.
1.3. STRUCTURE OF INSURANCE SECTOR IN INDIA
7| P a ge
8| P a ge
LIFE INSURANCE
➢In 1914, the Government of India started publishing returns of Insurance
Companies in India.
➢The Indian Life Assurance Companies Act, 1912 was the first statutory measure
to regulate lifebusiness.
➢In 1928, the Indian Insurance Companies Act was enacted to enable the
Governmenttocollectstatisticalinformationaboutbothlifeandnon-life
business transacted in India by Indian and foreign insurers including provident
insurancesocieties.
➢In 1938, with a view to protecting the interest of the Insurance public,the earlier
legislation was consolidated and amended by the Insurance Act, 1938 with
comprehensive provisions for effective control over the activities ofinsurers.
➢However,thereweremanyinsurancecompaniesandthelevelofcompetitionwas
high.Therewerealsoallegationsofunfairtradepractices.TheGovernmentof
India,therefore,decidedtonationalizeinsurancebusiness.
➢AnOrdinancewasissuedon19
th
January1956nationalizingtheLifeInsurance
sectorandLifeInsuranceCorporationcameintoexistenceinthesameyear.
➢TheLICabsorbed154Indian,16non-Indianinsurersasalso75provident
societies—245Indianandforeigninsurersinall.TheLIChadmonopolytillthe
late90swhentheInsurancesectorwasreopenedtotheprivatesector.
9| P a ge
➢In 1914, the Government of India started publishing returns of Insurance
Companies in India.
➢The Indian Life Assurance Companies Act, 1912 was the first statutory measure
to regulate lifebusiness.
➢In 1928, the Indian Insurance Companies Act was enacted to enable the
Governmenttocollectstatisticalinformationaboutbothlifeandnon-life
business transacted in India by Indian and foreign insurers including provident
insurancesocieties.
➢In 1938, with a view to protecting the interest of the Insurance public,the earlier
legislation was consolidated and amended by the Insurance Act, 1938 with
comprehensive provisions for effective control over the activities ofinsurers.
➢However,thereweremanyinsurancecompaniesandthelevelofcompetitionwas
high.Therewerealsoallegationsofunfairtradepractices.TheGovernmentof
India,therefore,decidedtonationalizeinsurancebusiness.
➢AnOrdinancewasissuedon19
th
January1956nationalizingtheLifeInsurance
sectorandLifeInsuranceCorporationcameintoexistenceinthesameyear.
➢TheLICabsorbed154Indian,16non-Indianinsurersasalso75provident
societies—245Indianandforeigninsurersinall.TheLIChadmonopolytillthe
late90swhentheInsurancesectorwasreopenedtotheprivatesector.
9| P a ge
GENERAL INSURANCE
➢ThehistoryofgeneralinsurancedatesbacktotheIndustrialRevolutioninthe
westandtheconsequentgrowthofsea-faringtradeandcommerceinthe17
th
century.ItcametoIndiaasalegacyofBritishoccupation.
➢GeneralInsuranceinIndiahasitsrootsintheestablishmentofTritonInsurance
CompanyLtd.,intheyear1850inCalcuttabytheBritish.
➢In1907,theIndianMercantileInsuranceLtd,wasthefirstcompanytotransactall
classesofgeneralinsurancebusiness.
➢1957sawtheformationoftheGeneralInsuranceCouncil,awingofthe
InsuranceAssociationofIndia.TheGeneralInsuranceCouncilframedacodeof
conductforensuringfairconductandsoundbusinesspractices.
Generalinsurancecoversinsuranceofpropertyagainstfire,burglary,theft;personal
insurancecoveringhealth,travel,andaccidents;andliabilityinsurancecoveringlegal
liabilities.Thiscategoryofinsurancevirtuallycoversallformsofinsuranceexceptlife.
Othercoversmayincludeinsuranceagainsterrorsandomissionsforprofessionals,
creditinsuranceetc.Commonformsofgeneralinsurancearemotor,fire,home,marine,
health,travel,accident,andothermiscellaneousformsofnon-lifeinsurance.
Unlikelifeinsurancepolicies,thetenureofgeneralinsurancepoliciesisnormallynot
thatofalifetime.Theusualtermlastsforthedurationofaneconomicactivityorfora
givenperiod.Mostgeneralinsuranceproductsareannualcontracts.Therearehowever,
afewproductswhichhavealongterm.
10| P a ge
➢ThehistoryofgeneralinsurancedatesbacktotheIndustrialRevolutioninthe
westandtheconsequentgrowthofsea-faringtradeandcommerceinthe17
th
century.ItcametoIndiaasalegacyofBritishoccupation.
➢GeneralInsuranceinIndiahasitsrootsintheestablishmentofTritonInsurance
CompanyLtd.,intheyear1850inCalcuttabytheBritish.
➢In1907,theIndianMercantileInsuranceLtd,wasthefirstcompanytotransactall
classesofgeneralinsurancebusiness.
➢1957sawtheformationoftheGeneralInsuranceCouncil,awingofthe
InsuranceAssociationofIndia.TheGeneralInsuranceCouncilframedacodeof
conductforensuringfairconductandsoundbusinesspractices.
Generalinsurancecoversinsuranceofpropertyagainstfire,burglary,theft;personal
insurancecoveringhealth,travel,andaccidents;andliabilityinsurancecoveringlegal
liabilities.Thiscategoryofinsurancevirtuallycoversallformsofinsuranceexceptlife.
Othercoversmayincludeinsuranceagainsterrorsandomissionsforprofessionals,
creditinsuranceetc.Commonformsofgeneralinsurancearemotor,fire,home,marine,
health,travel,accident,andothermiscellaneousformsofnon-lifeinsurance.
Unlikelifeinsurancepolicies,thetenureofgeneralinsurancepoliciesisnormallynot
thatofalifetime.Theusualtermlastsforthedurationofaneconomicactivityorfora
givenperiod.Mostgeneralinsuranceproductsareannualcontracts.Therearehowever,
afewproductswhichhavealongterm.
10| P a ge
TYPES OF GENERAL INSURANCE
11| P a ge
11| P a ge
Depending on what (the asset which is at risk or the risk itself) is protected, general insurance policies are
classified
12| P a ge
classified
12| P a ge
Cyberinsuranceisaformofinsuranceforbusinessesandindividualsagainstinternet-based
risks.Themostcommonriskthatisinsuredagainstisdatabreaches.Cyberinsurance
typicallyincludesindemnificationfromlawsuitsrelatedtodatabreaches,suchaserrorsand
omissions.Cyber-insuranceisaninsuranceproductusedtoprotectbusinessesandindividual
usersfromInternet-basedrisks,andmoregenerallyfromrisksrelatingtoinformation
technologyinfrastructureandactivities.Risksofthisnaturearetypicallyexcludedfrom
traditionalcommercialgeneralliabilitypoliciesoratleastarenotspecificallydefinedin
traditionalinsuranceproducts.Coverageprovidedbycyber-insurancepoliciesmayinclude
first-partycoverageagainstlossessuchasdatadestruction,extortion,theft,hacking,and
denialofserviceattacks;liabilitycoverageindemnifyingcompaniesforlossestoothers
caused,forexample,byerrorsandomissions,failuretosafeguarddata,ordefamation;and
otherbenefitsincludingregularsecurity-audit,post-incidentpublicrelationsandinvestigative
expenses,andcriminalrewardfunds
Types of CyberInsurance
13| P a ge
risks.Themostcommonriskthatisinsuredagainstisdatabreaches.Cyberinsurance
typicallyincludesindemnificationfromlawsuitsrelatedtodatabreaches,suchaserrorsand
omissions.Cyber-insuranceisaninsuranceproductusedtoprotectbusinessesandindividual
usersfromInternet-basedrisks,andmoregenerallyfromrisksrelatingtoinformation
technologyinfrastructureandactivities.Risksofthisnaturearetypicallyexcludedfrom
traditionalcommercialgeneralliabilitypoliciesoratleastarenotspecificallydefinedin
traditionalinsuranceproducts.Coverageprovidedbycyber-insurancepoliciesmayinclude
first-partycoverageagainstlossessuchasdatadestruction,extortion,theft,hacking,and
denialofserviceattacks;liabilitycoverageindemnifyingcompaniesforlossestoothers
caused,forexample,byerrorsandomissions,failuretosafeguarddata,ordefamation;and
otherbenefitsincludingregularsecurity-audit,post-incidentpublicrelationsandinvestigative
expenses,andcriminalrewardfunds
Types of CyberInsurance
13| P a ge
Hacksurance-Insuranceagainstcyberattacksandhackingattacks.
Theftandfraud.Coversdestructionorlossofthepolicyholder’sdataastheresultofa
criminalorfraudulent
cyber
event,includingtheftandtransferoffunds.
Forensicinvestigation.Coversthelegal,technicalorforensicservicesnecessaryto
assesswhetheracyberattackhasoccurred,toassesstheimpactoftheattackandtostop
anattack.
Businessinterruption.Coverslostincomeandrelatedcostswhereapolicyholderis
unabletoconductbusinessduetoacybereventordataloss.
Extortion.Providescoverageforthecostsassociatedwiththeinvestigationofthreats
tocommitcyberattacksagainstthepolicyholder’ssystemsandforpaymentsto
extortionistswhothreatentoobtainanddisclosesensitiveinformation.
ReputationInsurance:Insuranceagainstreputationattacksandcyberdefamation.
Computerdatalossandrestoration.Coversphysicaldamageto,orlossofuseof,
computer-relatedassets,includingthecostsofretrievingandrestoringdata,hardware,
softwareorotherinformationdestroyedordamagedastheresultofacyberattack.
14| P a ge
Theftandfraud.Coversdestructionorlossofthepolicyholder’sdataastheresultofa
criminalorfraudulent
cyber
event,includingtheftandtransferoffunds.
