Cyber-insurance is an insurance product for businesses and individual user’s protection from Internet-based risks, and more generally from risks relating to information technology infrastructure and activities.
Cyber insurance typically includes indemnification from lawsuits related to data breaches, such as errors and omissions. It also covers losses from network security breaches, theft of intellectual property and loss of privacy.
Indian IT Amendment Act 2008(SEC 43A)
IT Act 2000 was amended by Ministry of Information Technology and is known as IT amendment act 2008. As per IT Amendment Act 2008 Sec (43A) if a company or an organisation which fails to protect data shall be liable to pay damages by way of compensation to the person effected.
Under Article 83 (5) GDPR, the maximum penalty for companies and organizations for failure to comply with the General Data Protection Regulation can amount to upto € 20 million or 4% of the annual worldwide turnover, whichever is greater. According to Art. 83 (4) GDPR, there is a graduated approach to fines. Example, a company can be convicted with 2% because it does not keep its records in the correct order (Article 28).
Cyber Security Due Diligence means taking “Proper and Reasonable Care and Caution” while dealing with Online/Technological Transactions and Activities. For instance, if a person is a Telecom Service Provider, it has the “Responsibility to Ensure” that its Telecom Infrastructure is not “Misused” for committing Cyber Crimes.