8th September, 2021
GENERAL INSURERS (Other than Stand Alone Health Insurers and Specialised
Re: Product Structure for
There are rising incidences of cyber attacks along with a
growing number of high profile data breaches. The online exposures for
individuals, business organizations, offices and other establishments continue
to increase more so in the current pandemic situation. The Authority had,
therefore, constituted a working group with a focus to examine the possibility
of bringing standardisation of Cyber Liability Insurance policy wording.
2. The Working Group, after conducting wide consultations with
various stakeholders, and after internal deliberations concluded that
standardisation of policy wording is not desirable at this juncture keeping in
view of the evolving nature of legislative frameworks in dealing with cyber
risk, fast growing digital ecosystem, increasing interconnectedness globally and
complexity of IT systems and emergence of new risks.
However, it is advised that general insurers may be guided by
the model policy wordings for Personal Cyber Insurance cover and common
reference framework provided on cyber insurance policies and coverages given in
the document attached to this circular.
The main objectives of the guidance document on product
structure for Cyber Insurance are;
to enable insurers to evaluate new
technologies posing heightened cyber risk, identify protection gaps in the
existing products and address the changing needs of market.
to facilitate insurers in
developing stand-alone cyber insurance products, specifically designed to
address the evolving cyber risks.
to provide a set of recommendations
on maximum possible coverages that could be included in the cyber insurance
to encourage insurers to adopt
best practices and provide additional covers in response to customer
to improve the development of the
cyber insurance market with new products and enhance benefits for
General insurers who have already developed some cyber
insurance products with exclusive coverage for individuals to protect against
cyber perils and currently offering the products that mainly focused on
commercial business, may review the product structure based on the coverages advocated
in the document. The filing of the such product/s may be undertaken at the
earliest to respond to the needs of customers who are increasingly exposed to
the cyber threat of digital services.
The general insurers can also expand the scope of cyber risks
included in the traditional policies for the benefits of policyholders.
However, the insurers may be mindful of overlapping coverages in cyber insurance
policies and other types of insurance policies currently covering cyber risk
with limited scope.
Considering the demand for new cyber insurance products due
to the dynamic nature of cyber-attacks and novel challenges, the general insurers
shall continuously endeavour to design tailor-made products referring to model
policy wordings and guidance provided in the document. The above objectives
should be implemented by insurers in a manner that is fair and useful to
It may be noted that the model product structure and suggested
insurance coverages brought out in the guidance documents are indicative and
not intended to be an exhaustive list of requirements. In
addition to common reference framework contained in the document, it is equally
important for insurers to consider the emerging insurable cyber perils and
provide to customers a core insurance protection against cyber risks.
acknowledge this circular and confirm having noted its contents.
Chief General Manager (Non-Life)
Cyber Insurance model policy wordings and Guidance Document on Common Reference