Forensicinvestigation.Coversthelegal,technicalorforensicservicesnecessaryto
assesswhetheracyberattackhasoccurred,toassesstheimpactoftheattackandtostop
anattack.
Businessinterruption.Coverslostincomeandrelatedcostswhereapolicyholderis
unabletoconductbusinessduetoacybereventordataloss.
Extortion.Providescoverageforthecostsassociatedwiththeinvestigationofthreats
tocommitcyberattacksagainstthepolicyholder’ssystemsandforpaymentsto
extortionistswhothreatentoobtainanddisclosesensitiveinformation.
ReputationInsurance:Insuranceagainstreputationattacksandcyberdefamation.
Computerdatalossandrestoration.Coversphysicaldamageto,orlossofuseof,
computer-relatedassets,includingthecostsofretrievingandrestoringdata,hardware,
softwareorotherinformationdestroyedordamagedastheresultofacyberattack.
14| P a ge
1.5.SCOPE/COVERAGE ANDNATUREOFCOVERAGE UNDER
CYBERRISKINSURANCE
Itisintendedtohaveacoverageforfirst-partyandthird-partyliabilitycoverageto
organizationwhencybersecuritycontrolsatorganizationfails.Thecyberinsurance
shouldcoverproperty,theftandliabilityasrepresentedinbelowsection:
A. Property andTheft:
1)Destruction of software system andnetwork
2)Unrecoverable Loss of information of organization’s storeddata
3)Recovery from malware or other maliciouscodes
4)Business interruption due to cyber-incident (Loss of net profit because of a material
interruption to the insured’snetwork)
5)Denial ofService
6)Information Theft –Loss of control of customer’sdata/record
7)Breach of intellectualproperty
8)Cyber Extortion and Cyberespionage
9)Losses due to cyber-terroristacts
10)Harm to electronic media or datacontents
11)Terrorism/War exclusion with carve back for Cyberterrorism
15| P a ge
CYBERRISKINSURANCE
Itisintendedtohaveacoverageforfirst-partyandthird-partyliabilitycoverageto
organizationwhencybersecuritycontrolsatorganizationfails.Thecyberinsurance
shouldcoverproperty,theftandliabilityasrepresentedinbelowsection:
A. Property andTheft:
1)Destruction of software system andnetwork
2)Unrecoverable Loss of information of organization’s storeddata
3)Recovery from malware or other maliciouscodes
4)Business interruption due to cyber-incident (Loss of net profit because of a material
interruption to the insured’snetwork)
5)Denial ofService
6)Information Theft –Loss of control of customer’sdata/record
7)Breach of intellectualproperty
8)Cyber Extortion and Cyberespionage
9)Losses due to cyber-terroristacts
10)Harm to electronic media or datacontents
11)Terrorism/War exclusion with carve back for Cyberterrorism
15| P a ge
Cyber Insurance:
Cyber liability refers to an IT firm's liability when it is responsible for the security and
privacy of a client's data stored on the IT firm'sservers.
Cyber liability insurance policies typically include coveragefor:
•Denial of service attacks or inability to access websites orsystems
•Unauthorized access to, use of, or tampering withdata
•Disclosure of confidential data (invasion ofprivacy)
•Loss of data or digital assets (malicious oraccidental)
•Introduction of malicious code orviruses
•Cyber extortion or terrorismthreats
•Personal media injury (defamation, libel, or slander) from electroniccontent
•Regulatory action, notification, or defenseexpenses
•Crisis management and public relationsexpenses
•Data or systemrestoration
•Business interruptionexpenses
Who should buy Cyber Risk Insurance policy?
Following is the list of compani1es that must have Cyber Risk Insurance policy.
This is just an indicative list and notexhaustive.
•Information Technology Companies: Software, Data Centers,etc.
•Retailers: E-commerce & Brick and Mortar
•Financial Services
•Services
•Health & Pharmaceuticals,etc.
16| P a ge
Cyber liability refers to an IT firm's liability when it is responsible for the security and
privacy of a client's data stored on the IT firm'sservers.
Cyber liability insurance policies typically include coveragefor:
•Denial of service attacks or inability to access websites orsystems
•Unauthorized access to, use of, or tampering withdata
•Disclosure of confidential data (invasion ofprivacy)
•Loss of data or digital assets (malicious oraccidental)
•Introduction of malicious code orviruses
•Cyber extortion or terrorismthreats
•Personal media injury (defamation, libel, or slander) from electroniccontent
•Regulatory action, notification, or defenseexpenses
•Crisis management and public relationsexpenses
•Data or systemrestoration
•Business interruptionexpenses
Who should buy Cyber Risk Insurance policy?
Following is the list of compani1es that must have Cyber Risk Insurance policy.
This is just an indicative list and notexhaustive.
•Information Technology Companies: Software, Data Centers,etc.
•Retailers: E-commerce & Brick and Mortar
•Financial Services
•Services
•Health & Pharmaceuticals,etc.
16| P a ge
What are the Risks covered in Cyber Risk Insurancepolicy?
Following are some of the most common Risks covered in Cyber Risk Insurancepolicy.
•Legal Liability to others for Privacy Breaches or Computer SecurityBreaches
•Loss to Data/Information
•Loss of Revenue due to cyberattack
•Public RelationExpenses
•Regulatory Actions or Scrutinyexpenses
•Incidental Expenses to respond to CyberAttack
•Cyber ExtortionExpenses
17| P a ge
Following are some of the most common Risks covered in Cyber Risk Insurancepolicy.
•Legal Liability to others for Privacy Breaches or Computer SecurityBreaches
•Loss to Data/Information
•Loss of Revenue due to cyberattack
•Public RelationExpenses
•Regulatory Actions or Scrutinyexpenses
•Incidental Expenses to respond to CyberAttack
•Cyber ExtortionExpenses
17| P a ge
1.6.AdvantagesofCyberinsurance.
•Thecyber-insurancemarketinmanycountriesisrelativelysmallcomparedtoother
insuranceproducts,itsoverallimpactonemergingcyberthreatsisdifficulttoquantify.
Astheimpacttopeopleandbusinessesfromcyberthreatsisalsorelativelybroad
whencomparedtothescopeofprotectionprovidedbyinsuranceproducts,insurance
companiescontinuetodeveloptheirservices.
•Asinsurerspayoutoncyber-losses,andascyberthreatsdevelopandchange,
insuranceproductsareincreasinglybeingpurchasedalongsideexistingITsecurity
services.Indeed,theunderwritingcriteriaforinsurerstooffercyber-insurance
productsarealsoearlyindevelopment,andunderwritersareactivelypartneringwith
ITsecuritycompaniestodeveloptheirproducts.
•Aswellasdirectlyimprovingsecurity,cyber-insuranceisenormouslybeneficialinthe
eventofalarge-scalesecuritybreach.Insuranceprovidesasmoothfunding
mechanismforrecoveryfrommajorlosses,helpingbusinessestoreturntonormaland
reducingtheneedforgovernmentassistance.
•Finally,insuranceallowscyber-securityriskstobedistributedfairly,withcostof
premiumscommensuratewiththesizeofexpectedlossfromsuchrisks.Thisavoids
potentiallydangerousconcentrationsofriskwhilealsopreventingfree-riding
18| P a ge
•Thecyber-insurancemarketinmanycountriesisrelativelysmallcomparedtoother
insuranceproducts,itsoverallimpactonemergingcyberthreatsisdifficulttoquantify.
Astheimpacttopeopleandbusinessesfromcyberthreatsisalsorelativelybroad
whencomparedtothescopeofprotectionprovidedbyinsuranceproducts,insurance
companiescontinuetodeveloptheirservices.
•Asinsurerspayoutoncyber-losses,andascyberthreatsdevelopandchange,
insuranceproductsareincreasinglybeingpurchasedalongsideexistingITsecurity
services.Indeed,theunderwritingcriteriaforinsurerstooffercyber-insurance
productsarealsoearlyindevelopment,andunderwritersareactivelypartneringwith
ITsecuritycompaniestodeveloptheirproducts.
•Aswellasdirectlyimprovingsecurity,cyber-insuranceisenormouslybeneficialinthe
eventofalarge-scalesecuritybreach.Insuranceprovidesasmoothfunding
mechanismforrecoveryfrommajorlosses,helpingbusinessestoreturntonormaland
reducingtheneedforgovernmentassistance.
•Finally,insuranceallowscyber-securityriskstobedistributedfairly,withcostof
premiumscommensuratewiththesizeofexpectedlossfromsuchrisks.Thisavoids
potentiallydangerousconcentrationsofriskwhilealsopreventingfree-riding
18| P a ge
1.7.DisadvantagesofCyberInsurance
•Consequently,during2005,a“secondgeneration"ofcyber-insuranceliterature
emergedtargetingriskmanagementofcurrentcyber-networks.Theauthorsofsuch
literaturelinkthemarketfailurewithfundamentalpropertiesofinformation
technology,speciallycorrelatedriskinformationasymmetriesbetweeninsurersand
insureds,andinter-dependencies.
•Informationasymmetryhasasignificantnegativeeffectonmostinsurance
environments,wheretypicalconsiderationsincludeinabilitytodistinguishbetween
usersofdifferent(highandlowrisk)types,i.e.,theso-calledadverseselection
problem,aswellasusersundertakingactionsthatadverselyaffectlossprobabilities
aftertheinsurancecontractissigned,i.e.,theso-calledmoralhazardproblem.The
challengeduetotheinterdependentandcorrelatednatureofcyber-risksisparticularto
cyber-insuranceanddifferentiatestraditionalinsurancescenarios(e.g.,carorhealth
insurance)fromtheformer.
•InalargedistributedsystemsuchastheInternet,risksspanalargesetofnodesandare
correlated.Thus,userinvestmentsinsecuritytocounterrisksgeneratepositive
externalitiesforotherusersinthenetwork.Theaimofcyber-insurancehereisto
enableindividualuserstointernalizetheexternalitiesinthenetworksothateachuser
optimallyinvestsinsecuritysolutions,therebyalleviatingmoralhazardandimproving
networksecurity.
