This archive report was first published on 10 September 2019.
Kenya's digital economy has made it a prime target for cybercriminals, with a global report by Serianu estimating that the country lost Sh29.5 billion to cyber-attacks last year.
As the number of cyber-attacks continues to rise, local insurers are now offering cyber-risk cover to help businesses fortify their systems. Britam recently unveiled a cyber-risk cover through its subsidiary, Britam General Insurance, which shields firms from cyber extortion, data breaches, loss, damage, and theft or corruption of electronic data.
The cover also includes property damage caused by a network security breach, business interruption, and extra expense caused by system failures. However, industry stakeholders project a slow growth of the new product, blaming its lack of local technical expertise and solid financial backing to underwrite it.
Association of Kenya Insurers (AKI) Chief Executive Tom Gichuhi notes that cybersecurity has an enormous exposure running into billions of shillings and requires a strong balance sheet and local technical expertise. He urges firms to get strong reinsurance support since pricing such a risk is difficult and companies might not be aware of the extent of the exposure.
“If you are going to write a risk like that, you must have the local expertise to be able to underwrite it and also the financial capacity to even retain ten per cent of it or even five, you might end up offloading the entire risk to the international market,” Gichuhi said.
Britam partnered with global insurer Chubb to develop the cyber risk cover, which targets hospitals, Small and Medium Enterprises, parastatals, and financial institutions. Bismart Insurance CEO and founder Eunice Maina Mburu attributes the sluggish market to a weak regulatory environment and high cost of investing in the minimum requirements by the insurers.
Kenya is currently developing a data protection law, which could contribute to the adoption of cyber insurance. Central Bank Governor Patrick Njoroge last year warned directors of financial institutions that they would be held responsible for breaches of customer data.