Why Cyber Insurance Must Become India’s New Financial Essential

As the Global Fraud Awareness Week (November 16–22) drew to a close, one aspect that did not receive much attention was insurance as a tool for risk mitigation. As the world increasingly embraces technology in all aspects of life, the nature of fraud is also becoming more complex and harder to detect. 

Phishing and vishing continue, but frauds are now acquiring newer dimensions. They involve digital means, identity theft, impersonation, usage of mule accounts and many other techniques that are as sophisticated as the technology itself, eroding the confidence and trust of individuals and institutions.

The Extent
The numbers stare at us starkly, hinting that mitigating them requires more than just awareness. UPI daily transactions reached a record ₹940 billion in October, up 13% from September, driven by festive spending and lower GST rates.

As of October 2025, daily UPI transaction volumes hit 754 million. About 85% of digital payment transactions in India take place through UPI. Worth accolades. But digital payments were also responsible in driving the volumes of fraud cases up by 34%. The total amount lost in frauds was ₹360.14 billion in 2025 compared with ₹122.30 billion in 2024. Indian banks reported three times the number of fraud cases in 2024 than in 2023. Nearly ₹200 billion was lost in 2024–25 in AI-enabled scams. Overall fraud value rose three times, largely due to high-value corporate incidents.

The most serious and of concern was the Jaguar Land Rover cyber fraud case that occurred in September 2025. Using stolen employee credentials, the scamsters launched a vishing attack. The attack on JLR halted production, which could not fully resume until October 2025. This resulted in direct financial losses of £196 million. 

As investigations uncover more details and experts work on ways to prevent such scams in the future, government agencies have issued advisories to major UK companies asking them to take steps to protect themselves from cyberattacks.

Serious Implications
At a time when cyberattacks have become a reality in both retail and corporate segments, the consequences can be disastrous. While retail frauds typically involve smaller amounts and result in personal losses, corporate frauds involve far larger sums and can lead to losses not only for companies but also for the country’s economy and financial stability, eroding people’s confidence in the system.

As in the JLR case, the fraud impacted the British economy and its supply chain, with the UK reporting the lowest car production numbers in September since 1952 and losing 0.17% of economic output.

The impact of large corporate frauds is so significant that it may require serious government intervention. In the JLR case, the British government considered partially guaranteeing bank loans and acting as a buyer of last resort for components if the company were to default on its debt repayment obligations.

The alternative would have been to let the company fail, which would have been far more disastrous. Thankfully, the crisis was managed without resorting to these options. In both the options, however, the costs would ultimately have to be borne by the taxpayers.

Building the Walls
Technology can help build protective walls against such attacks. And that would be a must-take proactive step but not enough. Continuous monitoring and updating of these protective systems are also a necessity. Further, banks and regulators are working together to put fraud detection and prevention methods in place. These include change of all bank domains to .in which will be given only to the banks registered with the Reserve Bank of India and banks getting together to set up the Indian Digital Payment Intelligence Corporation for realtime intelligence sharing among banks and other financial intermediaries to strengthen protection against digital frauds.

Insurance: The Final Call
Having taken the two important steps of creating awareness and building protective walls internally and externally, the third step of buying insurance cover against frauds cannot be ignored.

Unfortunately, there is a complete lack of awareness about this. The most alarming revelation from the JLR case was that the company did not have cyber insurance. In India, less than 1% of businesses had cyber insurance as of 2024. Even within this 1%, a quarter of claims were rejected due to technical issues. Globally, an estimated $2.88 billion was lost to cybercrimes due to lack of insurance.

While corporates have slowly begun using insurance as a risk-mitigating tool, individuals and small businesses remain largely unaware and become easy targets for scamsters. With fraud techniques constantly evolving, the insurance industry too is developing products that can cover almost all types of fraud. These products need to be increasingly effective and affordable, as insurance alone can provide that final protective umbrella to individuals as well as corporates against cybercrime. 

Also Read: Why JLR's £2 Billion Loss Could Change Corporate Insurance Forever