- Cyber insurance for small Indian businesses typically costs ₹15,000–75,000 a year for standard cover, scaling up for data-heavy or high-risk industries.
- It covers data breach response, ransomware and extortion, business interruption from a cyber incident, and third-party liability — not just "hacking."
- Most insurers now require baseline security controls — MFA, regular backups, basic staff training — before they'll issue a policy at standard rates; missing these can add 25% or more to your premium, or disqualify you entirely.
- AVYA's risk framework applies directly here: reduce your exposure first through security basics, then transfer the remainder through insurance.
The payment request looked exactly like the one her supplier always sent — same logo, same tone, one digit different in the account number. ₹4.2 lakh left her business account before anyone noticed. It wasn't a dramatic hack. It was a five-minute email that looked completely ordinary.
What cyber insurance actually covers
Typically covers
- Data breach response — forensics, customer notification, credit monitoring where required
- Ransomware and cyber extortion — negotiation support and, depending on policy, the ransom itself
- Business interruption directly caused by a cyber incident — lost income while systems are down
- Third-party liability — if a client's data was compromised through your systems
- Social engineering and payment fraud, depending on the policy's specific wording
Typically excludes
- Losses from vulnerabilities you already knew about and hadn't patched
- Fraud committed intentionally by your own employees
- Reputational damage itself (crisis PR costs are sometimes a separate add-on)
- Incidents where the controls named in your application weren't actually in place
The security basics insurers expect before they'll quote you
Missing multi-factor authentication on email and remote access can add 25% or more to your quote — or mean you don't get quoted at all. The basics insurers look for: MFA on email and admin accounts, regular encrypted backups, basic phishing-awareness training for staff, and a documented, even simple, incident response plan.
"We didn't even have MFA turned on for the finance inbox. That was the whole opening."
This matters beyond the premium. AVYA's own risk framework starts with reducing exposure before transferring the rest through insurance — strong basic security is simply good business, cover or not.
Indicative pricing
Figures above are indicative industry ranges for general awareness, not a quote. Actual premium depends on your industry, data volume, security posture, and the insurer's underwriting. AVYA doesn't recommend specific insurers or products on this page — for the cover that actually fits your business, talk to AVYA.