Cyberspace is a virtual global domain used by all but owned by no one. It is open to attacks or failures from anyone. The size and enormity of this space, often unimaginable. Over the years, it became better appreciated as more people all over the world joined the cyberspace and started making use of it. As we all enjoy the speed, convenience, efficiency of adopting innovative digital solutions in our personal and business lives, our world becomes even more converged on the cloud and through servers that we suppose are secured. How best we can secure our personal lives, business and transactions up in this space are now at the forefront of global recognition. In this light came the discovery of cyber-insurance which according to Fitch Rating has its global worth estimated to increase to over US$28 billion before 20261. Are Nigerian industry players well-positioned to tap into this avenue as cyber-attacks continue to target data especially with the increase of tech start-ups and establishments in the nation? Well, we would find out from this study. The crux of this article is to introduce cyber-insurance as a medium needed to cover business liability on data breaches. It also addresses why companies/businesses need cyber-insurance cover, what is covers, costs, benefits, limitations of its introduction in Nigeria, what corporate entities can do in the main time, the role of government in cyber insurance policies and the role of lawyers in cyber insurance practice.
Interestingly, Cyber Insurance as a product line in insurance has been available for almost 25years and exists today as packaged coverage. It is designed to cover all costs and expenses related to breaches when an organization has been hacked or from theft and loss of client/employee information. Today the cyber insurance market value is over US$7.4billion and will grow to US$28 billion by 2026 and Nigeria loses over ₦127 Billion annually2 to cyber-fraud(about 10% of our GDP) with cyber-insurance covering none of that cost. Similarly, the Global Threat Impact Index 2017 listed Nigeria (and four other African countries) amongst the world's highest risk countries for cyber-attacks. The Federal Government had its fair share of cybercrimes in 2011 when an anonymous Internet hacker group known as “NaijaCyberHacktivists” hacked the websites of the National Poverty Eradication Programme and the Niger Delta Development Commission; the website of the Economic and Financial Crimes Commission was also attacked in 2013. In the Nigerian Electronic Fraud Forum Annual Report 2016, 19,531 fraud cases were documented in Nigerian banks, the traditional channels recorded the lowest number. It also indicated that N2.19bn is lost to electronic payment fraud annually.
You may now want to ask, what is Cyber-Insurance? Cyber insurance essentially entails a contract between an insurer and an individual or company to protect against losses that are related to computer or network-based incidents. It is also an insurance policy that helps protect organizations from fallouts from cyber-attacks and hacking threats. Cyber insurance generally covers your business's liability for a data breach involving sensitive customer information. According to Oellrich, Cyber insurance (also referred to as e-business or network intrusion insurance) is a social scheme that is confronted with the task of protecting companies against losses resulting from failures in computer networks as a result of; Data & Software theft, External hacking, First-and third-party risks Internal sabotage and theft, Computer malfunction, Web content liability, Viruses that impair or damage data, Network outages, Network congestion, Business interruption, E-business extortion, Copyright infringement, Loss of reputation and other areas related to technology. Having a cyber-insurance policy helps minimize business disruption during a cyber-incident and its aftermath, as well as potentially covering the financial cost of some elements of dealing with the attack and recovering from it. It can be an important risk management tool for strengthening information technology security and liability to Tech companies and Nigerian banks.
