Indian cyber insurance market trails AI-driven attack surge

India logged 2.04M cyber incidents in 2024, yet its cyber insurance market is just $580-750M. AI-driven attacks force constant risk reassessment.

Categorized in: AI News Insurance
Published on: Jul 06, 2026
Indian cyber insurance market trails AI-driven attack surge

India recorded over 2.04 million cybersecurity incidents in 2024, according to a 2025 EY report, yet the domestic cyber insurance market remains an estimated $580-750 million - a fraction of the global market's $14.2 billion. As AI-powered attacks grow faster and cheaper, enterprises that might buy cover often don't, and insurers are still learning to price a risk that doesn't sit still.

Why adoption lags

Evaa Saiwal, head of Cyber & Liability Insurance at Policybazaar for Business, points to a fundamental disconnect. "Most Indian companies still approach cyber primarily as an IT issue or a security issue, whereas cyber insurance requires it to be viewed as an enterprise or a business risk." She said many firms treat security controls and insurance as alternatives rather than complements, a view that strong cybersecurity removes the need for a policy.

Amarnath Saxena, chief technical officer - Commercial at Bajaj General Insurance, added that small and mid-sized organisations often find premiums too high for their budgets, preferring to spend on security tools instead. Pallavi Malani, India leader for Insurance Practice at BCG, sees a different bottleneck. "The awareness problem is largely solved, most boards in India have cyber on their risk register," she said. "The penetration problem persists for a different reason: the product itself is still hard to buy. Pricing is inconsistent across providers, policy wording is not standardised, and India lacks a deep enough bench of actuaries and underwriters trained specifically in cyber risk to price it with credibility."

What happens when a claim is filed

Few enterprises understand what occurs once an incident is reported, and that gap between expectation and reality can be wide. Bhranti Shah, chief insurance officer at Mitigata Cyber Resilience, described the mismatch: "In my experience conducting gap assessments, it is common to find that, on paper, a client believes 80-90% of potential loss scenarios are covered. In reality, once sub-limits, waiting periods, business continuity provisions, silent exclusions, and standard policy exclusions are applied, the actual coverage is often significantly lower. One of the biggest reasons is that policy wordings are difficult to interpret, and insurers use different base policy forms."

A cyber claim differs from a fire or theft claim where damage is visible immediately. Saiwal explained that after a company reports an incident, insurers deploy forensic investigators, breach coaches, legal counsel and PR advisers together to contain the attack and preserve evidence. Only then can the cause and financial loss be established properly. Saxena pointed to manufacturing as a clear example of why this matters: business interruption losses can run for weeks or months. The EY report notes that India ranks second globally in ransomware volume, with average downtime of 21 days per incident.

Pricing a risk that keeps changing

AI is forcing insurers to question the numbers they rely on. Shah said AI is "changing the frequency curve much faster than most Indian insurers' actuarial models have been able to adapt," adding that premiums are still largely based on pre-AI loss data and remain underpriced relative to the actual risk. Malani made a parallel point: "AI breaks a foundational actuarial assumption - that attack frequency is relatively stable and severity is the main variable to model."

The EY report added that 61% of breaches in 2023 were linked to third-party vendors, meaning a single weak supplier can trigger cascading losses across multiple policyholders. Dr. Sanjay Katkar, joint managing director at Quick Heal Technologies, said "AI-enabled attacks are making phishing campaigns more convincing, automating reconnaissance activities, and scaling social engineering attempts with unprecedented speed and precision." Parag Khurana, country manager, India at Barracuda Networks, described AI as "a force multiplier rather than a revolution."

How insurers are responding

Underwriting is shifting beyond the sum insured. Saxena said insurers now weigh IT system exposure, vulnerability to attack, and selected coverages. Enterprises expect more than a payout - they want incident response support, vendor access, and proactive risk assessments. Underwriters are turning to AI for Insurance tools to sharpen pricing and risk selection, while companies use the same cyber risk quantification data to decide how much cover to buy. The EY report shows premiums rose 50% in 2023 amid rising losses, with insurers becoming more selective about who they cover.

Why this matters for insurance professionals

For insurance professionals, cyber risk demands specialist knowledge. Underwriting requires understanding attack vectors, the effect of AI on frequency, and the fine print of policy exclusions. Claims handlers need to coordinate triage with breach coaches and forensic investigators - not just cut a cheque. As insurers build dedicated cyber teams, professionals who can bridge security and insurance, and who are comfortable with AI-driven risk quantification, will find growing opportunity. The market is small today, but the skill gap is already wide.


Get Daily AI News

Your membership also unlocks:

700+ AI Courses
700+ Certifications
Personalized AI Learning Plan
6500+ AI Tools (no Ads)
Daily AI News by job industry (no Ads)