Insurance business is well structured and well
established in India. Even the regulatory framework in the
traditional insurance sector is well managed by Indian government.
With the passage of time, new avenues are now available for the
insurance business. One such avenue comes from the adoption of
information and communication technology (ICT) in our daily lives and
the misuse of the same by criminal elements.
Perry4Law
has been advocating use of cyber insurance since 2004 and from that
year onwards we have been keeping a close watch upon the developments
in this field at both national and international levels. Cyber
insurance was adopted by developed nations earlier than India as it
is only now that Indian insurance companies and Indian companies and
other individuals have realised the importance of cyber insurance.
Information Technology Act, 2000 (IT Act 2000)
prescribes adoption of adequate cyber security practices and cyber
law due diligence (PDF) by Indian companies and individuals. Even
technology companies, financial
institutions and e-commerce websites are required to observe
cyber due diligence in India and this requirement cannot
be ignored anymore. A special attention must be given to the
Information
Technology (Intermediaries Guidelines) Rules 2011 (PDF) and
Information
Technology (Reasonable Security Practices and Procedures and
Sensitive Personal Data or Information) Rules 2011 (PDF) by those
engaged in technology related business in India.
Regulatory compliance requirements
under the Indian
Companies Act 2013 (PDF) have added many legal obligations on the
part of Indian companies and their directors.
These include the liability of directors for cyber
law and cyber
security breaches and a liability for not following cyber
law and cyber security legal obligations while conducting the
functions of their respective companies.
Foreign companies and e-commerce websites having a
business presence in India would now be required
to register in India. This would also make them amendable to
Indian laws and to face legal obligations for their non compliances.
For instance, the recent cyber
breach at Target Corporation has exposed it to litigation
in multiple jurisdictions around the world.
Cyber breaches in India would raise complicated
cyber
law issues in the near future. For instance, cyber
security issues of e-commerce business in India need to be
discussed and implemented by Indian government and insurance
companies. Similarly, cyber due diligence must also be outlined and
implemented for online
payment makers. Maintenance
and inspection of document in digital form under corporate laws
of India would also raise privacy,
data
protection (PDF) and cyber
security issues.
All these aspects need a dedicated techno
legal framework that is presently missing in India. Similarly,
corporate
frauds investigations in India would need scientific technologies
and methods like e-discovery,
cyber forensics,
etc. If cyber
security (PDF) and cyber
forensics (PDF) trends in India are considered, this is a big
challenge for Indian government, insurance companies and other
corporate stakeholders. If cyber insurance has to be considered to be
a potential source of revenue by insurance companies and adequate
protection by Indian company ies, they have to work hard in their
respective fields.
Merely entering into an insurance agreement for
cyber insurance purposes would create more trouble than solutions as
complicated techno legal issues are involved in international cyber
crime and cyber attack cases. For instance, insurance companies and
affected companies may also face and have to tackle conflict
of laws in cyberspace, authorship
attribution for cyber crime and cyber attacks, refusal
and non
cooperation by foreign governments and companies in cyber crimes
investigations, etc.
In these circumstances, not only the cyber insurance
agreements must be properly drafted by insurance companies but techno
legal investigation skills must also be used for investigating cyber
crimes and cyber attacks cases by both the affected companies and
insurance companies.