In Nigeria, there is no operational insurance company that offers policies to protect organizations from information technology-related risks. The lack of growth in Nigeria can be attributed to either lack of understanding and awareness of the product or a lack of incentive for insurance providers to offer cyber insurance products for the Nigerian market. Also, it is not expressly provided for under the Insurance Act, 2004 but a close reading of the law does not expressly prohibit the creation of such policy. Section 2 (5) of the Act3 provides that an insurer “may be authorized to transact any new category of miscellaneous insurance business if he shows evidence of adequate reinsurance arrangement in respect of that category of insurance business and requisite capital where necessary and other conditions as may be required from time to time.” Section 16 of the Act4 similarly provides a framework for approval of a new product. Similarly, the Central Bank of Nigeria Risk-Based Cybersecurity Framework5 provided that cyber-insurance coverage should be considered as part of the security assurance program for Payment Service Providers. Major Fintech Companies are demanding cyber insurance cover over online theft. The Head, Enterprise Risk Management and Compliance, FBN Insurance Limited, Mr. Raymond Akalonu, noted that the cyber-insurance policy being offered in the country was underwritten by international brokers. According to him, re-insurance backing will be required to domesticate cyber-insurance in the country. The Assistant Executive Secretary, Nigerian Council of Registered Insurance Brokers, Mr. Temitope Adaramola stated that less than 10 percent of underwriters were providing cyber-insurance policies through international brokers. This deficit requires prompt stakeholder and regulatory actions to provide cyber-insurance products and engender a facilitative regulatory framework to grow its operations in Nigeria.
Any business with an online component or one that sends or stores electronic data can benefit from cyber insurance. Also, any organization that relies on technology to conduct its operations, especially Tech companies need cyber-insurance. Cyber-attacks will continue to grow over the years and a weak or vulnerable area in an operational entity is all that is needed to suffer damaging exposure to data privacy and information. Aima Higo, Unit Head Reinsurance at Allianz Nigeria Insurance Plc. Said, “Although there is no 100% security in the cyber domain, dangers can only be reduced to an acceptable level by implementing a set of actions and by getting cyber insurance.”6 Private personal data such as contact details of customers or staff, intellectual property, or sensitive financial data are all potentially very lucrative to cybercriminals who could attempt to break into the network and steal it. There's also the potential for hackers to cripple a network with ransom ware. A cyber insurance policy that covers ransom ware could go a long way to helping organizations that fall victim to attacks find a way out of their predicament. Cyber insurance claims can be triggered by many sorts of incidents, but right now the most common is ransom ware, fund-transfer fraud attacks, and business email compromise scams.
It covers the following;
If you have cyber insurance, you can recover first-party costs related to:
As comprehensive as it may be, do bear in mind that cyber insurance does not cover everything. Cyber insurance is still kind of limited compared to the true amount of risk. So do not think that all forms of cyber risk are covered by insurance. The financial damage caused by loss of intellectual property is not covered by cyber insurance and neither the reputational costs that can be incurred following a cyber-attack. It does not cover the loss of potential profits in the future and it also does not allow you to improve your existing internal technology systems or amass the funds to make security upgrades. For example, cyber insurance could payout for the costs associated with dealing with the direct aftermath of a cyber-attack, but in the longer run, the company may lose business due to public perception of having poor cyber-security. A cyber insurance policy will not cover the cost of losing customers due to the bad reputation it picks up as a result of a cyber-attack.
One may now want to ask, how much does cyber insurance cost? The cost of a cyber-insurance policy will depend on some different factors including the size of the business and the annual revenue. Other factors may include the industry the business operates in, the type of data that the business typically deals with, as well as the overall security of the network. An organization that is deemed to have poor cyber-security or has a previous history of falling victim to hackers or a data breach would likely get charged more for a cyber-insurance policy than one that has a good reputation for keeping itself secure.
Cyber-insurance policies are created to suit your needs and offer many important benefits, which may include the following7:
Finally, cyber-insurance allows cyber-security risks to be distributed fairly, with higher premiums for companies whose expected loss from such risks is greater. This avoids potentially dangerous concentration of risk while also preventing freeriding.
Cyber-insurance is still a nascent phenomenon that is yet to find its footing in Nigeria. This is because of lack of awareness and underwriting experience, dearth of industry data on cybercrime and related losses, cyber risks unpredictability, and high correlation of one type of cyber risk with another could be some of the debilitating factors.8 As digital eruption is gradually taking over manual services in every sector, including government parastatals in Nigeria, cyber insurance-related work could also be a goldmine for professional service providers to the insurance industry. Nigerian insurance brokers could leverage these opportunities by partnering with foreign insurance firms with vast experience in cyber insurance to provide various products.
It is pertinent to note that there is no one-size-fits-all solution in Cyber-Insurance. Thus, one must protect his business on multiple fronts.