•Intraditionalinsurancescenarios,theriskspanisquitesmall(sometimesitspansonly
oneortwoentities)anduncorrelated,thusinternalizingtheexternalitiesgeneratedby
userinvestmentsinsafety,ismucheasier.
19| P a ge
•Consequently,during2005,a“secondgeneration"ofcyber-insuranceliterature
emergedtargetingriskmanagementofcurrentcyber-networks.Theauthorsofsuch
literaturelinkthemarketfailurewithfundamentalpropertiesofinformation
technology,speciallycorrelatedriskinformationasymmetriesbetweeninsurersand
insureds,andinter-dependencies.
•Informationasymmetryhasasignificantnegativeeffectonmostinsurance
environments,wheretypicalconsiderationsincludeinabilitytodistinguishbetween
usersofdifferent(highandlowrisk)types,i.e.,theso-calledadverseselection
problem,aswellasusersundertakingactionsthatadverselyaffectlossprobabilities
aftertheinsurancecontractissigned,i.e.,theso-calledmoralhazardproblem.The
challengeduetotheinterdependentandcorrelatednatureofcyber-risksisparticularto
cyber-insuranceanddifferentiatestraditionalinsurancescenarios(e.g.,carorhealth
insurance)fromtheformer.
•InalargedistributedsystemsuchastheInternet,risksspanalargesetofnodesandare
correlated.Thus,userinvestmentsinsecuritytocounterrisksgeneratepositive
externalitiesforotherusersinthenetwork.Theaimofcyber-insurancehereisto
enableindividualuserstointernalizetheexternalitiesinthenetworksothateachuser
optimallyinvestsinsecuritysolutions,therebyalleviatingmoralhazardandimproving
networksecurity.
•Intraditionalinsurancescenarios,theriskspanisquitesmall(sometimesitspansonly
oneortwoentities)anduncorrelated,thusinternalizingtheexternalitiesgeneratedby
userinvestmentsinsafety,ismucheasier.
19| P a ge
8.WANNACRY CREATESAWARENESSOFCYBERINSURANCE
➢TherecentransomwareattackswithWannaCryhavewokenuptheIndiancorporate
sectortotheneedsofhavingCyberInsuranceasameansofrecoveringthelosses
arisingoutofsuchattacks.
➢IndiasurveytwoyearsbacktodocumenttheawarenessofCyberInsuranceamongstthe
CISOsandCIOsinIndiaandfoundthatmostofthemhadverylittleunderstandingof
thenuancesofwhatconstitutesCyberInsurance.
➢ThoughRBIhadmandatedthatbanksshouldtakeCyberInsuranceagainsthacking,
denialofserviceetc..,waybackinJune2001,hardlyanyBankobtainedsuch
insuranceuntilthelastfewyears.
➢Nowtheransomwareattackshavebroughtanurgentneedforcoverasapartofthe
CorporateGovernancepolicy.
The ransomware attacks create two kinds of liabilitiesnamely
a)Cost of recovery of data and managing the reputationmanagement
b)Actual payment ofRansom
➢InmostcasesofWannaCrydemands,theactualransomwasupto3Bitcoinswhichwas
aboutRs4-5lakhsanditoftenwaslessthantheminimumself-liabilityinmostofthe
cases.Henceitwasnotconsideredascoverage.
➢ItisunderstoodthatsomeInsurancecompaniesprovidespecificcoverageofransom
paymentsunderanextensionofthebasicpolicy.
➢ThisisinthehandsofIRDAwhichneedstoconsiderCyberinsuranceasaseparate
categoryofinsuranceandnotclubitwithotherformsofgeneralinsurance
Theuserindustryneedstocometogetherandformtheirownguideandifnecessarylobby
withtheIRDAforabetterstructuringofCyberInsuranceplanswhichisacceptablebothto
theinsurersandtheinsured.
20| P a ge
➢TherecentransomwareattackswithWannaCryhavewokenuptheIndiancorporate
sectortotheneedsofhavingCyberInsuranceasameansofrecoveringthelosses
arisingoutofsuchattacks.
➢IndiasurveytwoyearsbacktodocumenttheawarenessofCyberInsuranceamongstthe
CISOsandCIOsinIndiaandfoundthatmostofthemhadverylittleunderstandingof
thenuancesofwhatconstitutesCyberInsurance.
➢ThoughRBIhadmandatedthatbanksshouldtakeCyberInsuranceagainsthacking,
denialofserviceetc..,waybackinJune2001,hardlyanyBankobtainedsuch
insuranceuntilthelastfewyears.
➢Nowtheransomwareattackshavebroughtanurgentneedforcoverasapartofthe
CorporateGovernancepolicy.
The ransomware attacks create two kinds of liabilitiesnamely
a)Cost of recovery of data and managing the reputationmanagement
b)Actual payment ofRansom
➢InmostcasesofWannaCrydemands,theactualransomwasupto3Bitcoinswhichwas
aboutRs4-5lakhsanditoftenwaslessthantheminimumself-liabilityinmostofthe
cases.Henceitwasnotconsideredascoverage.
➢ItisunderstoodthatsomeInsurancecompaniesprovidespecificcoverageofransom
paymentsunderanextensionofthebasicpolicy.
➢ThisisinthehandsofIRDAwhichneedstoconsiderCyberinsuranceasaseparate
categoryofinsuranceandnotclubitwithotherformsofgeneralinsurance
Theuserindustryneedstocometogetherandformtheirownguideandifnecessarylobby
withtheIRDAforabetterstructuringofCyberInsuranceplanswhichisacceptablebothto
theinsurersandtheinsured.
20| P a ge
1.9.INSURANCE REGULATORY AND DEVELOPMENT AUTHORITY
(IRDA).
In1993,theGovernmentsetupacommitteeunderthechairmanshipofRNMalhotra,
formerGovernorofRBI,toproposerecommendationsforreformsintheinsurance
sector.
FollowingtherecommendationsoftheMalhotraCommitteereport,in1999,the
InsuranceRegulatoryandDevelopmentAuthority(IRDA)wasconstitutedasan
autonomousbodytoregulateanddeveloptheinsuranceindustry.
TheIRDAwasincorporatedasastatutorybodyinApril2000.
ThekeyobjectivesoftheIRDAincludepromotionofcompetitiontoenhancecustomer
satisfactionthroughincreasedconsumerchoiceandlowerpremiums,whileensuring
thefinancialsecurityoftheinsurancemarket.
TheAuthorityhasthepowertoframeregulationsunderSection114AoftheInsurance
Act,1938andhasfrom2000onwardsframedvariousregulationsrangingfrom
registrationofcompaniesforcarryingoninsurancebusinesstoprotectionof
policyholders’interests.
21| P a ge
(IRDA).
In1993,theGovernmentsetupacommitteeunderthechairmanshipofRNMalhotra,
formerGovernorofRBI,toproposerecommendationsforreformsintheinsurance
sector.
FollowingtherecommendationsoftheMalhotraCommitteereport,in1999,the
InsuranceRegulatoryandDevelopmentAuthority(IRDA)wasconstitutedasan
autonomousbodytoregulateanddeveloptheinsuranceindustry.
TheIRDAwasincorporatedasastatutorybodyinApril2000.
ThekeyobjectivesoftheIRDAincludepromotionofcompetitiontoenhancecustomer
satisfactionthroughincreasedconsumerchoiceandlowerpremiums,whileensuring
thefinancialsecurityoftheinsurancemarket.
TheAuthorityhasthepowertoframeregulationsunderSection114AoftheInsurance
Act,1938andhasfrom2000onwardsframedvariousregulationsrangingfrom
registrationofcompaniesforcarryingoninsurancebusinesstoprotectionof
policyholders’interests.
21| P a ge
1.10 .THE CYBER SECURITY INITIATIVE IN INDIA
Cyberrisksposearealthreattosocietyandtheeconomy.Cyberinsuranceisoneoftherisk
transfer mechanisms to address the financialcosts.
Currentworkregardingtheexistenceofcyber-insurancemarketsisfew.Amongtheimportant
onesaretheworksby(i)LelargeandBolot,(ii)Pal,Golubchik,Psounis,andHui,(iii)
Johnsonetal.,and(iv)Shetty,etal.Theseworksfirstcommentonthefreeridingbehaviorof
Internetuserswithoutthepresenceofcyber-insurance.TheworksbyLelargeetal.,and
Shettyetal.,presentthebenefitsofcyber-insuranceinincentivizingInternetuserstoinvest
appropriatelyinsecurity,however,theirworksaddressrestrictedmarkettypes.Lelargeetal.
donotmodelinformationasymmetryintheirwork.Shettyetal.provethatcyber-insurance
marketsareinefficientunderconditionsofinformationasymmetry.Johnsonetal.,discussthe
roleofthejointexistenceofself-insuranceandmarketinsuranceontheadoptionofthe
differenttypesofinsurancebyusers.Inamostrecentwork,Paletal.,provetheinefficiency
ofcyber-insurancemarketsunderconditionsofpartialinformationasymmetryandcorrelated
risksandshowtheexistenceofefficientmarkets(bothregulatedandunregulated)under
premiumdiscrimination.
22| P a ge
Cyberrisksposearealthreattosocietyandtheeconomy.Cyberinsuranceisoneoftherisk
transfer mechanisms to address the financialcosts.
