The Key Line of Defense Against Mounting Cyber Threats in Ethiopia
Cybercrime has been on the rise in Ethiopia and elsewhere in the world causing substantial financial losses, business interruptions, and impairment to the reputation of endangered companies. Official reports from Information Network Security Agency (INSA) officials indicated that Ethiopia has recorded more than 2,800 cyber-attack attempts during the year 2021, cataloging an alarming increase in such attacks, which is more than double the 1,080 similar cyber-attack attempts recorded during the previous year. Observing the cyber risks affecting Ethiopia, the agency cautioned companies to reinforce their cyber security systems to safeguard against imminent challenges. We have also heard that cyber attacks have been increasing in the country principally in association with the second filling of the Grand Ethiopian Renaissance Dam (GERD).
In Ethiopia, at present cyber security policy and standards, information security law, ethics, and relevant legislation and regulations concerning the management of information in organizations are at the lower stage of development. Ethiopia has issued Computer Crime Proclamation No. 958/2016 to provide focus on appropriate protection and security measures and in consideration of utilization of information communication technology and its vulnerability to various computer crimes and other security threats that can impede the overall development of the country and endanger individual rights. However, it is also known that Ethiopia has to toil a lot in terms of standardizing legal cybersecurity framework, strategy, and governance at the national and institutional levels, and work should be done to create awareness and develop expertise in cybersecurity.
As a result, the exacerbation of cyber-attacks and other digital threats in Ethiopia is paving the way and instigating demand for Cyber Security Insurance. Companies are finding themselves the target of a cyber-attack all too often. So what can companies do? They should eye on cyber risk insurance to transfer part of their risk burdens to insurers, among others. Industry experts forecast the development and growth of the cyber insurance business in the imminent years in Ethiopia. And the pioneers of insurance protection are expected to get first-mover advantages as the demand is mounting.
Cyber insurance: what is it and who needs it
Simply put, cyber insurance is a risk management tool that can help protect businesses against losses resulting from a cyber attack. Subject to the premium and kind of policy, a cyber insurance cover, also referred to as “cyber risk insurance” or “cyber liability insurance” coverage, safeguards businesses to transfer the costs involved with recovery from a cyber-related security breach or similar events. It is a policy that mitigates a business’s financial risk exposure by offsetting costs related to damages and recovery after a data breach, ransomware attack, or another cybersecurity incident. It can shield businesses from the costs of investigations, forensics, compliance fines, lawsuits, and even extortion payments.
Alternatively, there are two major types of cyber insurance coverage: third-party liability coverage and first-party coverage. First-party coverage safeguards companies when they incur expenses from a data breach or when hacked. While third-party coverage offers protection when a customer, vendor, partner, or other party sues companies for allowing a data breach to occur.
Cyberinsurance: Ranking of cyber incidents according to the insured’s claims
|Type of cyber incidents||Share of claims|
|Email compromise / email hacking||23%|
|Violation of data due to employees’ negligence||14%|
|Other viruses/infections linked to malware||6%|
|Loss or theft of data||5%|
* Study conducted by AIG in the EMEA (Europe, Middle East, and Africa) region analyzing claims received in 2018
These days, it’s recognized that the traditional insurance policies stereotypically omit cyber-risks, and cyber security insurance has evolved into stand-alone insurance. Because cyber security insurance is new, policies will vary widely from one provider to the next. Many entry-level cyber security insurance policies only cover first-party losses, but some insurers are beginning to offer policies that cover third-party liability losses as well.
Despite the turbulent environment, cyber insurance is growing at a steady pace. With the digitalization of companies, criminals are targeting the financial sector, government agencies, cities, and non-governmental organizations. According to Standard & Poor’s, the cyber risk market could grow annually by an estimated average of 20-30Pct over the next 10 years. The agency believes that malicious attacks cost companies more than USD700 billion per year while the insured damages are merely estimated at USD5 billion. Munich Re has also estimated the volume of the cyber risks insurance market at USD9.2 billion in 2022. It could reach USD22 billion in 2025 according to the latest estimates. That’s up from USD7 billion in 2020. The booming market is a reaction to the explosion of cyber attacks in the last few years. In 2021 there was a 50Pct increase in cyberattacks over 2020, much more than businesses or insurers expected or budgeted for. The cost of cybercrime is also continuing to increase, expected to reach USD10.5 trillion annually by 2025.
The global insurance market is currently going through a turbulent period marked by the recent occurrence of two catastrophic events, a pandemic, and a war. Most recently the Russia-Ukraine war is forcing insurers to turn out to be more cautious to cover cyber risks globally. On the other hand, the transformation of the conflict into a “cyber war” that could destroy critical infrastructures and block global activity would generate considerable and uninsurable operating losses—a real disaster scenario, feared by insurers. According to PwC firm, the number of cyberattacks targeting healthcare facilities worldwide has increased by 500Pct since the arrival of Covid-19.
Cyberattacks, a risk dreaded by the financial sector
According to reports issued by INSA, cybercrime has become the main threat to the Ethiopian financial industry. Although the industry has proved to be relatively resilient, a large-scale attack could disrupt financial markets, cripple the economy, and negatively impact major financial firms: banks, insurers, and other digital financial service providers. Most of the cyber-attacks had targeted financial and service-providing institutions. Government ministries, regional bureaus, academic institutions, and media houses were also the targets of hackers. In the year 2021, the most repeated attacks were on infrastructure and websites, accounting for 33Pct and 25Pct, respectively. The remaining were malicious software, hacking social media pages, and online frauds. From March 2020 to March 2021, attacks on financial institutions have increased by 38Pct worldwide. The increase reached 238Pct between February and April 2020, a period that corresponds to the appearance of Covid-19.
This is indeed a serious and unprecedented threat that is causing concern among financial authorities. The insurance industry, too, continues to report an increase in the frequency and severity of cyberattacks in conjunction with increasing digitalization.
Although the degree varies, industries within the manufacturing and other sectors are also among the new targets of hackers who are increasingly targeting companies that can afford to pay large ransoms quickly. Other insurance companies are looking very carefully at cyber claims from clients that are vulnerable to hacking (financial institutions, telecommunications).
The way forward: mandatory cyber insurance
The insurance industry is evolving to help your business mitigate risk – specifically, cyber insurance is evolving fast. Cyber insurance offers a safety net for businesses threatened by the rapid growth of insider cybercrime and external cyber threats. In consideration of the proliferation of cyber risks in Ethiopia, insurance companies should come up with solutions to cover Cyber risks. However, most importantly, to create and intensify demand and protect local businesses and companies, the government must set up mandatory cyber risk insurance.
The current situation is so serious that it is forcing the country to work on all available risk management tools and defense lines to safeguard from cyber risks. One thing is certain, cyber warfare will be the next scourge the country has to fight and the insurance industry in Ethiopia should also be responsive to this growing threat.
10th Year •June 2022 • No. 108