Despite an outbreak of ATM and card frauds, several banks still turn a blind eye towards insuring themselves against the data breaches and cyber security attacks.
In spite of seeing attacks on their ATMs since January, lenders like the State Bank of India, Indian Overseas Banks, and Indian Bank, while they’ve taken the mandatory ‘banker’s indemnity’ insurance cover, they haven’t insured themselves against the data violations and cyber security attacks.
An official from public sector insurer said that many banks, including Indian Bank have taken a basic bankers’ indemnity policy with them that insures against cash in transit, hold-ups, property damage, terrorism, burglary, fire, riot, strike, theft and employee fraud. But none of them have taken a cyber liability policy.
“Physical tampering or damage of the ATM is covered. But computer-related damage/attack is not covered in a basic indemnity cover. Mass skimming of debit/credit card details are protected under a card protection policy that can be an add-on to the basic cover,” Suresh Nair, head of protect development, Bajaj Allianz states.
Ignorance and small, limited IT budgets are the main reasons for dearth of sale of cybersecurity and data breach covers. According to the United Bank official, data breach could run into tens, hundreds, thousands or lakhs. Because innumerable customers’ accounts are at risk and the possible damages are huge, the insurance companies have to quote high, stiff premiums and banks are hesitant to take on this additional expense on their slim IT budgets.