Currentworkregardingtheexistenceofcyber-insurancemarketsisfew.Amongtheimportant
onesaretheworksby(i)LelargeandBolot,(ii)Pal,Golubchik,Psounis,andHui,(iii)
Johnsonetal.,and(iv)Shetty,etal.Theseworksfirstcommentonthefreeridingbehaviorof
Internetuserswithoutthepresenceofcyber-insurance.TheworksbyLelargeetal.,and
Shettyetal.,presentthebenefitsofcyber-insuranceinincentivizingInternetuserstoinvest
appropriatelyinsecurity,however,theirworksaddressrestrictedmarkettypes.Lelargeetal.
donotmodelinformationasymmetryintheirwork.Shettyetal.provethatcyber-insurance
marketsareinefficientunderconditionsofinformationasymmetry.Johnsonetal.,discussthe
roleofthejointexistenceofself-insuranceandmarketinsuranceontheadoptionofthe
differenttypesofinsurancebyusers.Inamostrecentwork,Paletal.,provetheinefficiency
ofcyber-insurancemarketsunderconditionsofpartialinformationasymmetryandcorrelated
risksandshowtheexistenceofefficientmarkets(bothregulatedandunregulated)under
premiumdiscrimination.
22| P a ge
TheInternethasbeenheldupasthenextbigtechnologyrevolutionthatwilllower
businesscostsandmakeemployeesmoreproductive,butitbringswithitmajor
baggageforcorporateleaders.
Astheusersofinternetaregrowingsodoesthecybercrimes,variouscompanieshad
facedfinancialdatalossduetosuchcyber-attacks.
Evenafterdevelopingvarioussecuritysoftware,rulesandregulations,cybercrimes
keep onincreasing.
Because of such events cyber insurance has gained more attention towards it, as it
helps corporates to minimize any financialloss.
23| P a ge
businesscostsandmakeemployeesmoreproductive,butitbringswithitmajor
baggageforcorporateleaders.
Astheusersofinternetaregrowingsodoesthecybercrimes,variouscompanieshad
facedfinancialdatalossduetosuchcyber-attacks.
Evenafterdevelopingvarioussecuritysoftware,rulesandregulations,cybercrimes
keep onincreasing.
Because of such events cyber insurance has gained more attention towards it, as it
helps corporates to minimize any financialloss.
23| P a ge
The surge of internet users in India is only expected to continue in the next few years.
India is projected to have 236 million mobile internet users the report says, which
would reach 314 million by2017.
ItisimperativetoconnectIndiansthroughinternetofwhichthemobileinternetwill
playakeyrolesincereliableaccessibilitywillbethekillerappthatwillbindthe
internetecosystemtogether,increaseadoptionandenableinnovationinbusiness
modelsaroundvoiceanddataservices.
Around65%ofthetotalfraudcasesreportedbybanksweretechnology-relatedfrauds
(coveringfraudscommittedthrough/ataninternetbankingchannel,ATMs,andother
paymentchannelslikecredit/debit/prepaidcards)
24| P a ge
India is projected to have 236 million mobile internet users the report says, which
would reach 314 million by2017.
ItisimperativetoconnectIndiansthroughinternetofwhichthemobileinternetwill
playakeyrolesincereliableaccessibilitywillbethekillerappthatwillbindthe
internetecosystemtogether,increaseadoptionandenableinnovationinbusiness
modelsaroundvoiceanddataservices.
Around65%ofthetotalfraudcasesreportedbybanksweretechnology-relatedfrauds
(coveringfraudscommittedthrough/ataninternetbankingchannel,ATMs,andother
paymentchannelslikecredit/debit/prepaidcards)
24| P a ge
1.11.THE CYBER SECURITY INITIATIVE IN INDIA
Cyber risks pose a real threat to society and the economy. Cyber insurance is one ofthe
risktransfermechanismstoaddressthefinancialcoststhatarisefromcyber-attacks,
assisting in the recovery of those affected. In addition, cyber insurance can supportrisk
reduction by promoting mitigation and preventionmeasures.
SONYCASESTUDY
Backin2011,Sony’sPlayStationnetworkwasbreached;attackerscompromisedmorethan
77millionpersonalaccounts,costingSonyanestimated$170million.Theythoughttheir
generalliabilityinsurancepolicycoveredthem,buttheywerewrong.Sonytooktheirinsurers
tocourt,wherethecourtsconfirmedSony’spolicydidn’tcoverthedamagesofthecyber
breach.
ItwasapainfullessonforSony,onetheyweredeterminedtonotrepeat.Whentheywere
breachedin2014,theyhadacyberinsurancepolicyinplacethatexpertspredictwillcover
most,ifnotall,oftheirestimated$100millioninlosses.SonyPictures’CEOconfirmedthe
coststorecoverfromthelatestbreach“shouldn’tbeanythingthatisdisruptivetoour
budget.”
Sonylearnedtoassesstheriskacyber-attackposedtotheirbusinessandtookstepsto
mitigateitspotentialimpact.Whileyourcompanymaybesmaller,andlowerprofilethan
Sony,theriskofacyber-attackisstillveryrealandneedstobeconsideredinyourbusiness
context.
25| P a ge
Cyber risks pose a real threat to society and the economy. Cyber insurance is one ofthe
risktransfermechanismstoaddressthefinancialcoststhatarisefromcyber-attacks,
assisting in the recovery of those affected. In addition, cyber insurance can supportrisk
reduction by promoting mitigation and preventionmeasures.
SONYCASESTUDY
Backin2011,Sony’sPlayStationnetworkwasbreached;attackerscompromisedmorethan
77millionpersonalaccounts,costingSonyanestimated$170million.Theythoughttheir
generalliabilityinsurancepolicycoveredthem,buttheywerewrong.Sonytooktheirinsurers
tocourt,wherethecourtsconfirmedSony’spolicydidn’tcoverthedamagesofthecyber
breach.
ItwasapainfullessonforSony,onetheyweredeterminedtonotrepeat.Whentheywere
breachedin2014,theyhadacyberinsurancepolicyinplacethatexpertspredictwillcover
most,ifnotall,oftheirestimated$100millioninlosses.SonyPictures’CEOconfirmedthe
coststorecoverfromthelatestbreach“shouldn’tbeanythingthatisdisruptivetoour
budget.”
Sonylearnedtoassesstheriskacyber-attackposedtotheirbusinessandtookstepsto
mitigateitspotentialimpact.Whileyourcompanymaybesmaller,andlowerprofilethan
Sony,theriskofacyber-attackisstillveryrealandneedstobeconsideredinyourbusiness
context.
25| P a ge
CHAPTER2
NEED OF THESTUDY
26| P a ge
NEED OF THESTUDY
26| P a ge
CHAPTER 2
NEED OF THESTUDY
2.1. LITERATUREREVIEW
International Journal of Engineering Research and General Science Volume 2, Issue 5,
August-September 2014, Security measures are of prime importance to ensure safety
and reliability of organizations. Hacking of data and information has become almost a
routine and regular of organizations. Before we think to combat such a situation; to
avoid both predictable and unpredictable loss, danger and risk associated, tangible and
intangible factors, we must strategize in keeping cool in the heat of battle and find out
the causes attributing to the same; so proactive action need to be taken to exterminate
the same. The researchers feel to encircle parameter to have an in-depth insight suchas
–integrityofnetworkconnectionsandcomponents,telecommunicationissues,security
system,filtering,intrusiondetectionandpreventionsystem,andnetworkmaintenance.
Theseareinfactintraandinterrelated.
Proceedings of the 42nd Hawaii International Conference on System Sciences –2009,
This paper presents a model based assessment framework for analyzing the cyber
security provided by different architectural scenarios. The framework uses the
Bayesian statistics based Extended Influence Diagrams to express attack graphs and
related countermeasures. In this paper, it is demonstrated how this structure can be
captured in an abstract model to support analysis based on architectural models. The
approach allows calculating the probability that attacks will succeed and the expected
loss of these given the instantiated architectural scenario. Moreover, the framework can
handle the uncertainties that are accompanied to theanalyses.
27| P a ge
NEED OF THESTUDY
2.1. LITERATUREREVIEW
International Journal of Engineering Research and General Science Volume 2, Issue 5,
August-September 2014, Security measures are of prime importance to ensure safety
and reliability of organizations. Hacking of data and information has become almost a
routine and regular of organizations. Before we think to combat such a situation; to
avoid both predictable and unpredictable loss, danger and risk associated, tangible and
intangible factors, we must strategize in keeping cool in the heat of battle and find out
the causes attributing to the same; so proactive action need to be taken to exterminate
the same. The researchers feel to encircle parameter to have an in-depth insight suchas
–integrityofnetworkconnectionsandcomponents,telecommunicationissues,security
system,filtering,intrusiondetectionandpreventionsystem,andnetworkmaintenance.
Theseareinfactintraandinterrelated.
Proceedings of the 42nd Hawaii International Conference on System Sciences –2009,
This paper presents a model based assessment framework for analyzing the cyber
security provided by different architectural scenarios. The framework uses the
Bayesian statistics based Extended Influence Diagrams to express attack graphs and
related countermeasures. In this paper, it is demonstrated how this structure can be
captured in an abstract model to support analysis based on architectural models. The
approach allows calculating the probability that attacks will succeed and the expected
loss of these given the instantiated architectural scenario. Moreover, the framework can
handle the uncertainties that are accompanied to theanalyses.
27| P a ge
2.2.Need of the study
The study of cyber insurance with reference Apex Insurance broking services was needed
because of followingreasons:
➢To know the consumer perception towards cyberinsurance.
➢To know how does consumer feel about the cyberinsurance?
➢To know awareness of cyber insurance amongstrespondents.
➢To know how the sales can be boosted..
➢To know effectiveness of advertisement on creating market awareness about cyber
insurance.
➢To know if the companies adopting cyber insurance to decrease therisks.
➢To know if the actual working of cyber insurance in market with reference to a firm.
➢To know the satisfaction level of consumers.
➢To know the working of the cyber insurance in today’s scenario
➢To know which product is most popular amongstusers.
28| P a ge
The study of cyber insurance with reference Apex Insurance broking services was needed
because of followingreasons:
➢To know the consumer perception towards cyberinsurance.
