Cyber Insurance in India: Legal Framework, Gaps, and Risk Mitigation
With the growing importance of cyber insurance being recognized in India, there are increasing instances of companies opting for it in light of rising cyber threats. Such recognition is highlighted in the startling finding of CERT-In where over 2.04 million cybersecurity cases were observed during the year 2024 . Therefore, it becomes essential to understand the current state of the cyber insurance market through the legal and regulatory framework prevailing in India, particularly given the existence of the Digital Personal Data Protection (DPDP) Act, 2023. The analysis of these dynamics brings forth various gaps that require further discussion, particularly the very low market penetration rate of less than 1%, the problem of high premiums, exclusions in policies, and the overall lack of awareness surrounding the topic. There are multiple ways through which these gaps may be addressed. As a result of analyzing the characteristics of products, gaining insights from case studies, and monitoring market trends, the intrinsic value of cyber insurance can be identified. While simply an instrument to transfer risk financially, cyber insurance is an important aspect of incident response and a motivating factor in advocating for improved cybersecurity. In this context, suggestions for standardizing policies, incentivizing the uptake through regulatory measures, and encouraging private-public cooperation have been proposed as vital approaches that could help promote cyber insurance as a valuable tool.