Expand cyber insurance coverage in Kenya to step up cybersecurity

DNIRACHAIR1602D

Mwambu Mabonga at the IRA's Upper Hill office on February 16, 2023. President Ruto has revoked his appointment as the chairman of the Insurance Regulatory Authority (IRA). PHOTO | DIANA NGILA | NMG 

By  BENARD ALOO

Increased Internet access and usage in Kenya has prompted organisations to expand their digital footprints by providing services online.

Financial institutions, for instance, have had to adapt to technology-based service delivery and customer self-help services that have in turn exposed them to massive cyber threats.

The Kenya Computer Incident Response Team (KE-CIRT), a multi-agency collaboration framework responsible for the national coordination of cyber security, identifies ransomware, malware, and phishing attacks as the most common cybersecurity risks in the country with financial institutions the biggest targets.

Check Point Research, a global cybersecurity vigilance group, placed Kenya among high-risk countries in its cyber threat risk analysis for 2022.

But the growth of cyber risk insurance, once touted as the next big thing in the Kenyan insurance industry, is being hampered mainly by insurers’ processes and premium-related concerns.

Lack of personnel to analyse risks, financial capacity and underwriting challenges are some of the issues that have forced local insurers to pass off the underwriting capacity to foreign firms more familiar with the concept.

The Association of Kenya Insurers (AKI) has admitted in the past that local insurance industry players lack the capacity to price and offer indemnity covers for cyber insurance.

As cyber threats continue growing in the country, insurers will have to partner with cyber specialists to develop products that focus more on providing security solutions to organisations to minimise risks of exposure.

That way, the insurers are able to maintain a business edge while cyber hygiene becomes a culture within their clientele.

The rigorous underwriting processes decried as a hindrance to small and medium enterprises to take up cyber insurance would eventually help these institutions in the long run by offering them an opportunity in meeting regulatory frameworks on best cyber practices.

Insurers will have to enforce an agreed threshold before onboarding a client that ensures enough protection focusing on adopting preventive rather than compensatory mechanisms.

This should probably start with regulation requiring any entity that uses technology and the Internet in its operations to get a cyber insurance cover.

The Insurance Regulatory Authority (IRA) should agree with insurers on cybersecurity frameworks that do not derive strength from government control and enforcement.

PAYE Tax Calculator

Note: The results are not exact but very close to the actual.

Get it First!

Stay up to date on the editors' picks of the week.

Latest

  1. PRIME Christine Nkonge’s fears in midlife self-discovery

  2. Align petroleum and electricity infrastructure with energy shift

  3. Implement county industrial hubs to unlock manufacturing potential

In the headlines

View All