➢To know how does consumer feel about the cyberinsurance?
➢To know awareness of cyber insurance amongstrespondents.
➢To know how the sales can be boosted..
➢To know effectiveness of advertisement on creating market awareness about cyber
insurance.
➢To know if the companies adopting cyber insurance to decrease therisks.
➢To know if the actual working of cyber insurance in market with reference to a firm.
➢To know the satisfaction level of consumers.
➢To know the working of the cyber insurance in today’s scenario
➢To know which product is most popular amongstusers.
28| P a ge
CHAPTER 3
RESEARCH
METHODOLOGY
29| P a ge
RESEARCH
METHODOLOGY
29| P a ge
CHAPTER 3
RESEARCH METHODOLOGY
1.AREA OFSTUDY
ThepopulationofstudywasemployeeofinNaviMumbai.
2.OBJECTIVE OF THESTUDY
Eachresearchstudyhasitsownspecificpurpose.Itisliketodiscoverto
Questionthroughtheapplicationofscientificprocedure.Butthemainaimofour
researchtofindoutthetruththatishiddenandwhichhasnotbeendiscoveredas
yet.Ourresearchstudyhasfollowingobjectives:-
➢To study & understand “Cyber riskinsurance”.
➢Study of Cyber Insurance With reference to Apex Insurance BrokingServices.
➢To know whether self-preventive methods can replace cyber riskinsurance.
3.RESEARCHMETHODOLOGY :
Researchasaprocessinvolvesevaluatingdata,derivinginferenceandconclusionsafter
carefultesting,agoodresearchdesignisflexible,relevant,efficient,economical,and
focused.TheResearchandmethodologyconsistsoffollowingmethods:
Data Sources
ResearchInstruments
Data Analysis
Samplesize
30| P a ge
RESEARCH METHODOLOGY
1.AREA OFSTUDY
ThepopulationofstudywasemployeeofinNaviMumbai.
2.OBJECTIVE OF THESTUDY
Eachresearchstudyhasitsownspecificpurpose.Itisliketodiscoverto
Questionthroughtheapplicationofscientificprocedure.Butthemainaimofour
researchtofindoutthetruththatishiddenandwhichhasnotbeendiscoveredas
yet.Ourresearchstudyhasfollowingobjectives:-
➢To study & understand “Cyber riskinsurance”.
➢Study of Cyber Insurance With reference to Apex Insurance BrokingServices.
➢To know whether self-preventive methods can replace cyber riskinsurance.
3.RESEARCHMETHODOLOGY :
Researchasaprocessinvolvesevaluatingdata,derivinginferenceandconclusionsafter
carefultesting,agoodresearchdesignisflexible,relevant,efficient,economical,and
focused.TheResearchandmethodologyconsistsoffollowingmethods:
Data Sources
ResearchInstruments
Data Analysis
Samplesize
30| P a ge
1.Datasources:
Primary sources in simple term can be stated as, the one that itself collects the data. While
secondary sources one that makes data available through some otheragencies.
Primary Data: -The different methods of collecting primary dataare
➢By having a one to one interaction with theclients
➢By visiting various insurancecompanies
Secondary Data: -
➢Referred from various magazines andBooks
➢Referred from internet explored
➢Referred from various power pointpresentations
2.ResearchInstruments
➢Telephonic Interview-one to one interaction with theclients
➢Survey
3.DataAnalysis:
Havinggatheredallthedataorinformationfromallthesourcesi.e.primaryand
secondary,thedataisanalysedproperlytodrawrelevantconclusiontojustifythe
researchwork.
4.Samplesize
Survey of 50 different clients was done to gatherdata.
5.LIMITATIONS
The period of two months for the study is limited.
Practically difficult to collectdata.
Time consuming process for collecting data.
Some of the clients failed to give proper response.
31| P a ge
Primary sources in simple term can be stated as, the one that itself collects the data. While
secondary sources one that makes data available through some otheragencies.
Primary Data: -The different methods of collecting primary dataare
➢By having a one to one interaction with theclients
➢By visiting various insurancecompanies
Secondary Data: -
➢Referred from various magazines andBooks
➢Referred from internet explored
➢Referred from various power pointpresentations
2.ResearchInstruments
➢Telephonic Interview-one to one interaction with theclients
➢Survey
3.DataAnalysis:
Havinggatheredallthedataorinformationfromallthesourcesi.e.primaryand
secondary,thedataisanalysedproperlytodrawrelevantconclusiontojustifythe
researchwork.
4.Samplesize
Survey of 50 different clients was done to gatherdata.
5.LIMITATIONS
The period of two months for the study is limited.
Practically difficult to collectdata.
Time consuming process for collecting data.
Some of the clients failed to give proper response.
31| P a ge
4.RESEARCHDESIGN.
Researchdesignistheframeworkorplanforastudythatguidesthecollectionandanalysis
ofthedata.Itisamaporblueprintaccordingtowhichresearchistobeconducted.The
researchdesignisgivenbelow,
NATUREOFRESEARCH:
Theresearchdesignfollowedforthisstudyisdescriptiveresearchforanalyzingthe
collecteddata,anin-depthresearchanalysiswasframedandvariousstatisticaltoolsand
techniqueswerealsousedforthepurpose.
TYPESOFRESEARCH:
TheresearchisbasedonDescriptiveandQualitativeresearch.
➢DESCRIPTIVERESEARCH-Descriptiveresearchincludessurveysandfactfinding
enquiresofdifferentkinds.Themajorpurposeofdescriptiveresearchisdescriptionof
thestateofaffairsasitexistsatpresent.Researcherhasnocontroloverthevariablesof
thistypeofresearch.
➢QUALITATIVE RESEARCH:Theresearchneedscomparisonbetweendifferent
telecomcompanies.Sothisisbasedonallqualitativedata.Inshort,Qualitative
researchisespeciallyimportantinthebehaviouralscienceswheretheaimisto
discovertheunderlinemotivesofhumanbehaviour.Throughsuchresearchwecan
analyzevariousfactorswhichmotivatetopeopletobehaveinaparticularmanneror
whichmakepeoplelikeordislikeaparticularthing.
32| P a ge
Researchdesignistheframeworkorplanforastudythatguidesthecollectionandanalysis
ofthedata.Itisamaporblueprintaccordingtowhichresearchistobeconducted.The
researchdesignisgivenbelow,
NATUREOFRESEARCH:
Theresearchdesignfollowedforthisstudyisdescriptiveresearchforanalyzingthe
collecteddata,anin-depthresearchanalysiswasframedandvariousstatisticaltoolsand
techniqueswerealsousedforthepurpose.
TYPESOFRESEARCH:
TheresearchisbasedonDescriptiveandQualitativeresearch.
➢DESCRIPTIVERESEARCH-Descriptiveresearchincludessurveysandfactfinding
enquiresofdifferentkinds.Themajorpurposeofdescriptiveresearchisdescriptionof
thestateofaffairsasitexistsatpresent.Researcherhasnocontroloverthevariablesof
thistypeofresearch.
➢QUALITATIVE RESEARCH:Theresearchneedscomparisonbetweendifferent
telecomcompanies.Sothisisbasedonallqualitativedata.Inshort,Qualitative
researchisespeciallyimportantinthebehaviouralscienceswheretheaimisto
discovertheunderlinemotivesofhumanbehaviour.Throughsuchresearchwecan
analyzevariousfactorswhichmotivatetopeopletobehaveinaparticularmanneror
whichmakepeoplelikeordislikeaparticularthing.
32| P a ge
5.SAMPLEDESIGN:
“Asampledesignisadefiniteplanforobtainingasamplefromagiven
population.Itreferstothetechniqueortheproceduretheresearcherwouldadopt
inselectingitemforthesample”
GenerallySampledesignsaretwotypes:
➢PROBABILITY SAMPLE DESIGN
➢NON PROBABILITY SAMPLE DESIGN
In the research, Non-probability research design isused.
6.SamplingArea
Samplingareamaybeageographicalone,suchasstate,district,villageetc.The
researcherwillhavetodecideoneormoreofsuchareathathehastoselectfor
hisstudy.
Inthisresearchstudy,NaviMumbaiisselectedasthesamplingarea.
7.SamplingUnit-50
Sampling unit may be defined as an individual, pair or group of persons included
asrespondent.
In this research study, consumers and employees are the samplingunits.
Size of Sample-
“This refers to the number of items to be selected from the universe to constitute
asample”
In the present research sample size is50.
8.SOURCES OF DATACOLLECTION:
33| P a ge
“Asampledesignisadefiniteplanforobtainingasamplefromagiven
population.Itreferstothetechniqueortheproceduretheresearcherwouldadopt
inselectingitemforthesample”
GenerallySampledesignsaretwotypes:
➢PROBABILITY SAMPLE DESIGN
➢NON PROBABILITY SAMPLE DESIGN
In the research, Non-probability research design isused.
6.SamplingArea
Samplingareamaybeageographicalone,suchasstate,district,villageetc.The
researcherwillhavetodecideoneormoreofsuchareathathehastoselectfor
hisstudy.
Inthisresearchstudy,NaviMumbaiisselectedasthesamplingarea.
7.SamplingUnit-50
Sampling unit may be defined as an individual, pair or group of persons included
asrespondent.
In this research study, consumers and employees are the samplingunits.
Size of Sample-
“This refers to the number of items to be selected from the universe to constitute
asample”
In the present research sample size is50.
8.SOURCES OF DATACOLLECTION:
33| P a ge
While deciding about the method of data collection to be used for the study, the
researcher should keep two types ofdata.
1.Primary Data.
2.Secondary Data.
Researchusesprimarydata,aswellassecondarydata.Primarymeanscollectedasfresh,
andthefirsttimedataandsecondarymeanswhicharealreadyavailablelikeannualreport,
magazines,internet,previouslyresearchesetc.
