Beyond Firewalls: Every Business Needs Cyber Risk Insurance

Kenya experienced a 943.01 percent increase in cyber threats between October and December last year, a sharp uptick from industry data recorded between July and September 2023. This is according to the 32nd edition of the Cybersecurity Report by the Communication Authority of Kenya. The figure paints the reality of the rapidly changing landscape of cyberattacks, which has become a harsh reality for businesses of all sizes.

From sophisticated malware infiltrating systems to social engineering scams targeting employees, cybercriminals are constantly evolving their tactics, inflicting devastating financial losses on unsuspecting victims. This growing threat has made a strong case for cybersecurity or cyber risk insurance, which offers a critical safety net for operating in cyberspace.

Costs associated with a cyberattack

Cyber risk insurance goes beyond traditional firewalls, providing businesses with financial protection against the costs associated with a cyberattack. This includes covering expenses related to data recovery, forensic investigations, legal fees, and even credit monitoring for affected customers.

Looking at the devastating impact that cybersecurity has on businesses, cyber risk insurance is a worthy investment. In 2022 for example, Kenya suffered approximately $153 million (KES20.4 billion) loss to cybercrime, an impairment that is projected to rise by 14 percent annually. 

While we see a steady rise in cybersecurity threats, Kenya still lags in cyber insurance product development. Part of the challenge is that the country faces a severe deficit of cybersecurity expertise, with a paltry 2,000 available compared to the current demand of between 40,000 to 50,000.

The rigorous underwriting process and financial capacity needed to support it are also key hindrances preventing most insurance companies from developing these much-needed products.

Advancement in technology is, however, providing solutions to some of the challenges. Insurers are now able to leverage AI and data analytics to predict potential risks, evaluate the impact of cyber threats, and develop new products that ensure the safety of their customers. This is important since the growing complexity and frequency of cyber-attacks have made it critical for insurance providers to have a clear understanding of their client’s risk profile.

Cyber security risk analysis

To determine the best coverage terms, an underwriter also needs to conduct a comprehensive cyber security risk analysis of a company’s cybersecurity safeguards. The chosen safeguards, for instance, look into how an individual company chooses web applications, the integrity of their processes, and the controls available to protect systems, networks, programs, devices, and data from cyber-attacks.

Once concluded, insurance companies recommend measures to be taken to reduce the risk of cyber-attacks and protect against the unauthorized exploitation of systems, networks, and cyber assets.

Investments are being made to train and build the capacity of underwriters in preparation for this emerging area of insurance coverage. Kenya Reinsurance Corporation (Kenya Re) has, for example, set up the Kenya Re Academy, which provides free capacity building for experts in the local insurance and reinsurance market.

Through this Academy, Kenya Re provides comprehensive training on reinsurance and direct insurance products to customers as well as bridges the knowledge gap in the industry to enhance expertise in emerging issues such as cybersecurity and climate change.

Reinsurance companies will also have a huge part to play in enhancing the financial and risk-undertaking muscle of primary insurance companies. Working together, reinsurance will be key to absorbing part of the risk insured by insurance companies and providing a capital buffer that then allows insurance companies to invest in more products and services for their customers.

A successful cyberattack exposes companies to imminent large financial losses as well as adverse publicity that may dissuade future customers from seeking business with them. 

Read also: Kenya Re approves record Sh839M dividend

Creating localized capability

As we move along in technological advancement, a cyberattack is no longer a matter of “if” but “when.” That is why businesses need to secure a cyber insurance cover to be cyber-ready. For stakeholders in the sector, the challenge lies ahead on how to make the product readily available, affordable, and tailored to the needs of those who need it.

Existing products are mainly crafted to fit the needs of IT mature entities and may not be both affordable and accessible to all. We see huge growth potential, especially on the retail side of cyber risk protection to cover medium and small enterprises that form the bulk of emerging economies.

There is a need for collaboration between the main actors to create localized capability. Delayed cyber response and stringent pricing of cyber risk continue to derail this product line. As a country, Kenya is among the countries that are cyber-aware nations globally and has among the world’s best cyber forensic labs.

Partnerships between insurance companies, cybersecurity firms, regulators, and reinsurers in Africa have as a result increased financial and technical capacity to foster the development of affordable and easily accessible cyber risk insurance solutions.

The author, Dr. Hillary Maina Wachinga, is the Group Managing Director of Kenya Reinsurance Corporation.

Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.