Insurance is a vintage industry in India but Cyber Insurance is yet to develop in both its usage and structuring.
One of the most difficult aspects of an Insurance contract is how do we interpret the Uberrimae fedei nature of the contract and determine the limitations of expected disclosure from the proposer.
The “utmost faith” nature of the contract will leave the insured at the complete mercy of the insurer as to whether the disclosures are adequate or not which is done not at the time of accepting the contract but when a claim arises.
The Cyber Security issues are such that no IT user is fully aware of the vulnerabilities that he may be carrying. Some vulnerabilities may be zero day technical vulnerabilities which even the supplier of a hardware or software may not know. Probably some hacker’s conference some where in the world or a torrent post in the underground world could have pointed out the vulnerability and the insurer may find it out through his post incident research. Then would it be reasonable for the insurer to rescind the contract or raise a dispute that may drag on for years in a Court of law?
Similarly let us say there are some problem employees who have caused the loss and when their background is verified by the insurer on a post incident time, he may extract some adverse observations which might have been overlooked by the insured. How reasonable it would be for the insured to then repudiate his insurance contract?
These are some of the issues that Cyber Insurers need to address. If Cyber Insurance industry need to develop, the Government also may have to take a look at what it can do to make companies more insurable or in other words, how the “Cyber Insurability Index” of a company be enhanced?
In this context, it is interesting to note that China has taken a divergent path to make Insurance contract a “contract of honest disclosure” instead of “contract of utmost faith”.
According to the information available in this article,
The Supreme Peoples’s Court (SPC) in China issued an interpretation in May 2013 on certain provisions of the “People’s Republic of China Insurance Law” (PRC insurance Law) focussing mainly on the disclosure obligations of parties entering into insurance contracts and exemption clauses in those contracts.
According to these interpretation, the common law principle of “Utmost good faith” does not apply in China and is over ridden by the provisions of the PRC insurance law tha requires that the policy holder shall make an “Honest disclosure” in response to the insurer’s enquiries about the insured and/or the insured subject matter. The insurer’s right to rescind is also limited to a period of 30 days from the date on which it learns of the failure to disclose or if the non disclosure was known to the insurer at the time the policy was taken or he ought to have known it if sufficient due diligence had been exercised.
IRDA needs to give a thought to similar provisions to be adopted in India so as to make Cyber Insurance popular and reach the SMEs and general public.