REGULATION AND IMPLEMENTATION OF CYBER INSURANCE

Law Number 40 Year 2014 concerning Insurance and its implementing regulation do not specifically define the meaning of cyber insurance. However, in short, cyber insurance may be defined as insurance providing protection over risks occurred to computer system and data. Based on its character, cyber insurance may be classified as a part of general insurance, namely a business of insurance service providing a compensation to the insured or policy holder due to loss, damage, incurred cost, profit loss, or legal liability towards third parties which may be suffered by the insured or policy holder due to an uncertain event.

The main object of cyber insurance is protection over software and data. Risks secured by cyber insurance cover (i) risk on business disruption as a result of cyber attack, (ii) computer fraud, (iii) protection over data privacy regulation and fine, (iv) cyber blackmail, and (v) loss of digital assets.

The number of insurance companies providing cyber insurance service in Indonesia is still very low and only dominated by international top tier insur- ance companies. Pursuant to information from the Executive Director of General Insurance Association of Indonesia (Asosiasi Asuransi Umum Indonesia – AAUI), until 2017, no more than 10 insurance companies provide such cyber insurance. The Insurance companies providing such cyber insurance include inter alia PT Asuransi Tokio Marine Indonesia, PT AIG Insurance Indonesia, dan PT Chubb General Insurance Indonesia. SCN/HES