Gartner predicts that by 2025, most cyber incidents will stem from human behaviour rather than technology failures, a trend reflected in cyber insurance claims dominated by phishing, credential misuse, and Business Email Compromise. On Safer Internet Day, in conversation with ETCISO, Evaa Saiwal, Head of Liability & Cyber Insurance at Policybazaar for Business, explains why these human-led failures continue to drive cyber losses in India.

Gartner has repeatedly highlighted cyber risk as a top enterprise risk and has predicted that by 2025, a majority of cyber incidents will stem from human behaviour rather than technology failures. In the context of recent ransomware and data breach incidents impacting Indian businesses, what does this tell us about where organisations are still getting cyber risk management wrong?

Most organisations still focus on perimeter defenses, even though breaches often originate from trusted identities inside the network. Identity risk is routinely underestimated, access sprawl, over-privileged users, and inconsistent MFA enforcement across SaaS and email create easy entry points. Too often, cyber is treated as an IT control framework, rather than an enterprise-wide risk discipline that involves finance, HR, procurement, and senior leadership.

When we investigate ransomware or breach incidents, the failure is rarely a missing tool. It almost always comes down to either a compromised credential that should never have had that level of access, or a human decision that bypassed a process under time or business pressure. The real gap isn’t awareness, it’s governance and behavioral enforcement at scale.

From industry-wide claims trends and market data, what are the top three cyber incidents businesses in India are actually experiencing today, not what they fear, but what is happening most often on the ground?

Based on our incident response cases and claims experience, three categories dominate cyber losses, identity-led intrusions, ransomware, often starting from very basic initial access, and Business Email Compromise or payment fraud. What ties them together isn’t a lack of tools or awareness, it’s governance and behavioral enforcement at scale. Strong policies and technology matter, but without disciplined execution and oversight across the enterprise, these threats continue to drive the majority of claims.

In reported cyber insurance claims, how frequently is the trigger something basic like phishing, credential compromise, or poor access control rather than a highly sophisticated attack?

Email and social-engineering driven events are the dominant contributors to cyber claim volume. A recent cyber threat report highlighted that Business Email Compromise (BEC) and social engineering fraud accounted for nearly half of all cyber claims over the past five years. However, whenever there’s any ransomware making news headlines, the initial breach is often surprisingly basic. In fact, a report suggested that more than half of ransomware incidents in 2024 originated from compromised perimeter security appliances. This fact underscores the importance of strengthening the basics and not underestimating the entry points.There have been growing reports of AI-powered fraud, deepfake voice scams, and impersonation attacks targeting finance and HR teams. Are insurers already seeing claims linked to these newer threat vectors?

We have started seeing early signals in claims where the threats are evolving from voice-based impersonation, increasingly targeting finance leaders. AI-assisted phishing is making strategic attacking technique that seems to be more credible, and social engineering is now exploiting organizational workflows rather than just their technical systems.

From a risk standpoint, AI isn’t creating new types of fraud, it’s compressing the effort, time, and skill needed to pull off attacks successfully. What used to take weeks or months can now happen in hours, which makes vigilance, strong controls, and employee awareness more critical than ever.

As Safer Internet Day focuses on safer digital behaviour, what specific cyber controls or practices have you seen make the biggest difference in reducing claim severity or financial loss for businesses?

From my experience, businesses that consistently follow a few key cyber controls see a real difference in reducing claim severity and financial losses. Primarily enforcing a universal multi-factor authentication without any exceptions, especially for email, VPNs, and privileged accounts should be mandatory. Businesses should maintain discipline around least privilege access, avoiding credential sharing, and rapid off boarding of employees who are retiring or leaving the organisation, this strategy pays off.

It is vital to know that backups are critical, but it’s not enough to just have a policy, they need to be tested regularly, including restoration drills, to ensure they actually work when needed. To avoid phishing traps, for payments related actions verification controls must be independent of email instructions.

Finally, role-based cyber training, particularly for finance, HR, and senior management, can be a game-changer. When employees understand the risks and their role in preventing them, businesses not only reduce losses but also build a stronger, security-first culture.

Join the community of 2M+ industry professionals.

Subscribe to Newsletter to get latest insights & analysis in your inbox.

All about ETCISO industry right on your smartphone!