2.CYBER INSURANCE POLICY
- A committee set up by the Insurance Regulatory and Development Authority ofIndia (IRDAI) has recommended the introduction of a cyber insurance policy.Cyber insurance policy is a risk transfer mechanism for cyber risk.
- Cyber risk is commonly defined as exposure to harm or loss r esulting frombreaches of or attacks on information systems.
- This policy will protect the policyholders from cybercrimes.
In October 2020, the IRDAI had set up a committee for cyber liability insuranceunder P Umesh.
Amid the Covid-19 pandemic, there has been rising incidences ofcyberattacksand a growing number of high-profile data violations.
- According to the committee report, the number of internet users in Indiaiscurrently estimated at 700 million.
- India was ranked as the second-largest online marketworldwide in 2019,coming second only to China.
- The number of internet users is estimated to increase in both urban aswell as rural regions. This number is increasing rapidly so also is the numberof users of online banking.
FEATURES OF AN INDIVIDUAL CYBER INSURANCE POLICY (COVER):
- Theft of Funds, Identity Theft Cover, Social Media cover, Cyber Stalking, MalwareCover, Phishing cover, Data Breach and Privacy Breach Cover, etc
- Cyber insurance policies currently available addressrequirements of individuals reasonably well
- However, there are some areas in theproduct features and processes which need improvement.
FIR ON HIGHER CLAIMS:
Insurers should not insist on police FIR (First Information Report) forclaims uptoRs. 5,000.
FIR is a critical requirement to assess claims.
- Clarity in exclusion language relating to compliance with reasonablepractices and precautions and need for coverage for bricking costs.
- Brickingrefers to a loss of use or functionality of hardware as a resultof a cyber event.
- In computers and computer networks, an attack is any attempt to expose, alter, disable, destroy, steal or gain unauthorized access to or make unauthorized use ofan asset.
- A cyberattack is any type of offensive maneuver that targets computerinformation systems, infrastructures, computer networks, or personal computerdevices.
According to Nasscom’s Data Security Council of India (DSCI) report2019, India witnessed the second-highest number of cyber attacks in the worldbetween 2016 and 2018.
WAYS OF CYBERATTACK:
- Spoofing is an identity theft where a person is trying to use the identity of alegitimate user. Phishing is where a person steals the sensitive informationof users like bank account details.
- Spyware is classified as a type of malware (malicious software) designed togain access to or damage one’s computer, often without one’s knowledge.Spyware gathers one’s personal information and relays it to advertisers,data firms, or external users.
- Original SIM gets cloned and becomes invalid, and the duplicate SIM can bemisused to access the user’s online bank account to transfer funds.
CREDENTIAL STUFFING (COMPROMISING DEVICES AND STEALING DATA):
- Credential stuffing is a type of cyberattack where stolen account credentialstypically consisting of lists of usernames and/or email addresses and thecorresponding passwords are used to gain unauthorized access to useraccounts through large-scale automated login requests directed against aweb application.
- Man-in-the-middle attacksduring online payments or transactions, etc.
GOVERNMENT INITIATIVES TO TACKLE CYBER ATTACKS:
CYBER SURAKSHIT BHARAT INITIATIVE:
- It was launched in 2018 with an aim to spread awareness about cybercrimeand building capacity for safety measures for Chief Information SecurityOfficers (CISOs) and frontline IT staff across all government departments.
National Cybersecurity Coordination Centre (NCCC):
- Its mandate is to scan internet traffic and communication metadata (whichare little snippets of information hidden inside each communication)coming into the country to detect real-time cyber threats.
CYBER SWACHHTA KENDRA:
In 2017, this platform was introduced for internet users to clean theircomputers and devices by wiping out viruses and malware.
INFORMATION SECURITY EDUCATION AND AWARENESS PROJECT (ISEA):
- A project to raise awareness and to provide research, education and trainingin the field of Information Security.
- National Computer Emergency Response Team(CERT-In) functions asthe nodal agency for coordination of all cyber security efforts, emergencyresponses, and crisis management.
- Protection and resilience of critical information infrastructure with the NationalCritical Information Infrastructure Protection Centre (NCIIPC)operating as the nodal agency.
- NCIIPC was created under the Information Technology Act, 2000 to secureIndia’s critical information infrastructure.
INFORMATION TECHNOLOGY ACT, 2000:
The Act regulates use of computers, computer systems, computer networksand also data and information in electronic format.
BUDAPEST CONVENTION ON CYBERCRIME:
- It is an international treatythatseeks to address Internet and computer crime by harmonizing national laws,improving investigative techniques, and increasing cooperation among nations. Itcame into force on 1 July 2004.
- India is not a signatoryto this convention.It brings together all stakeholders i.e.government, private sector and civil society on the Internet governance debate.