As hacking attacks rise within financial institutions, government systems and businesses, cybersecurity insurance is expected to become crucial.
Insurance and cyber security analysts say the cybersecurity insurance market is yet to develop like other policies but it is seen as the next big thing.
“It has been there but growing slowly. Certainly, it is going to increase because you realise at some point we didn’t have any,” said the Association of Kenyan Insurers (AKI) Executive Director, Tom Gichuhi.
“Everybody is exposed and especially if you are dealing with data. For instance, take the current Supreme Court case on whether the Independent Electoral and Boundaries Commission (IEBC) servers were hacked. It gives you an idea about what we are dealing with.”
Hacking attacks on Kenya’s financial systems, including mobile banking, rose nearly three-fold to 444 million in the year ending June 2022, according to data by the Central Bank of Kenya (CBK).
This was a sharp jump from 158.4 million a year earlier as more people worked from home, ordered products online and made payments via mobile phones.
Currently, four insurers - AIG, Britam, CIC and Fidelity Shield - are offering cyber insurance. The industry has about 56 insurance firms.
For a long time, cybersecurity insurance market has been a soft market. But, Sophos, a global software security company says it is hardening as cyberattacks evolve.
So, how does a cybersecurity cover come in handy?
If a company has been hacked and its systems are down for one week, an insured business can recover revenue lost for that week, says Ezekiel Macharia, CEO Kenbright.
Mr Gichui points out that the cover is extensive and does not come cheap because of the magnitude and frequency of the loss. "The issue of cyberattacks and risks has become common.”
In case of hacking or a cyber event, coverage could include the cost of restoration, lost income, public relations costs in case of data breach and legal fines.
“Most people are not taking the cover maybe because they don’t know or understand the product. Just like other covers, it may be considered a luxury and not a risk mitigation way,’’ notes Mr Macharia.
Sophos expects the increasing costs of recovery from a cyberattack to drive the growth of the cyber insurance market.
“Cyber insurance has, until now, been a ‘soft’ market, characterised by high capacity and low premiums. However, the market is starting to harden as insurers see their payouts rising faster than the income from premiums: the industry’s loss ratio has risen,” added Sophos.
“While some organisations already have some cyber insurance coverage, many are finding the bar for renewal is getting higher as capacity shrinks – and premiums are going up. It’s also getting harder for many organisations to get insurance in the first place as the underwriting process grows more rigorous and overall capacity drops,”
Mr Macharia offers that the premium may cost five percent more than the limit an insurer would pay, usually determined by revenues.
Cyberattacks have become a key risk to businesses in Kenya on the increased use of mobile and internet banking that has exposed customers to cybercrime, especially fraud, malware, and phishing attacks.
Financial malware includes viruses that are designed and developed to retrieve financial information and steal money from individuals and firms.
Kenya’s highly digitised economy linked with mobile money through telcos and banks has made the country a target for cybercrime and online fraud, with banks losing hundreds of millions annually.
The growing use of cloud computing services has accelerated the interconnectedness of the business environment, increasing exposure.
But it is not just the big companies that are vulnerable to attacks. SMEs in sectors such as trade and logistics, partner networks, and digital ecosystems have increasingly been targeted.
Data by Kaspersky, a cybersecurity solutions and services provider, show small businesses in Kenya face a 47 percent increase in cyberattacks in 2022 with the Africa Cybersecurity Congress Agora Group co-founder and chief executive Hadi Maleb saying that more than 90 percent of business owners are unaware that their enterprises are at risk of growing cyber threats.
According to the Allianz Risk Barometer 2022 report, the most feared cause of business interruption is cyber incidents, reflecting the rise in attacks, the impact of companies’ growing reliance on digitalisation and the shift to remote working.