CONTACTS: +254 726879488 (Mobile)
+254770 455 116 (Office)
By Steve Umidha
Kenyan companies are staring at losses running into hundreds of millions of shillings in cyber-related crimes amid revelations that local underwriters are unable to offer cyber insurance to protect their businesses.
The Association of Kenya Insurers (AKI) Chief executive Tom Gichuhi in a rare admission, revealed that local insurance industry players lack the capacity to price and offer indemnity covers to protect firms exposed to ransomware.
“This is an area we are running short of and not just here but globally,” disclosed AKI boss, warning that such exposures are likely to increase owing to the absence of professionals in the cybersecurity insurance space.
The severity of financial consequences will be profound, according to Gichuhi who reckons that the huge costs incurred in cyber breaches and the amount paid to the affected companies in claims, has rendered local insurers powerless in their pursuit to tap into the growing demand for cyber insurance, a condition that could keep the industry from veering into disaster.
“Financial capacity, underwriting capacity and lack of personnel to determine such risks has been the challenge and it is also a new area and estimating such costs is not easy,” argued Tom, disclosing that most Kenyan insurers are passing on such offers to foreign firms familiar with the business.
Cyber insurance premiums can cost from $650 to $120,000 annually, it could be more.
The association’s revelations spell doom to businesses amid rising cases of hacking activities targeting corporations seen to be spiking since the pandemic hit as digital thieves took advantage of weakened security as the pandemic forced new work-from-home policies.
In fact, according to recent statistics by the Communication Authority (CA), it is estimated that Kenya’s economy lost in excess of Sh 35 billion due to cyber-attacks after having reported more than 56 million cyber threats for the quarter ended, December 2020, a 59 percent increase from threats detected in the previous quarter.
The situation worsened this year with CA data showing that a whopping 38.8 million cyber threats were detected in just three months to June 2021, a 37.3 per cent jump from the 28.2 million cyber-criminal activities identified in the first three months of the year.
The authority attributes the worrying trend to the rise in impersonation, online fraud and abuse cases arising from increased use of the internet.
“This increase in cyber threat events detected is attributed to the significant increase in targeted attacks at Internet of Things (IoT) devices; increased activity by organized cybercrime groups,” noted the industry regulator in its fourth quarter statistics report.
Cyber insurance carriers are raising premiums and limiting coverage in the face of severe ransomware attacks, just as organizations are clamoring for more protection now and in the post pandemic era.
AKI says recent surge in ransomware attacks is upending the cyber insurance industry, and will push the requirements and cost of coverage sooner rather than later just as more companies need it.
Since March this year, companies are reporting increased instances of pony-trekking mainly through password compromises due to the unprecedented changes in the way firms and their employees are currently forced to do business.
The threat is so critical that the Central Bank of Kenya recently cautioned Kenyan businesses to double their guard against the developing threat of cyber criminals, warning that such attacks are likely to increase in frequency.
“While digitization offers immense opportunities, emerging risks must be kept in view. Cyber security continues to evolve rapidly as more citizens enter the digital realm. Personal Data trails continue to grow exponentially as the pandemic accelerates the digitalization of the global economy.
We must therefore ensure that there are sufficient safeguards against these risks to protect our citizens,” CBK noted.