9.SURVEYMETHOD:
Surveyreferstothemethodofsecuringinformationconcerningphenomenaunderstudyfrom
allorselectednumberofrespondentsoftheconcernedarea.Inasurvey,theinvestigator
examinesthosephenomenawhichexistintheuniverseindependentofhisaction.Research
usestheQuestionnaireMethod.
10.QUESTIONNAIRE
Thestudyreliestoagreatextentonprimarydataandsomeextenttosecondarydata.Inorder
to gather primary data from the respondents a non-disguised questionnaire was designed,
keeping in view the objectives of thestudy.
The questionnaire consists of the following type ofquestions:
➢DICHOTOMOUS:
Herethequestionsaskedhaveonlytwoalternativesfromwhichtherespondentswerefreeto
chooseone.Anexamplequestionisquotedbelowisusedinthequestionnaire
Do you give preference to cyber insurance while buying insurance?
A)Yesb)No
➢OPEN ENDEDQUESTION:
34| P a ge
researcher should keep two types ofdata.
1.Primary Data.
2.Secondary Data.
Researchusesprimarydata,aswellassecondarydata.Primarymeanscollectedasfresh,
andthefirsttimedataandsecondarymeanswhicharealreadyavailablelikeannualreport,
magazines,internet,previouslyresearchesetc.
9.SURVEYMETHOD:
Surveyreferstothemethodofsecuringinformationconcerningphenomenaunderstudyfrom
allorselectednumberofrespondentsoftheconcernedarea.Inasurvey,theinvestigator
examinesthosephenomenawhichexistintheuniverseindependentofhisaction.Research
usestheQuestionnaireMethod.
10.QUESTIONNAIRE
Thestudyreliestoagreatextentonprimarydataandsomeextenttosecondarydata.Inorder
to gather primary data from the respondents a non-disguised questionnaire was designed,
keeping in view the objectives of thestudy.
The questionnaire consists of the following type ofquestions:
➢DICHOTOMOUS:
Herethequestionsaskedhaveonlytwoalternativesfromwhichtherespondentswerefreeto
chooseone.Anexamplequestionisquotedbelowisusedinthequestionnaire
Do you give preference to cyber insurance while buying insurance?
A)Yesb)No
➢OPEN ENDEDQUESTION:
34| P a ge
Heretherespondentsaregivenfullfreedomtoansweranything.Openendedquestionsare
thetypeofquestionusedtogetsuggestionfromtherespondentinordertogivefeedbackto
theorganization
➢MULTIPLECHOICES:
Herethequestionsaskedhaveasetofgivenalternativesfromwhichtherespondentsmay
chooseoneormorealternatives.
Which insurance you like toprefer?
a)lifeb) fire c) medical
➢CLOSED ENDED QUESTION:
Thesetypesofquestionsdonotallowtherespondentstogiveanswerfreely.Closedended
questionarethetypeofquestionswithacleardelineatedsetofalternativesthatconfinethe
respondentstochooseoneofthem.
➢PERIOD OFSTUDY:
TheperiodofstudyhasbeenfromSeptember2017toDecember2017.
3.11.TOOLSUSEDFORINTERPRETATION
➢CHARTS
Barchartandpiechartsareusedtogetaclearlookofthetabulatedvalues.
3.12. LIMITATIONS OF THESTUDY:
35| P a ge
thetypeofquestionusedtogetsuggestionfromtherespondentinordertogivefeedbackto
theorganization
➢MULTIPLECHOICES:
Herethequestionsaskedhaveasetofgivenalternativesfromwhichtherespondentsmay
chooseoneormorealternatives.
Which insurance you like toprefer?
a)lifeb) fire c) medical
➢CLOSED ENDED QUESTION:
Thesetypesofquestionsdonotallowtherespondentstogiveanswerfreely.Closedended
questionarethetypeofquestionswithacleardelineatedsetofalternativesthatconfinethe
respondentstochooseoneofthem.
➢PERIOD OFSTUDY:
TheperiodofstudyhasbeenfromSeptember2017toDecember2017.
3.11.TOOLSUSEDFORINTERPRETATION
➢CHARTS
Barchartandpiechartsareusedtogetaclearlookofthetabulatedvalues.
3.12. LIMITATIONS OF THESTUDY:
35| P a ge
➢As only 50 samples data in survey so it does not represent the view of the total
Indianmarket.
➢Size of the research may not besubstantial.
➢There was lack of time on the part of respondents.
➢The survey was carried through questionnaire and the questions were based on
perception.
➢Most of the respondents are students and are not earning anything so result may
confine to studentsonly.
➢The respondents were reluctant to answer due to their busyschedule.
➢The survey was conducted through college students, housewives and other
working people.
➢There may be biasness in information by marketparticipant.
➢Complete data was not available due to company privacy andsecrecy.
➢Customer dissatisfied with theservices.
➢Misguidance byagents.
➢Lacks of motivation as false commitments were made to customer by the
company
36| P a ge
Indianmarket.
➢Size of the research may not besubstantial.
➢There was lack of time on the part of respondents.
➢The survey was carried through questionnaire and the questions were based on
perception.
➢Most of the respondents are students and are not earning anything so result may
confine to studentsonly.
➢The respondents were reluctant to answer due to their busyschedule.
➢The survey was conducted through college students, housewives and other
working people.
➢There may be biasness in information by marketparticipant.
➢Complete data was not available due to company privacy andsecrecy.
➢Customer dissatisfied with theservices.
➢Misguidance byagents.
➢Lacks of motivation as false commitments were made to customer by the
company
36| P a ge
CHAPTER4
COMPANYPROFILE
CHAPTER4
37| P a ge
COMPANYPROFILE
CHAPTER4
37| P a ge
COMPANYPROFILE
4.1. ABOUTUS:
Like many success stories, ours started with an idea. How could we protect businesses if we
didn’t truly understand them? If we didn’t get out and walk in their shoes for a day? So that’s
exactly what we did a year ago. We got out and started establishing own independent
insurance broking company –Apex Insurance BrokingServices.
Apex Insurance Broking Services Private Limited is a company registered in India having its
registered office at 8-3-229/e/31/1, Venkatgiri, Jubilee Hills, Hyderabad, Telangana, India -
500045. The status of the company isActive.
Apex Insurance Broking has been started by two senior veterans from General Insurance
Industry.
It has special expertise in handling all kind of General Insurance Policies E.g. Motor
Insurance, CPM, WC, GMC, EAR, CAR, Group Personal Accident, Fire Insurance, Transit
Insurance, Fidelity Insuranceetc.
In a short time, Apex Insurance Brooking has created a wide and extensive gamut of clients
across the country which are relying on us on all types of consultancy required for their Risk
mitigation and suggestions on complete insurancepackage.
4.2. WHAT DRIVESUS:
38| P a ge
4.1. ABOUTUS:
Like many success stories, ours started with an idea. How could we protect businesses if we
didn’t truly understand them? If we didn’t get out and walk in their shoes for a day? So that’s
exactly what we did a year ago. We got out and started establishing own independent
insurance broking company –Apex Insurance BrokingServices.
Apex Insurance Broking Services Private Limited is a company registered in India having its
registered office at 8-3-229/e/31/1, Venkatgiri, Jubilee Hills, Hyderabad, Telangana, India -
500045. The status of the company isActive.
Apex Insurance Broking has been started by two senior veterans from General Insurance
Industry.
It has special expertise in handling all kind of General Insurance Policies E.g. Motor
Insurance, CPM, WC, GMC, EAR, CAR, Group Personal Accident, Fire Insurance, Transit
Insurance, Fidelity Insuranceetc.
In a short time, Apex Insurance Brooking has created a wide and extensive gamut of clients
across the country which are relying on us on all types of consultancy required for their Risk
mitigation and suggestions on complete insurancepackage.
4.2. WHAT DRIVESUS:
38| P a ge
The coverage knowledge you want-We provide you with a team of specialists that can meet
the specific and rapidly changingneeds.
We ensure that the most comprehensive and cost-effective solutions are always inplace.
Smarter experts deliver smarter solutions-We work with our strategic partners to ensure a
seamless integration of their services foryou.
Client satisfaction drives our success-We know that our success depends upon how we
respond to your inquiries and resolve your questions andconcerns.
3.WHAT WE PROPOSE:
We take pride in our product knowledge, professionalism, and courtesy
Tailored solutions are successfulsolutions
Apex focuses on de-risking the unknown and unforeseen risks faced by their clients and
adding value to all its stakeholders, including clients, employees, andregulators
Apex follows a sector specific approach by having dedicated teams catering to different
sectors.
4.SERVICE PLEDGE:
Pre-Policy Placement Advisory Services
Financial forecasting of Costs andScenarios
Benefit Plan Funding Approach and Employee ContributionStrategies
Process Review and optimisation Our Capabilities
Plan evaluation and benefits designrecommendations
39| P a ge
the specific and rapidly changingneeds.
We ensure that the most comprehensive and cost-effective solutions are always inplace.
Smarter experts deliver smarter solutions-We work with our strategic partners to ensure a
seamless integration of their services foryou.
Client satisfaction drives our success-We know that our success depends upon how we
respond to your inquiries and resolve your questions andconcerns.
3.WHAT WE PROPOSE:
We take pride in our product knowledge, professionalism, and courtesy
Tailored solutions are successfulsolutions
Apex focuses on de-risking the unknown and unforeseen risks faced by their clients and
adding value to all its stakeholders, including clients, employees, andregulators
Apex follows a sector specific approach by having dedicated teams catering to different
sectors.
