‘Multi-pronged approach needed for cyber safety’

Na Vijayashankar, an Information Assurance Consultant tells us, “Right now, there are about four companies that provide cyber security insurance. These are companies with international collaborations and they have brought to India policies which have been developed in the USA. So far, cyber-security insurance products are being provided to large companies, based on the reputation. It is not being provided on the basis of cyber risk. I have been asking the Govt of India to make cyber security insurance mandatory for banks. They should provide cyber insurance at least up to a certain value for all its customers at the cost of the bank. Instead, what I have seen is that some of the banks are asking their card holders to pay the premium and take up insurance against frauds. I do not subscribe to the idea of the customer footing the insurance bill for such frauds.” 

The priority at this point in time seems to be evolving a mechanism that can help assign a monetary value for information, especially in the context of major corporations and financial institutions. 

Dr Muthukumaran B, the Practice Head-BigData & GM-Training at HTC Global Service India (P) Ltd, says, “The present accounting system globally does not have a provision for ‘information accounting’. The concept of information accounting needs to be inculcated as a subject in universities. The idea is that there needs to be a way in which you can quantify and assign a monetary value to huge volumes of information, which can help companies in case of any untoward incident, like a fraud.” 

He goes on to add, “Similar to how SEBI functions as a regulatory body for the securities market, we also need a regulator for information accounting that can lay down guidelines for the industry.” 

As per a draft circular issued by the RBI in September last year, in case of any fraudulent card encashment, if the customer on receipt of the SMS alert, reverts to the bank saying that the transaction has not been authorised by him or her, within three days, then there is no liability on the customer. If these RBI’s provisions are faithfully implemented, there is no need for the customer to take a cyber security insurance police, says another IT expert. 

Vijayashankar goes on say, “Last year, I conducted an all-India survey on the status of cyber security insurance in India to understand the awareness of such issues from the perspective of both the insurer and the insured. I believe cyber security insurance providers, through their efforts can help set the high standards for information security. Apart from offering such policies to individual customers, insurance firms can invest in awareness building activities too. We also need a new breed of cyber security insurance consultants and techno-legal specialists to step into the fray.”