“When SMEs Are Protected, India’s Growth Engines Roar”: Mr. Sanjay Joshi, CMD, The Oriental Insurance Company

India’s 6.3 crore small and medium enterprises are more than just commercial entities. They are the beating heart of the economy, contributing over one-third of GDP and powering nearly half of India’s exports. Their growth trajectory will define the country’s ability to achieve its ambition of becoming an economic powerhouse by 2047. But as SMEs digitise rapidly, they face a parallel challenge that could derail their progress: cyber risk.

Speaking at the launch of the ‘Cyber Vigilant SMEs’ initiative by SME Communities in association with FIEO, at Chennai, Mr. Sanjay Joshi, Chairman and Managing Director of The Oriental Insurance Company, struck a note of urgency. “Cyber hygiene is no longer optional – it is a business survival skill,” he cautioned, underlining the widening gap between the sophistication of attackers and the preparedness of India’s smaller enterprises.

The scale of the problem is staggering. At any given moment, millions of cyberattack attempts are made across the globe. Contrary to popular belief, the most frequent targets are not governments or large corporations, but SMEs – entities that are often under-protected, under-funded and under-aware. Research shows that only 13% of SMEs have a formal cybersecurity policy. Ransomware, phishing, insider threats and cloud attacks dominate the threat landscape, but many enterprises fail to put in place even the most basic safeguards. “Without awareness, prevention and response systems,” Mr. Joshi noted, “insurance companies will either deny coverage or impose steep premiums for minimal protection.”

Oriental Insurance has been in the business of risk protection since 1947, working alongside SMEs through cycles of change. In the context of cyber risk, Mr. Joshi framed insurance not as a piece of paper but as a test of preparedness. “Cyber insurance is not just a policy – it is an inspection of your cyber readiness,” he said. For SMEs to secure affordable, meaningful coverage, they must first build resilient digital foundations.

That foundation, he explained, rests on a set of practices that insurers increasingly consider non-negotiable. Enterprises are expected to deploy multi-factor authentication, strengthen endpoint detection and ensure secure backups in offsite systems. They must also demonstrate that they have business continuity and disaster recovery plans, conduct regular vulnerability assessments and enforce strict access controls. Equally important is the cultural dimension: leaders must build awareness among employees, create documented incident response frameworks and recognise that cyber readiness is not the sole responsibility of IT teams but a leadership imperative. “Think of it as a business fitness regime, not a one-time activity,” Mr. Joshi emphasised.

Once such measures are embedded into operations, cyber insurance becomes an essential complement. It ensures that when incidents occur—as they inevitably will—SMEs can recover without crippling losses. In today’s hyper-connected economy, survival depends not just on how enterprises grow, but on how they withstand shocks.

Mr. Joshi made it clear that Oriental Insurance intends to play a proactive role in this transition. The company is working to design affordable products tailored to SME realities, while collaborating with cybersecurity experts to provide end-to-end support. More ambitiously, Oriental Insurance is developing integrated policies that cover not just digital risks but also factories, shipments and workforce under a single umbrella package. For SMEs long frustrated with fragmented cover, such comprehensive protection could be a game-changer.

Perhaps the most significant takeaway from Mr. Joshi’s address was the call to reframe how SMEs perceive cybersecurity. Too often, entrepreneurs treat it as a compliance headache or a discretionary cost. That mindset, he warned, is untenable. Cybersecurity must be seen as a catalyst for continuity – a means of protecting customer trust, safeguarding data and ensuring competitiveness in a digital economy. “When SMEs are protected,” Mr. Joshi concluded, “the growth engines of the Indian economy do not just run, they roar.”

The Cyber Vigilant SMEs initiative, curated by SME Communities, aims to institutionalise this message. By convening entrepreneurs, insurers, policymakers, and technologists, it seeks to mainstream cyber awareness as a central plank of SME competitiveness. For SMEs, the path ahead is clear. They must recognise the risk, invest in basic hygiene, hold leadership accountable and treat cyber insurance as an ally rather than an afterthought.

The journey of India’s SMEs has always been one of resourcefulness and reinvention. In the digital age, their ability to embed cyber vigilance into that journey will decide whether they remain vulnerable targets – or emerge as resilient engines powering India’s economic future.