Stakeholders, however, project a slow growth of the product, blaming it on lack of expertise and solid financial backing to underwrite it.
The Kenyan economy lost more Sh29.5 billion last year from cyber-attacks, a global report by Serianu shows. The fast-growing digital economy has emboldened innovative cybercriminals to make daily attacks.
And with numerous risks, local insurers now want part of the pie - dangling cyber-risk cover as part of a solution to hundreds of Kenyan businesses seeking to fortify their systems.
Listed insurer Britam recently unveiled a cyber-risk cover through its subsidiary, Britam General Insurance.
The cover shields firms from cyber extortion, data breaches, loss, damage, and theft or corrupt of electronic data. It also covers property damage caused by a network security breach, business interruption and extra expense caused by system failures.
SEE ALSO: US says Chinese hacking vaccine research: reports
Digital experts forecast a huge rush by firms to obtain such a cover but with a disclaimer that it will never be a permanent solution to solid cyber resilience. Industry stakeholders, however, project a slow growth of the new product, blaming its lack of local technical expertise and solid financial backing to underwrite it.
There is also a debate on how insurers will factor in and price premiums. Britam’s premiums largely depend on the sectors the firms are involved in, their revenues and the strength of their cyber-security systems. Premiums for hospitals are guaranteed to be higher because of the troves of confidential patient data kept in their systems.
The cover targets hospitals, Small and Medium Enterprises, parastatals and financial institutions. Association of Kenya Insurers (AKI) Chief Executive Tom Gichuhi says cybersecurity has an enormous exposure running into billions of shillings and require a strong balance sheet and local technical expertise. He noted that the local market was yet to properly develop for such a product.
“If you are going to write a risk like that, you must have the local expertise to be able to underwrite it and also the financial capacity to even retain ten per cent of it or even five, you might end up offloading the entire risk to the international market,” he said. He urged firms to get strong reinsurance support since pricing such a risk is difficult and companies might not be aware of the extent of the exposure.
“They must be having very strong reinsurance support. Even internationally, cyber insurance cover is not available from all insurance companies operating in all insurance markets because of the expertise that is required in terms of underwriting it and the availability of reinsurance support in this market,” he said. “The problem with those kinds of risk is to imagine what would be the biggest extent of a loss that you can incur one time for you to be able to price it,” he said.
SEE ALSO: Children at risk as pandemic pushes them online, UN agency warns
“Even Britam, I am sure that they are offloading the biggest portion to the international market to get the global reinsurance support,” he said. Britam partnered with global insurer Chubb to develop the cyber risk cover.
Bismart Insurance CEO and founder Eunice Maina Mburu - an online insurance aggregator, says cyber insurance sounds attractive to the financial services sector as they’ve been among the biggest casualties of cyber fraud.
She attributes the sluggish market to a weak regulatory environment and high cost of investing in the minimum requirements by the insurers. She says the sector would grow significantly once issues such as the data protection law are put in place.
“We have not seen a regulator impose sanctions or fines on a company due to cybersecurity breach, hence the compliance drive has not been significant in promoting cyber insurance,” she said.
“In other countries like EU regulations such as General Data Protection Regulation (GDPR) have contributed to the adoption of cyber Insurance due to hefty fines on organisations due to cybersecurity breach,” she adds. Kenya is currently developing a data protection law.
SEE ALSO: Regulator lacks motive, tools to tap private calls
Central Bank Governor Patrick Njoroge last year warned directors of financial institutions that they would be held responsible for breaches of customer data.
Dr Bright Mawudor, Head of Cyber Security Services Internet Solutions Kenya urged firms to identify their vulnerabilities and risk exposures. “It (cyber insurance) is not coming to solve all problems … companies need to understand that it is just an element of building cyber resilience and it is not a saviour,” says Dr Mawudor.
“You can’t insure an entire company, data is the new oil and cybercriminals will always go for that data.” Dr Mawudor notes that cases of staff being compromised to allow cyber criminals into their systems might rise because they are aware of the cyber insurance. “Staff can now say we have an insurance cover and go ahead and sabotage systems,” he says.
The Communication Authority of Kenya says the cyber threats rose by over 10 per cent in the first quarter of 2019. Safaricom also saw the opportunity and unveiled a cybersecurity solution targeting financial services.
SEE ALSO: Ezekiel Mutua's offer to Mulamwah