Insurance business is well structured and well established in India. Even the regulatory framework in the traditional insurance sector is well managed by Indian government. With the passage of time, new avenues are now available for the insurance business. One such avenue comes from the adoption of information and communication technology (ICT) in our daily lives and the misuse of the same by criminal elements.
Perry4Law has been advocating use of cyber insurance since 2004 and from that year onwards we have been keeping a close watch upon the developments in this field at both national and international levels. Cyber insurance was adopted by developed nations earlier than India as it is only now that Indian insurance companies and Indian companies and other individuals have realised the importance of cyber insurance.
Information Technology Act, 2000 (IT Act 2000) prescribes adoption of adequate cyber security practices and cyber law due diligence (PDF) by Indian companies and individuals. Even technology companies, financial institutions and e-commerce websites are required to observe cyber due diligence in India and this requirement cannot be ignored anymore. A special attention must be given to the Information Technology (Intermediaries Guidelines) Rules 2011 (PDF) and Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 (PDF) by those engaged in technology related business in India.
Regulatory compliance requirements under the Indian Companies Act 2013 (PDF) have added many legal obligations on the part of Indian companies and their directors. These include the liability of directors for cyber law and cyber security breaches and a liability for not following cyber law and cyber security legal obligations while conducting the functions of their respective companies.
Foreign companies and e-commerce websites having a business presence in India would now be required to register in India. This would also make them amendable to Indian laws and to face legal obligations for their non compliances. For instance, the recent cyber breach at Target Corporation has exposed it to litigation in multiple jurisdictions around the world.
Cyber breaches in India would raise complicated cyber law issues in the near future. For instance, cyber security issues of e-commerce business in India need to be discussed and implemented by Indian government and insurance companies. Similarly, cyber due diligence must also be outlined and implemented for online payment makers. Maintenance and inspection of document in digital form under corporate laws of India would also raise privacy, data protection (PDF) and cyber security issues.
All these aspects need a dedicated techno legal framework that is presently missing in India. Similarly, corporate frauds investigations in India would need scientific technologies and methods like e-discovery, cyber forensics, etc. If cyber security (PDF) and cyber forensics (PDF) trends in India are considered, this is a big challenge for Indian government, insurance companies and other corporate stakeholders. If cyber insurance has to be considered to be a potential source of revenue by insurance companies and adequate protection by Indian companies, they have to work hard in their respective fields.
Merely entering into an insurance agreement for cyber insurance purposes would create more trouble than solutions as complicated techno legal issues are involved in international cyber crime and cyber attack cases. For instance, insurance companies and affected companies may also face and have to tackle conflict of laws in cyberspace, authorship attribution for cyber crime and cyber attacks, refusal and non cooperation by foreign governments and companies in cyber crimes investigations, etc.
In these circumstances, not only the cyber insurance agreements must be properly drafted by insurance companies but techno legal investigation skills must also be used for investigating cyber crimes and cyber attacks cases by both the affected companies and insurance companies.