Cyber Insurance in Nigeria, an untapped diamond in the rough
Cyber security challenge across the globe is being fought with various measures to sail ahead of its dangers or at least cushion its effects when it strikes organizations. This move has led to cyber insurance which in Nigeria still remains fertile and untapped. BusinessMerticsNG reports.
The Africa’s largest economy has over the years counted losses to the incidence of cyber attacks which have continued to affect businesses and corporate organizations of both private and public statuses in diverse ways.
Observers have attributed this to various factors ranging from technical to social imbalances that are characteristics of the society in which the businesses operate, coupled with evidence that many of the attacks also originate from outside the shores of the country as cyber attacks respect no territorial boundaries.
In a recent discussion around the unabated raid of cyber criminals on their victims, sources within the Central Bank of Nigeria said that the growing population of tech-savvy youths alongside growing unemployment and poor orientation that leads to greed among the youths are partly responsible for cybercrimes perpetrated in-country.
However, a report by Kaspersky, a global cyber security company, recently gave a heads up to businesses in Nigeria that a particular Russian-based group of cyber hackers was targeting sub-Saharan African countries with a tendency to attack Nigerian organizations more in the process.
This emphasizes the notion of cyber attacks as ‘a vice with no bound’, a fact that has made dealing with it a hard nut to crack for individual authorities across nations.
It is on the back of these developments that insurance companies across the world, particularly in advanced countries, are rolling out insurance policies to cushion effects of cyber attacks when it happens to organizations.
The Cyber attacks trend
Considering the fact that the more risks involved in a business, the more its owners see the need to bring it under an insurance cover as they assuming the worst, one can easily appreciate the imperatives of having a robust cyber insurance market in the country.
This is supported by the excruciating past records of losses to the scourge and constant scary projections that are heralding uptrend in cyber attacks in years to come.
According to a recent report by Sophos, lot less than 86 per cent of businesses and organizations in Nigeria are experiencing cyber attacks at any given time.
This record puts Nigeria just behind India, which has the highest record of 93 per cent of companies suffering from cyber attacks and cloud data breach incidence across the globe.
Taiye Lambe, founder and CTO of Cloude Assurnace, has also explained said that cybercrimes cost African economies $3.5 billion in 2017.
According to him, “In that year, annual loses to cybercrimes were estimated for Nigeria at $649 million, and Kenya, at $210 million. The FBI also estimated about $26 billion global losses to business email compromise between 2017 and 2019.”
It has also been revealed that 54 per cent of businesses are attacked at least once in 2018, when global loss was estimated at $1 trillion, and in the same year, 60 per cent of Nigerian companies were affected. Meanwhile, 92.4 per cent of attacks come via email, according to a report by Sidmack.
In Nigeria, a 2019 Ponemon Institute research put the cost of data breach in the Nigerian banking system at $3.92 million, an equivalent of N14.3 billion.
The latest “Africa Cyber Security Report – Nigerian” also revealed that various corporate entities in Nigeria and individuals collectively lost a total sum of $800 million to cyber attacks in 2018.
This figure reflect an increase of 27 per cent in cyber attach trend in 2018, compared with $649 million lost to the scourge in the previous year, 2017.
The list is endless as concerned parties continue to launch surveys and investigations into understanding the dynamics and gravity of cyber crimes on companies and economy, hence, the many estimated losses reported from time to time.
Experts have given expectation of cyber attacks and cyber security in Nigeria and none of the projections made so far suggests a respite of the social vices in the long run.
According to experts, this is supporting the need to create a cyber insurance market to militate against these envisaged dangers as one of measures to combat it.
For instance, latest surveys by the Telemanagement Forum and Communications Fraud Control Association have alarmed that Nigeria telecom industry alone may lose N141.1 billion to frauds.
Industry experts say telecoms fraud is often perpetrated by insiders or hackers who use unlawful methods to obtain call or data services without paying. They are said to ride on the same cost, marketing, pricing, network design and operations of legitimate network operators.
TM Forum estimated that revenue leakage for Africa in 2018 was five per cent of the annual revenue of operators.
Kaspersky Lab, a leading global cyber security firm, also warmed that starting from 2020, Nigeria alongside other countries in the Sub-Saharan Africa, is now attack target of a Russian hacking group.
Researchers at the multinational cyber security firm said they have discovered thousands of notifications of attacks on major banks in Sub-Saharan Africa.
The malware used in the attacks indicates the threat actor is most likely to be the notorious silence hacking group, infamous for the theft of millions of dollars from banks around the world, Kaspersky researchers warned.
Leading accounting and consulting firm, Grant Thornton, said in its ‘Cyber Trends in 2019 and Predictions for 2020’ report that cyber attack would continue to rise. It noted that with 5G and Internet of Things (IoT) devices arriving on the horizon, data speed will increase but the speed of cyber attacks would also rise.