4.SERVICE PLEDGE:
Pre-Policy Placement Advisory Services
Financial forecasting of Costs andScenarios
Benefit Plan Funding Approach and Employee ContributionStrategies
Process Review and optimisation Our Capabilities
Plan evaluation and benefits designrecommendations
39| P a ge
4.5. SWOTANALYSIS
The top level management oof Apex insurance brokage service
Principal Officer:-
Mr.Pratapa RamaMohan
( KeyManagement)
HYDERABAD
Director: Mr. Jaghann
Muddigunda (Promoter)
HYDERABAD
Partner: Mr. NitinGarg
NAVIMUMBAI
40| P a ge
The top level management oof Apex insurance brokage service
Principal Officer:-
Mr.Pratapa RamaMohan
( KeyManagement)
HYDERABAD
Director: Mr. Jaghann
Muddigunda (Promoter)
HYDERABAD
Partner: Mr. NitinGarg
NAVIMUMBAI
40| P a ge
Strengths:
•Premium rates are increasing and so arecommissions.
•The variety of products isincreasing.
•Prospects expect more services from theirbrokers.
Weaknesses:
•Apex insurance broking service are often slow to respond to changingneeds.
•There is an increasing trend of financial weakness among thecompanies.
•There are more competitors for agencies to compete with banks and Internetplayers.
Opportunities:
•The ability to cross sell financial services is barely beingtapped.
•Technology is improving to the point that paperless transactions areavailable.
•The client’s increasing need for an “insurance consultant” can open new ways to service the
client and generate income.
Threats:
•The increasing cost and need for insurance might hit a point where a backlash willoccur.
•Government regulations on issues like health care, mold and terrorism can quicklychange
the direction of insurance. Increasing expenses and lower profit margins will hit hard on the
smaller agencies and insurancecompanies.
•Increasing expenses and lower profit margins will hit hard on the smaller agencies and
insurancecompanies.
41| P a ge
•Premium rates are increasing and so arecommissions.
•The variety of products isincreasing.
•Prospects expect more services from theirbrokers.
Weaknesses:
•Apex insurance broking service are often slow to respond to changingneeds.
•There is an increasing trend of financial weakness among thecompanies.
•There are more competitors for agencies to compete with banks and Internetplayers.
Opportunities:
•The ability to cross sell financial services is barely beingtapped.
•Technology is improving to the point that paperless transactions areavailable.
•The client’s increasing need for an “insurance consultant” can open new ways to service the
client and generate income.
Threats:
•The increasing cost and need for insurance might hit a point where a backlash willoccur.
•Government regulations on issues like health care, mold and terrorism can quicklychange
the direction of insurance. Increasing expenses and lower profit margins will hit hard on the
smaller agencies and insurancecompanies.
•Increasing expenses and lower profit margins will hit hard on the smaller agencies and
insurancecompanies.
41| P a ge
Chapter-5
DATA ANALYSIS
AND
INTERPRETATION
Chapter-5
42| P a ge
DATA ANALYSIS
AND
INTERPRETATION
Chapter-5
42| P a ge
DATA ANALYSIS ANDINTERPRETATION
1. In which of the following you would like to invest yourmoney?
Share
23%
If AnyOther
50%
MutualFund
15%
Insurance
12%
INTERPRETATION:
It is found that 23% people prefer to invest their money in shares. 15% people invest
theirmoneyinMutualFunds.12%preferinvestmentininsurance.50%peopleinvest
their money in other investmentmethods.
43| P a ge
1. In which of the following you would like to invest yourmoney?
Share
23%
If AnyOther
50%
MutualFund
15%
Insurance
12%
INTERPRETATION:
It is found that 23% people prefer to invest their money in shares. 15% people invest
theirmoneyinMutualFunds.12%preferinvestmentininsurance.50%peopleinvest
their money in other investmentmethods.
43| P a ge
2. What is your investmentobjective?
Highreturn
25%
Safety
20%
Regular returns
40%
Taxbenefit
15%
INTERPRETATION:
40% people invest their money for Regular returns. 25% invest money for High
Return. 20% invest for safety and 15% people invest their money for Taxbenefit.
44| P a ge
Highreturn
25%
Safety
20%
Regular returns
40%
Taxbenefit
15%
INTERPRETATION:
40% people invest their money for Regular returns. 25% invest money for High
Return. 20% invest for safety and 15% people invest their money for Taxbenefit.
44| P a ge
3. Is the organization aware about Cyber riskinsurance
No
30%
Yes
70%
INTERPRETATION:
From the collected data, we can infer that most of the Corporate and Business are
aware of cyber riskpolicy.
45| P a ge
No
30%
Yes
70%
INTERPRETATION:
From the collected data, we can infer that most of the Corporate and Business are
aware of cyber riskpolicy.
45| P a ge
4. How much your company is willing to invest in cyber insurance?
1000-20000
25%
20000-40000
40%
40000-60000
25%
Andmore
10%
INTERPRETATION:
About 40% say they will prefer 20,000-40,000 Rupees to invest in Cyber insurance.
25% response to Rupees 1000-20,000. 25% say they will prefer 40,000 to 60,000 rupees
invest in Cyber insurance. And only 10% response to above40,000.
46| P a ge
1000-20000
25%
20000-40000
40%
40000-60000
25%
Andmore
10%
INTERPRETATION:
About 40% say they will prefer 20,000-40,000 Rupees to invest in Cyber insurance.
25% response to Rupees 1000-20,000. 25% say they will prefer 40,000 to 60,000 rupees
invest in Cyber insurance. And only 10% response to above40,000.
46| P a ge
5. Is self-prevention better than cyberinsurance?
No
50%
Yes
50%
INTERPRETATION:
•Self-preventionlikestrongpasswordprotection,controllingaccesstodata,Leveraging
firewalls,virtualprivatenetworks,andanti-virus/anti-spamsoftwareaswellassecuring
accesstonetworksandmobiledevicesetc.
•Suchmethodshelptopreventatlowlevels.
•Bigorganizationsthinkthattheythismethodareweakinfrontofeverdeveloping
cybercrimes.
•Therefore,withself-preventioncyberriskinsuranceisalsoimportanttominimize
financialloss
47| P a ge
No
50%
Yes
50%
INTERPRETATION:
•Self-preventionlikestrongpasswordprotection,controllingaccesstodata,Leveraging
firewalls,virtualprivatenetworks,andanti-virus/anti-spamsoftwareaswellassecuring
accesstonetworksandmobiledevicesetc.
•Suchmethodshelptopreventatlowlevels.
•Bigorganizationsthinkthattheythismethodareweakinfrontofeverdeveloping
cybercrimes.
•Therefore,withself-preventioncyberriskinsuranceisalsoimportanttominimize
financialloss
47| P a ge
6. Does the organization feel threatened by cyberrisk?
NO
11%
YES
89%
INTERPRETATION:
Itisfoundthatriskmanagersareconcernedabouttheperceivedthreatofcyber-attacks
ontheirorganizations,namingtheriskasa“topconcern”fortheirorganization.
However,despitecyberriskconcernswithinorganizations,only21%ofcompanies
indicatedtheycurrentlypurchasestand-alonecyberliabilityinsurance.Thelowtake-
uprateofthisinsurancecouldberelatedtolackofawareness,ortheyarenotfamiliar
withcyberinsurance.
48| P a ge
NO
11%
YES
89%
INTERPRETATION:
Itisfoundthatriskmanagersareconcernedabouttheperceivedthreatofcyber-attacks
ontheirorganizations,namingtheriskasa“topconcern”fortheirorganization.
However,despitecyberriskconcernswithinorganizations,only21%ofcompanies
indicatedtheycurrentlypurchasestand-alonecyberliabilityinsurance.Thelowtake-
uprateofthisinsurancecouldberelatedtolackofawareness,ortheyarenotfamiliar
withcyberinsurance.
48| P a ge
7. Which is the most threatening cyber risk toorganization?
10%
33%
57%
HackingVirus/MalwareE-mailSpam
INTERPRETATION:
Virus is rated as most dangerous cyber-attack from the datacollected.
Malicious software that infects your computer, such as computer viruses, worms,
Trojan horses, spyware, andadware.
49| P a ge
10%
33%
57%
HackingVirus/MalwareE-mailSpam
INTERPRETATION:
Virus is rated as most dangerous cyber-attack from the datacollected.
Malicious software that infects your computer, such as computer viruses, worms,
Trojan horses, spyware, andadware.
49| P a ge
8. What type of Policy cover will be most preferred byorganizations?
fullcover
30%
third partycover
70%
INTERPRETATION:
About70%saysthattheywouldpreferonlythird-partycover,sincetheywanttobe
safeguardedbylegalobligations.Ratherthanfullcoverthird-partyispreferredmore
becauseitlowerstherateofpremium.
30% of sample which are the organizations which work on large scale prefer Full-
cover as it protects them from third-party law-suit as well as help them to minimize
financialloss.
50| P a ge
fullcover
30%
third partycover
70%
INTERPRETATION:
About70%saysthattheywouldpreferonlythird-partycover,sincetheywanttobe
safeguardedbylegalobligations.Ratherthanfullcoverthird-partyispreferredmore
becauseitlowerstherateofpremium.
30% of sample which are the organizations which work on large scale prefer Full-
cover as it protects them from third-party law-suit as well as help them to minimize
financialloss.
50| P a ge
9.Whatproportionofyourexistingpolicieswithcyberriskelementsdoyou
consideredtobeatimmediateriskfrombeingtragedybyacyberattack&cyber
incident?
100%
70%
70%
15%
50%
10% Less than50%
5%
INTERPRETATION:
70% People say their policy cover 100% risk. 15% people think their policy cover 70% risk.
10% people response to 50% risk is covered by their police. And only 5% people think their
policy cover less than 50%risk.
51| P a ge
consideredtobeatimmediateriskfrombeingtragedybyacyberattack&cyber
incident?
100%
70%
70%
15%
50%
10% Less than50%
5%
INTERPRETATION:
70% People say their policy cover 100% risk. 15% people think their policy cover 70% risk.
10% people response to 50% risk is covered by their police. And only 5% people think their
policy cover less than 50%risk.
