How cyber insurance can protect Nigeria’s digital ecosystem

By Cynthia Ezekwe.

The rapid digital evolution in Nigeria has enhanced financial performances of Nigerian companies and businesses through the acceleration of efficient workflows,modernised legacy processes, and consequent  profitability.

However, the digital ecosystem is a double-edged sword that can result in heavy financial losses through cyber attacks, poor management and unforeseen factors.

Thus,it has become a point of necessity  for firms, organisations and institutions to have a cyber insurance cover that  addresses risks associated with technology to protect  businesses from liabilities that may arise as a result of a breach in the business network infrastructure.

Cyber insurance, according to experts, is an insurance cover  that safeguards firms against financial losses, reputational and brand damage caused by cyber incidents, including data breaches and theft, system hacking, ransomware extortion payments and denial of service.It is also described as a contract that an entity can purchase to help reduce the financial risks associated with doing business online.

Swiss Re Institute (SRI), a leading provider of reinsurance and insurance, reported that the global cyber insurance market has tripled in volume in the last five years, expanding to gross direct premiums of around $13 billion in 2022.

Also, Fitch Ratings projected that by 2026, the global market for cyber-insurance will be worth over $28 billion.

Despite the fact that this insurance sector is fast-gaining global recognition as more businesses are connecting to the internet for daily operations, cyber insurance is often overlooked by Nigerians.

Many Nigerians do not consider how to best safeguard their personal lives, businesses, or transactions in light of its global importance, as most people have the notion that cyber insurance should only be adopted by financial institutions and large companies.

Recent findings have shown that despite the growing concern about cyber security, Nigeria still lags far behind, either as a result of lack of understanding and awareness of the product or a lack of incentive for insurance providers to offer cyber insurance products for the Nigerian market.

Temitope Adaramola, assistant executive secretary of the Nigerian Council of Registered Insurance Brokers (NCRIB), pointed out that less than 10 per cent  of underwriters were offering cyber-insurance policies through international brokers.

“In order to fill this gap, stakeholders and regulators must act quickly to create a regulatory framework that makes it easier for cyber-insurance companies to expand in Nigeria,” Adaramola suggested.

Oyetola Atoyebi, managing partner, Omaplex Law Firm,in a report titled “The Necessity For Cyber Insurance In Nigeria”, explained that adopting solid cybersecurity measures is of immense importance in any business structure or organisation, owing to cyber-attacks that can lead to mishandling and exposure of sensitive data, revenue loss, among other things.

Highlighting some of the benefits of  cyber insurance, Atoyebi noted that cyber insurance covers loss of company’s activities disrupted as a result of cyber-attacks. He also disclosed  that first-party cyber  insurance provides financial assistance to mitigate the impact of data breaches and cyberattacks for companies, covering the costs of communication with affected customers, providing credit monitoring and other recovery activities.  He explained  further that third-party cyber insurance provides liability protection, in case the insured company makes a mistake that results in a client suffering a data breach or cyberattack.

The report pointed out that any digital asset lost due to a breach by cybercriminals, may be covered under the insurance policy, and will mitigate the loss that will be incurred by the breach, as well as  protecting company or businesses  from the overall cost of the security fixes, identity theft, and the costs of possible legal action.

To this end, Atoyebi called on government agencies to collaborate with the National Insurance Commission (NAICOM), to develop necessary guidelines that will guide insurance organisations in the issuance of cyber insurance policies, pursuant to section 7 of the NAICOM Act.

He also charged NAICOM and other relevant agencies to engage in regulatory discussions beyond the national boundaries,to ensure that the evolving environment of cyber risks and cyber insurance are better monitored and evaluated, to achieve effective collaborative actions against cybercrimes.

In a similar vein, the risk-based cybersecurity framework developed by the Central Bank of Nigeria (CBN) stipulated that the security assurance programme for Payment Service Providers should take into account cyber-insurance coverage.

Against this backdrop, the National Insurance Commission (NAICOM), led by Sunday Thomas, the commissioner for Insurance/CEO of NAICOM and the National Information Technology Development Agency (NITDA), led by Kashifu Abdullahi, director general/CEO,  have agreed to activate the process of institutionalising cyber insurance to help strengthen the digital ecosystem in Nigeria.

Both agencies admitted that cyber insurance  has become necessary in view of growing e-payment transactions, which according to the Nigeria Inter-Bank Settlement Systems (NIBSS) has risen to N38.9 trillion in November 2022 and growing by 50 per cent year on year.

Allianz Nigeria Plc, in an interactive webinar titled ‘The Ever Increasing Impact of Cyber Attacks: A case for Cyber Insurance’, revealed that 71 per cent of security professionals had reported an increase in cybersecurity threats or attacks since the Covid period.

Speaking intricately on how to mitigate the risk of cyber-attacks,Aima Higo, unit head of reinsurance at Allianz Nigeria Insurance, said that understanding cyber security is the first step in protecting businesses and clients in a connected world, emphasising that risks can only be reduced to an acceptable level through the implementation of a set of measures and the acquisition of cyber insurance.

According to Higo, though there is no 100 per cent security in the cyber domain, dangers can only be reduced to an acceptable level by implementing a set of actions and by getting cyber insurance.’