The potential for cyber insurance coverage to contribute to risk reduction and the management of cyber losses will only be achieved if the market can meet the most important needs of commercial and individual policyholders. The Nigerian Government can potentially play a role in supporting the development of the market and maximizing the contribution it makes to manage this fast-evolving risk by examining ways to address the main impediments to the cyber-insurance market development, particularly across the following priorities:
(i) A common classification of cyber incidents and types of losses;
(ii) A trusted party (e.g. government agency) to collect and report the data; and
(iii) Incentives (or requirements) for reporting by companies affected by cyber incidents and insurance companies that have paid related claims.
Finally, governments can play a role in ensuring that clarity is provided on the extent of coverage for cyber risk included in stand-alone and traditional policies by encouraging the insurance brokers and policyholder communities to develop a common understanding about the appropriate place for cyber coverage and/or establishing requirements for insurers to provide greater transparency on the coverage provided (and losses that are excluded).9 This would be particularly important for SMEs and individuals.
Most of our engagements will be areas that are conﬁdential, which includes:
As the frequency of cyber-attacks continues to increase and cybercriminals get more brazen with campaigns, cyber insurance remains an important consideration for everyone. The more a company depends on technology, the greater is its role. Risk assessment lies on the shoulders of the Company. A data breach can damage more than just your small-business computer system – it can also damage your reputation and put your customers and/or employees at risk. That is why cyber insurance can be a smart precaution for any business.10 We must start to take a more proactive approach to cyber-security now that cyber insurance brokers and lawyers start to serve as risk advisors and a partner for your business operations.
Originally Published 1st December 2021
1 Fitch Cyber-Insurance Rating, 2019
2 The Former Minister of Technology, Adebayo Shittu during a Cyber-security Conference in 2017,
3 Insurance Act, Cap C20, Laws of the Federation of Nigeria 2004.
4 Insurance Act, Cap C20, Laws of the Federation of Nigeria. 2004
5 Appendix III (9) of the Central Bank of Nigeria June Risk-Based Cybersecurity Framework and guidelines for Payment Service Providers
6 Allianz Nigeria Webinar on the “Increasing Impact of Cyber Attacks: A case for Cyber Insurance.” Retrieved from; https://www.allianz.ng/media-center/blog/thought-leadership-on-cyber-insurance.html
7 Neil McFarlane, “Benefits of Cyber-Insurance” 14th November 2017. Retrieved from: https://www.linkedin.com/pulse/benefits-cyber-insurance-neil-mcfarlane
8 Gabriel Fatokunbo, “Opportunity setting; Telescoping Potentials of Cyber-insurance in Nigeria” 25th June 2020. Retrieved from; https://www.mondaq.com/nigeria/insurance-laws-and-products/958258/opportunity-spotting-telescoping-potentials-for-cyber-insurance-in-nigeria
9 For example, the UK Prudential Regulation Authority recently published a consultation paper recommending that insurers explicitly indicate (and charge premiums for) coverage provided for cyber security incidents in traditional policies. In France, an exercise led by IRT System X has resulted in the development of a matrix showing the areas of coverage of cyber risk provided by stand-alone cyber and various traditional policies in the French market.
10 Danny Palmer, “What is cyber insurance? Everything you need to know about what it covers and how it works'' 5th March 2021 Retrieve from; https://www.zdnet.com/article/what-is-cyber-insurance-everything-you-need-to-know-about-what-it-covers-and-how-it-works/
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
© Mondaq® Ltd 1994 – 2022. All Rights Reserved.
Forgot your password?
Free, unlimited access to more than half a million articles (one-article limit removed) from the diverse perspectives of 5,000 leading law, accountancy and advisory firms
Articles tailored to your interests and optional alerts about important changes
Receive priority invitations to relevant webinars and events
You’ll only need to do it once, and readership information is just for authors and is never sold to third parties.
We need this to enable us to match you with other users from the same organisation. It is also part of the information that we share to our content providers (“Contributors”) who contribute Content for free for your use.