51| P a ge
Chapter-6
Findings
and
Suggestion
52| P a ge
Findings
and
Suggestion
52| P a ge
CHAPTER-6
FINDINGS &SUGGESTION:
➢Cyber-insurance is an insurance product used to protect businesses and individual
users from Internet-based risks, and more generally from risks relating to information
technology infrastructure and activities.
➢Since around 70% of clients are aware about, we can conclude that there is a great
awareness for cyber insurance among corporate andbusinesses.
➢Under cyber risk policy there are various coverlike
▪Besides legal fees and expenses, cyber insurance typically helpswith:
▪Notifying customers about a data breach
▪Restoring personal identities of affectedcustomers
▪Recovering compromised data
▪Repairing damaged computersystems
➢General liability insurance covers bodily injuries and property damage resulting from
your products, services, or operations. Cyber insurance is often excluded from a
general liabilitypolicy.
➢About 57% of organizations feel viruses, malware and worms are most threatening
cyber-attack. Since they cause loss of data which causes obstacles in carrying out
business activity.
➢Third-party Cyber Risk Insurance covers the people and businesses "responsible"for
the systems that allowed a data breach to occur.
▪Events that might trigger a company to file a claim with itsthird-party
▪Failure to anticipate or prevent the transmission of a virus to a thirdparty
▪The misuse, disclosure, or theft of confidential information stored on a
network
53| P a ge
FINDINGS &SUGGESTION:
➢Cyber-insurance is an insurance product used to protect businesses and individual
users from Internet-based risks, and more generally from risks relating to information
technology infrastructure and activities.
➢Since around 70% of clients are aware about, we can conclude that there is a great
awareness for cyber insurance among corporate andbusinesses.
➢Under cyber risk policy there are various coverlike
▪Besides legal fees and expenses, cyber insurance typically helpswith:
▪Notifying customers about a data breach
▪Restoring personal identities of affectedcustomers
▪Recovering compromised data
▪Repairing damaged computersystems
➢General liability insurance covers bodily injuries and property damage resulting from
your products, services, or operations. Cyber insurance is often excluded from a
general liabilitypolicy.
➢About 57% of organizations feel viruses, malware and worms are most threatening
cyber-attack. Since they cause loss of data which causes obstacles in carrying out
business activity.
➢Third-party Cyber Risk Insurance covers the people and businesses "responsible"for
the systems that allowed a data breach to occur.
▪Events that might trigger a company to file a claim with itsthird-party
▪Failure to anticipate or prevent the transmission of a virus to a thirdparty
▪The misuse, disclosure, or theft of confidential information stored on a
network
53| P a ge
Therefore 70% of clients will prefer third party cover over fullcover.
➢As the use of internet is increasing day to day, so as cybercrimes are growing.
In today’s world, it is not possible to safe guard organization data with only
self-preventive methods only; instead cyber insurance provides financial
assistance which helps an organization to keep running itsbusiness.
➢Almost all clients are aware about cyber insurance but still they do not prefer
buying insurance to protect them. It doesn’t’t matter wheatear the companyis
big or small cybercrimes are increasing at a faster rate. Insurance company
should make an effort to educate the clients about cyber riskinsurance.
➢Insurance company should make the clients understand that Cyberinsurance
is different from General insurance. As many of the clients feel that their
cyber risk is covered in generalinsurance.
54| P a ge
➢As the use of internet is increasing day to day, so as cybercrimes are growing.
In today’s world, it is not possible to safe guard organization data with only
self-preventive methods only; instead cyber insurance provides financial
assistance which helps an organization to keep running itsbusiness.
➢Almost all clients are aware about cyber insurance but still they do not prefer
buying insurance to protect them. It doesn’t’t matter wheatear the companyis
big or small cybercrimes are increasing at a faster rate. Insurance company
should make an effort to educate the clients about cyber riskinsurance.
➢Insurance company should make the clients understand that Cyberinsurance
is different from General insurance. As many of the clients feel that their
cyber risk is covered in generalinsurance.
54| P a ge
7.CONCLUSION
➢Fromtheabovestudy,wecanconcludethatcyberinsurancecancoverhackerattacks,
viruses,andwormsthatstealordestroyabusiness’data.Evene-mailorsocial
networkingharassmentanddiscriminationclaimscanbecoveredalongwithtrademark
andcopyrightinfringement.Cyberliabilityinsurancewilloftencoverthelossof
profitsbecauseofasystemoutagecausedbyanon-physicalperil,suchasavirusor
attack.
➢Agoodinsurancecompanywillmakesurethebusinesshasallpossibleprotectionin
place.Itcanmakesureasecuritysystemisinplacetoprotectthenetworkandhelp
createsocialmediapoliciesthatreducerisk.Evenifdataisstoredinthecloud,the
businessmaystillbeliableforabreach.Althoughcontrollinghowacloudprovider
handlestheoperation’sdataisalmostimpossible,cyberinsurancecanprotectthe
operationfromtheirmistakes.
➢Therearecaseswereorganizationshavelosshugedataduetonon-physicalperilwhich
resultedinfinancialloss.Suchhappeningscanbepreventedbytakingpropermeasures
atrighttime,whichcanreducefinancialburdenandwillhelpthebusinessrun
smoothly.
55| P a ge
➢Fromtheabovestudy,wecanconcludethatcyberinsurancecancoverhackerattacks,
viruses,andwormsthatstealordestroyabusiness’data.Evene-mailorsocial
networkingharassmentanddiscriminationclaimscanbecoveredalongwithtrademark
andcopyrightinfringement.Cyberliabilityinsurancewilloftencoverthelossof
profitsbecauseofasystemoutagecausedbyanon-physicalperil,suchasavirusor
attack.
➢Agoodinsurancecompanywillmakesurethebusinesshasallpossibleprotectionin
place.Itcanmakesureasecuritysystemisinplacetoprotectthenetworkandhelp
createsocialmediapoliciesthatreducerisk.Evenifdataisstoredinthecloud,the
businessmaystillbeliableforabreach.Althoughcontrollinghowacloudprovider
handlestheoperation’sdataisalmostimpossible,cyberinsurancecanprotectthe
operationfromtheirmistakes.
➢Therearecaseswereorganizationshavelosshugedataduetonon-physicalperilwhich
resultedinfinancialloss.Suchhappeningscanbepreventedbytakingpropermeasures
atrighttime,whichcanreducefinancialburdenandwillhelpthebusinessrun
smoothly.
55| P a ge
8.REFERENCES/BIBLIOGRAPHY
https://www.irdai.gov.in
https://www.policybazaar.com
https://en.wikipedia.org
https://www.lloyds.com
https://www.pwc.com
Oriental Insurance companyhandbook
56| P a ge
https://www.irdai.gov.in
https://www.policybazaar.com
https://en.wikipedia.org
https://www.lloyds.com
https://www.pwc.com
Oriental Insurance companyhandbook
56| P a ge
ANNEXURE
Questionnaire
I am Akash Sanjay Singh pursuing BMS from Rajiv Gandhi College, Vashi, NaviMumbai.
I’m here to undergo a project on “A Study on Cyber Insurance and Its Awareness in the Corporate sector.” I
request you to kindly help me by filling thisquestionnaire.
PERSONALDETAILS
Name:
Company Name:-
Type ofCompany:-
Designation:-
Gender:Male Female
1. Age: (a) Below30 (b)30-40
(c)40-50 (d) Above50
57| P a ge
Questionnaire
I am Akash Sanjay Singh pursuing BMS from Rajiv Gandhi College, Vashi, NaviMumbai.
I’m here to undergo a project on “A Study on Cyber Insurance and Its Awareness in the Corporate sector.” I
request you to kindly help me by filling thisquestionnaire.
PERSONALDETAILS
Name:
Company Name:-
Type ofCompany:-
Designation:-
Gender:Male Female
1. Age: (a) Below30 (b)30-40
(c)40-50 (d) Above50
57| P a ge
2. In which of the following you would like to invest yourmoney?
a)Share b) Mutualfunds
c)Insurance d) if anyother
3. What is your investmentobjective?
a) Highreturn b)Safety
c) Regularreturns d) Taxbenefit
4. Is the organization aware about cyber riskinsurance?
a)Yes b)No
5. How much your company is willing to invest in cyberinsurance?
a)1000-20000 b)20000-40000
c)40000-60000 d) andmore
6. Is self preventation better than cyberinsurance?
a)Yes b)No
58| P a ge
a)Share b) Mutualfunds
c)Insurance d) if anyother
3. What is your investmentobjective?
a) Highreturn b)Safety
c) Regularreturns d) Taxbenefit
4. Is the organization aware about cyber riskinsurance?
a)Yes b)No
5. How much your company is willing to invest in cyberinsurance?
a)1000-20000 b)20000-40000
c)40000-60000 d) andmore
6. Is self preventation better than cyberinsurance?
a)Yes b)No
58| P a ge
7. Does the organization feel threatening cyber risk toorganization?
a)Yes b)No
8. Which is the most threatening cyber risk toorganization?
a)Hacking b)Virus/Malwares
c) Emailspam
9. What type of policy cover will be most preferred byorganization?
a) Fullcover b) Third partycover.
10.Whatproportionofyourexistingpolicieswithcyberriskelementsdoyou
consideredtobeatimmediateriskfrombeingtragedybyacyberattack&cyber
incident?
a)100% b)70%
c)50% d) Less than50%
59| P a ge
a)Yes b)No
8. Which is the most threatening cyber risk toorganization?
a)Hacking b)Virus/Malwares
c) Emailspam
9. What type of policy cover will be most preferred byorganization?
a) Fullcover b) Third partycover.
10.Whatproportionofyourexistingpolicieswithcyberriskelementsdoyou
consideredtobeatimmediateriskfrombeingtragedybyacyberattack&cyber
incident?
a)100% b)70%
c)50% d) Less than50%
59| P a ge
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 1,576
- Slides 60
- Age 2053 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views