- Overview
TCS is here to make a difference through technology.
Leading the way in innovation for over 50 years, we build greater futures for businesses across multiple industries and 131 countries.
-
Industries
-
Services
-
Products and Platforms
-
Research & Innovation
Overview
Industries
expand here
Services
expand here
Products and Platforms
expand here
Research & Innovation
expand here
- Overview
We’re in it for good, driving positive change for the benefit of all.
Our expert, committed team put our shared beliefs into action – every day. Together, we combine innovation and collective knowledge to create the extraordinary.
-
About Us
-
Leadership
-
Events
- Overview
Extraordinary expertise leads to remarkable results.
We share news, insights, analysis and research – tailored to your unique interests – to help you deepen your knowledge and impact.
-
Customer Stories
-
Perspectives
-
Global studies
-
Topics
- Overview
Want to be a global change-maker? Join our team.
At TCS, we believe exceptional work begins with hiring, celebrating and nurturing the best people — from all walks of life.
-
India
-
Americas
-
Asia Pacific
-
Europe and UK
-
Middle East and Africa
Overview
India
expand here
Americas
expand here
Asia Pacific
expand here
Europe and UK
expand here
Middle East and Africa
expand here
- Overview
Find the latest news about TCS in our Newsroom
Get access to a catalog of the latest news stories from across TCS. Discover our press releases, reports, and company announcements.
-
Press releases
Recent Press releases
View all -
News alerts
-
Analyst recognition
Recent recognitions
View all -
Media kit
- Overview
TCS works hand in hand with world-leading investors.
Tata Consultancy Services LimitedNSE:TCSINR -
Management Commentary
-
Financials
-
News and Events
-
ESG
-
Resources
Overview
Management Commentary
expand here
Financials
expand here
News and Events
expand here
ESG
expand here
Resources
expand here
Top Results
Showing
10
01 - 07
With the rampant increase in cyber-attacks, the need for cyber insurance as a means of protection has unarguably never been higher. The World Economic Forum has stated cybersecurity failure among the highest risks in its Global Risks Report 2021. Ransomware attacks have increased by 150% in 2020, with the amount paid by victims increasing by over 300%. A study from the Ponemon Institute indicates that over 76% of US small and medium businesses (SMBs) experienced a cyberattack in the past year. The rising frequency of these cyber incidents is bound to increase the demand for cyber insurance. In this regard, insurance regulators have stepped up efforts for cyber risk mitigation and protect businesses by taking initiatives to regulate and monitor insurers and their cyber product offerings.
Context of regulation
Cyber insurance helps businesses safeguard against breach incidents and provide coverage for associated costs, including regulatory fines. In the US, the Federal and State Insurance Regulators have recommended cyber insurance regulations to protect key industries against cyber threats. The types of regulations and their impact vary greatly, from simple data collection or periodic reporting of risk exposures to understanding inclusions and exclusions in a cyber insurance product.
The role of regulators in cyber insurance
The Cybersecurity Information Sharing Act was one of the initial Federal laws passed in 2015 to enable sharing of personal information on cyber incidents. Many states have enacted their own legislation to address cyber risks in depth - from exclusions to penalties. The National Association of Insurance Commissioners (NAIC) insurance data security model law finalized in 2017 was recommended by the US Treasury Department, urging states to adopt it in five years. The law establishes data security standards and data breach mitigation processes for insurers. Currently, 19 states have adopted it, with seven states doing so in 2021. States have also enacted privacy laws, such as California’s Consumer Privacy Act (CCPA) and NY’s SHIELD act, while other states like Maine and Nevada launched online privacy laws with General Data Protection Regulation (GDPR)-like provisions. Almost all US states have introduced Data Breach Notification laws that have to be complied with when consumers’ personally identifiable information (PII) is compromised. A few states such as Connecticut, Maine, and New Hampshire have gone further and added requirements specifically for insurers to notify the state’s insurance department.
With the spate of ransomware attacks, the Office of Foreign Assets Control (OFAC) has issued a ransomware advisory discouraging ransomware payments. Recently, NY state had proposed a bill, which is currently under review, that bars businesses from paying ransom in the event of a ransomware attack. Cyber insurance regulations are expected to expand toward such measures for protection against cyber attacks, along with strict enforcement through fines for non-compliance.
What regulations mean for insurers
Cyber-attacks are evolving continuously in sophistication, from phishing and encryption to ransomware-as-a-service attacks. As they can pose a systemic threat, regulators expect insurers to acquire cybersecurity expertise and keep up with market trends. Consequently, insurers are also partnering with cyber security companies to assess insurers’ risks or get advice on compliance policies to gain knowledge. This will help them underwrite cyber-risk with appropriate inclusions, exclusions, or sub-limits for cyber-related losses and to comply with regulatory requirements.
Wake-up call for SMBs
SMBs generally lack cyber expertise or the budget to have a cybersecurity program. According to a recent survey, only 20% of SMBs have cyber insurance. Insurers with cyber expertise and their cyber ecosystem partners are poised to guide SMBs and may act as their risk advisors. Apart from regulations, supporting guidelines have evolved to help businesses implement adequate cybersecurity controls. The National Institute of Standards and Technology’s (NIST) cybersecurity framework is one of the early initiatives for cybersecurity awareness among SMBs. The Cyber Insurance Risk Framework was also recently introduced by NY’s Division of Financial Services. These frameworks enable SMBs to meet cybersecurity compliance and understand their risk exposure. In July 2021, Connecticut state enacted a law to incentivize businesses with safe harbor protection on adopting any of the industry-recognized cybersecurity frameworks. Another initiative is the Cyberspace Solarium Commission report with its recommendation for state regulators to develop certifications for cyber insurance products. These help consumers/insureds understand the level of protection and compliance to laws offered by insurance products.
The way forward
Regulations aim to reduce threats and improve the cyber risk environment. They may even necessitate businesses to have cybersecurity solutions and data privacy standards in place before seeking insurance. Although these may increase costs associated with insurance, they bode well for the cyber insurance industry in the long term. Cybersecurity solutions and data privacy standards prevent losses and help the insurance industry embrace cyber risks in a meaningful way. Cyber insurance regulations are bound to influence the future course of the industry for good. The regulations will ensure better cyber security measures and wider adoption of cyber insurance and curated insurance products.
About the author
Image of Nirmal Kumar J
Nirmal Kumar J
Nirmal Kumar J is a solution architect with the Banking, Financial Services, and Insurance (BFSI) business unit at TCS. He has over 18 years of experience in the insurance industry and has worked with leading insurers on transformation programs. Nirmal specializes in the development of IT solutions, especially BPM solutions for clients. He holds a bachelor’s degree in Computer Science and Engineering from the University of Madras, India.
Related reading
1/4
Europe
Sapthagiri Chapalapalli
TCS’ Journey of Innovation and Transformation in Europe
Blog
|
09 Apr 2024
Opens in new tab
2/4
Blogs
Bodhisatta Biswas
Impact-Investment Framework: Enhancing Oil & Gas Safety and Security
Blog
|
03 Apr 2024
Opens in new tab
3/4
Blogs
India
Manish Singh
QC in Manufacturing Challenges, Enablers, and Applications
Blog
|
29 Mar 2024
Opens in new tab
4/4
Blogs
Realize the promise of GenAI-powered digital workplaces
Blog
|
28 Mar 2024
Opens in new tab
What’s on your mind?
We’re here to help! Tell us what you’re looking for and we’ll get you connected to the right people.
Looking for something else?