“Cyber attacks are on the rise and will continue to rise. It’s not a matter of if but a matter of when. A framework-driven approach with continuous monitoring will help companies monitor their cyber security posture and address incidents proactively,” said Akshay Garkel, Cyber security & IT Risk Advisory, Grant Thornton India LLP.
Targets of Attacks
As already indicated in the analysis so far, almost every sector and even individuals with something to lose to cyber attackers can always be a victim, albeit, some sectors constitute the prime list of the preying perpetrators.
According to the Central Bank of Nigeria, the financial service industry is always the first on the list as direct huge sums of money is involved. If they can succeed, they will go away with handsome amount, the apex bank explained.
While other sectors such as telecoms, health, education, oil and gas and many others are also well targeted for various reasons, some experts believe that the latest trend shows that any sector can be victim, pointing out that even small and medium enterprises (SMEs) have been prime target in recent years.
“Instead of attacking one big bank and be arrested, they prefer to attack 1,000 SMEs and extort them for money, knowing that the small businesses can be easily vulnerable” said, Olumuyiwa Awosile, an experts that belong this school of thought.
This assertion is being supported by the fact that many more companies and individuals are migrating their operations and activities online, especially as this has been further accelerated by the Coronavirus pandemic and each country’s aggressive drive to achieve digital economy.
Global Cyber insurance market
With the growing awareness on insurance, surging number of cyber-attacks, and increasing government regulations, the profile of cyber risk management firms is becoming better, according to Prescient and Strategic Intelligence.
This factor is set to prove instrumental in driving the cyber insurance market at a 26.3 per cent CAGR between 2020 and 2030, thereby leading to an increase in the industry size from $5.573 billion in 2019 to $70.671 billion by 2030.
Additionally, due to the implementation of cyber-risk regulations, companies are adopting mitigation solutions, which are rapidly being provided by insurance firms, to deal with such risks.
In the global terrain, insurance firms provide cyber attack-related financial loss prevention, risk mitigation, and loss compensation services. They create valuable data sets from information related to cyber-attacks and their financial impact on an entity and successful strategies to mitigate the risk, to model cyber risks and rate future customers.
Recent development in the cyber risk segment of the global insurance market has been attributed to COVID-19, which has stimulated more migrations of companies into the cloud but which also exposed them to more cyber dangers.
Nigeria missing in the picture
As the global cyber insurance market is expected to hit $70.671 billion by 2030, insurance companies in Nigeria are missing in the picture.
BusinessMetricsNG gathered that currently in the country, there is no single operator with any insurance product or package that caters for cyber incidence despite the obvious opportunities created for market players by incessant attacks for in the sector.
“There is no one in the Nigerian market right now that I know. Also, I don’t want to mention names now because it is still in the work. There is a particular key establishment in the financial sector that has realized that that e-payment and other forms of e-transactions are vulnerable to cyber crime and so, I believe the body is working on a policy that can cover such cyber crimes,” said Francis Ewherido, managing director of Titan Insurance Brokers Limited.
Other players who also believe that a policy is being developed to address cyber risk management in the country said ‘the work on the policy couldn’t have gone far. If not, it should have become the talk of the industry because of the vacuum such a policy is coming to fill’.
Further findings from operators in the Nigerian insurance market show that the operators are been wary of dabbling into cyber insurance, believing that the terrain is technical and complex compared to other segments of the market.
They believe that the risk factor is high and sophisticated such that players must take their time to do thorough assessment of any policy eventually introduced to guide activities in the market.
They maintained that there can always be loopholes in a policy that seek to make provisions for cyber insurance which may later be exploited to expose insurance companies to unnecessary risks and claims. “That’s why we are being careful,” they said.
Meanwhile, several calls put across to sources within the National Insurance Commission (NAICOM) including that of its DG, were not acknowledged as we approach them to find out more about policy frameworks on cyber insurance in the country.
Despite operator’s fears, they cannot deny the huge opportunities that cyber insurance has created across many countries in the world as they acknowledged that Nigeria has similar potentials if the similar move is made in the country.
LeLaw Barristers & Solicitors said in report in June that cyber insurance is a fertile land of opportunities that is yet to find its footing in Nigeria.
Apparently, lack of awareness and underwriting experience, dearth of industry data on cybercrime and related losses, cyber risks unpredictability, and high correlation of one type of cyber risk with another could be some of the debilitating factors, the firm said.
Many of the Nigerian operators believe that the huge loss to cyber crimes and its pervasiveness and tendency to continue rising justifies how much value cyber insurance can add to the country’s economy.
“There is huge opportunities in that area but operators need to come together to come up with an enduring and watertight policy that can take care of it and at the same time, it has to be well crafted, block all loopholes so that the expected opportunities will not become another burden,” a player told our correspondent.
With the unabated incidence of cyber attacks and increased migration of operations to the cloud, insurance operators and regulators in Nigeria can work to towards building the cyber insurance market and harnessing its huge potential economic benefits. But before that, they need to work out an effective policy framework.