Key Takeaways
  • Cyber insurance for small Indian businesses typically costs ₹15,000–75,000 a year for standard cover, scaling up for data-heavy or high-risk industries.
  • It covers data breach response, ransomware and extortion, business interruption from a cyber incident, and third-party liability — not just "hacking."
  • Most insurers now require baseline security controls — MFA, regular backups, basic staff training — before they'll issue a policy at standard rates; missing these can add 25% or more to your premium, or disqualify you entirely.
  • AVYA's risk framework applies directly here: reduce your exposure first through security basics, then transfer the remainder through insurance.

The payment request looked exactly like the one her supplier always sent — same logo, same tone, one digit different in the account number. ₹4.2 lakh left her business account before anyone noticed. It wasn't a dramatic hack. It was a five-minute email that looked completely ordinary.

What cyber insurance actually covers

Typically covers

  • Data breach response — forensics, customer notification, credit monitoring where required
  • Ransomware and cyber extortion — negotiation support and, depending on policy, the ransom itself
  • Business interruption directly caused by a cyber incident — lost income while systems are down
  • Third-party liability — if a client's data was compromised through your systems
  • Social engineering and payment fraud, depending on the policy's specific wording

Typically excludes

  • Losses from vulnerabilities you already knew about and hadn't patched
  • Fraud committed intentionally by your own employees
  • Reputational damage itself (crisis PR costs are sometimes a separate add-on)
  • Incidents where the controls named in your application weren't actually in place

The security basics insurers expect before they'll quote you

Missing multi-factor authentication on email and remote access can add 25% or more to your quote — or mean you don't get quoted at all. The basics insurers look for: MFA on email and admin accounts, regular encrypted backups, basic phishing-awareness training for staff, and a documented, even simple, incident response plan.

"We didn't even have MFA turned on for the finance inbox. That was the whole opening."

This matters beyond the premium. AVYA's own risk framework starts with reducing exposure before transferring the rest through insurance — strong basic security is simply good business, cover or not.

70%+ Of small businesses in India report being targeted by cyberattacks — and most had no cyber cover in place at the time. Over 11 lakh cyber fraud cases were reported nationally in a recent year.

Indicative pricing

Small Business / Startup ₹15,000–30,000/yr Limited sensitive data, standard digital operations.
Data-Heavy / Fintech / Healthtech ₹40,000–90,000/yr Handles payment data, health records, or PII at volume.
Comprehensive, Higher Limit ₹90,000–2,00,000+/yr Larger sum insured, regulated sectors, enterprise clients.

Figures above are indicative industry ranges for general awareness, not a quote. Actual premium depends on your industry, data volume, security posture, and the insurer's underwriting. AVYA doesn't recommend specific insurers or products on this page — for the cover that actually fits your business, talk to AVYA.