Case Study: The Cost of Delay in Purchasing Cyber Insurance

Background:

Recently, one of our clients experienced a ransomware attack that severely disrupted their operations. Prior to the incident, their management believed that a USD 1 million (INR 8.5 crore) cyber insurance cover was unnecessary.

Incident Summary:

Following the attack, the same client urgently sought to purchase a USD 40 million (INR 340 crore, approx.) cyber insurance policy. However, since the data breach had already occurred, no insurer was willing to accept their proposal. Even though they later revamped their entire IT infrastructure and implemented advanced cybersecurity measures, insurers were unable to underwrite the risk due to a lack of reinsurance support.

Impact:

While the company did not disclose the full financial impact of the attack, the forensic investigation costs alone amounted to INR 92 lakhs. Adding to their challenge, several of their overseas clients made cyber insurance a mandatory prerequisite for continuing business. This has put the company in a difficult position — risking both current contracts and future opportunities due to the absence of cyber insurance coverage.

Key Takeaways:

– Always maintain an active Cyber Security Insurance Policy — it provides critical financial protection in case of a breach.
– Many US and European clients require Indian companies to have adequate cyber coverage to do business with them.
– Purchase coverage proactively, ideally equivalent to your company’s turnover, rather than after an incident.
– A cyberattack is not a question of “if” — but “when.” Preparedness is the only defense.