In the early 2000’s the National Insurance Commission had invited a cybercrime expert as a guest speaker during one in the series of its monthly interactions with CEOs and other executives of insurance companies. At that forum, the expert detailed the shape of crimes in the digital space, the Internet of Things (IoT) and the emergence of new risks, majorly spurn by high volumes of online transactions and online payment systems. After that, there was no major shift by insurers to develop a business case for the type of emerging risks and the type of protection to offer individuals, governments and corporate organizations.
The expert who spoke at the event mentioned here came from one of the government agencies.
Fast forward to 2023 and NAICOM is in collaboration talks with NITDA on the issue of insurance protection for online assets. Interestingly, the collaboration was not at the instance of the insurance regulator but the rapprochement emanated from the management of the National Information Technology Development Agency (NITDA) led by its DG and CEO, Kashifu Inuwa Abdullahi.
This visit ought to have come from the insurance market if was ready to offer cyber insurance services to the new economy. Both NAICOM and NITDA agreed to partner in rolling out a process to protect the country’s digital economy.
The well-intended purpose of the visit, according to Abdullahi was “to activate the process of institutionalizing cyber insurance to help strengthen the digital ecosystem in Nigeria”.
The good news is that cyber insurance is being sold and purchased in Nigeria by organisations who need it – and many serious businesses do need it – and fronted by local insurers. Most local insurers do not have the expertise to underwrite this type of insurance. In addition, the curriculum of the Nigerian insurance institute has not reflected training in this aspect. Whereas the digital economy and payment system are growing exponentially, insurance technology and cyber-attack coverage have not kept pace with this development.
Cyber Insurance and Fraud of the Now and Future
The Nigerian Communications Commission claimed Nigeria losses about US$500 million yearly to cybercrime and in 2020 FBI ranked the country 6th in its global crime victims’ report. In another report, officials of NCC say the surge in financial fraud and cybercrimes have put at risk a monthly average of N30.2 trillion in electronic payment or e-payment transactions.
Officials fear that “cybercriminals are getting adept in the clean sweep of bank accounts of unsuspecting users” and therefore jeopardizing the convenience of the e-payment and the widespread acceptance by Nigerians.
Three areas of great concern to the digital economy regulators – are financial fraud, telemarketing fraud, money laundering and terrorism including ransom and kidnap. The most occurring is financial fraud and telemarketing. While financial fraud targets the bank’s e-payment system, telemarketing also targets both individuals and organizations through their social media products and services display.
However, while banks are confronted with a dearth of IT staff to swiftly respond to cyber threats, the compromise of bank accounts is expected to get worse. Several cyber alerts issued by NCC each year are indicative of the level of threat and danger to the financial system and online business.
Indeed, cybercrime has been projected to worsen as e-payment transactions gain more patronage. Statistics from the Nigeria Inter-Bank Settlement Systems (NIBSS) showed that transactions worth N32.3 trillion were performed electronically in August last year, a volume that has been on steady monthly growth through the NIBSS Instant Payment platform (NIP), bringing the total value of e-payment deals in the first nine months of the year to N271.5 trillion.
Recovery from Cyberattack
The most important loss in a cyber-attack is data and data protection is being breached at an alarming rate as criminals discover vulnerabilities in the systems. Recovery from data loss is the most difficult for organisations while financial losses are the least of the problems yet enterprises are increasingly losing money through a data breach
Typically, insurance covers data breaches like incidents involving identity theft, cyber-attacks on your data held by vendors and other third parties, and network breaches worldwide (notwithstanding the jurisdiction of the organization)
Terrorist acts could also target important organizations to steal data for financial fraud or to gain insight into specific organizations’ products, service templates and or economic intelligence espionage.
The first line of defence is the first-party cyber policy which protects the organisation’s data, including employee and customer information. Coverage usually extends to legal, regulatory obligations, recovery and replacement of stolen data. Loss of income due to business interruption, reputation and crisis management costs in addition to forensic audit costs, fines and penalties associated with the cyber event must be factored into the insurance coverage.
The third-party claims do occur often in a cyber-attack suit and it is important to cover such liabilities. Data exposure of customers is a common occurrence. Thus, losses related to defamation, copyright and trademark infringement would come to the fore.
Is Nigeria’s insurance market prepared?
Consequently, the first line of action should be for NAICOM to audit itself and the industry for the technical readiness to offer cyber insurance on the scale that the digital economy requires. Thereafter, structure and integrate into the CIIN curriculum the study of cyber insurance. Prior to this, NAICOM as the insurance regulatory agency of the government would unambiguously advise government authorities to strengthen the institutional framework – legal, financial and judicial processes that allow due methods in the trial of offenders. The recovery mechanism should also be part of the process to be augmented so that insurers can recover financial losses.
It would be right to say that the Nigerian insurance market would be ready if the system is ready. As it is today, insurers would record astronomical losses including fraudulent claims if managers of the digital economy do not build a strong technical foundation for the cyber insurance coverage to thrive.
Certainly, fidelity guarantees and money insurance have moved away from the vaults to the digital space. Only insurers with temperate risk appetite can find where the cheese has moved and make a timely kill with innovative and typically Nigerian type of cyber insurance offerings. Insurers may also push for stronger plea bargains in order to recover more from culprits after payment of claims.