AN OPEN LETTER TO THE VICE PRESIDENT HIS EXCELLENCY DR. MAHAMUDU BAWUMIA ON CYBER INSURANCE AS PART OF THE CYBER SECURITY STRATEGY
It is an honour to have such a hardworking leader who is very well well-informed about the technological development and trends in the world. Your push for digitization in Ghana is commendable Sir. Kindly let me share this quote from John Q. Adams which says, “if your actions inspire others to dream more, learn more, do more and become more, you are a leader. This is to simply draw your attention to the fact that, most people are happy for your push for digitization agenda in Ghana and this also brings a huge task on you to do more by looking at the bigger picture. With this, I would like to draw your attention to the risks associated with digitisation which include environmental risk, operational risk, third party liability risk, etc.
I am very much aware of the new Cyber Security Authority Act. This is in the right direction. The only thing we need to consider going forward is cyber risk insurance. This is not going to be a replacement for cyber security but part of the measure to contain the residual risk from cyber-attacks and this should be part of the whole cyber security plan or strategy.
As the global economy becomes increasingly dependent on information technology (IT) systems and digital networks, cyber risk has become a great threat. Global annual losses caused by cybercrime have been estimated as high as the U.S.$445 billion (McAfee 2014). According to the World Economic Forum (WEF 2014), there is a 10% probability of a critical information infrastructure breakdown within the next 10 years that might cost about the U.S.$250 billion. In response, insurance companies have started to develop policies to protect against those emerging risks.
We are much aware that various central banks around the world are looking into the possibility of an e-currency or digital version of their physical currency. Our BoG has also announced the possible introduction of e-cedi shortly. This creates a risk exposure in terms of cyber.
Whenever we talk about compulsory insurance, it is a means to protect the vulnerable in society. Cyber risks would have a great impact on third parties who have given out their private information to institutions and also small and medium enterprises that would not have the financial capacity to protect themselves against these cyber risks.
Cyber security, as noted by many experts and also the World Economic Forum (WEF), is too big a job for governments or businesses to handle alone. This makes Cyber Insurance Plan a must for all companies that store customers’ data!
Among the threats to our cyberspace according to the World Economic Forum (WEF), is the danger of digital mistrust which has the potential of hindering full cooperation from many people – hence limiting the potential benefits to us. To reassure all stakeholders in the digital space, there is a need for a robust cyber-insurance market.
Robust cyber-insurance markets can promote the public good by reducing the country’s vulnerability to cyber-attacks and by limiting the need for government support in the wake of such attacks. Moreover, governments play an important direct role in the cybersecurity ecosystem, as they face unique cybersecurity vulnerabilities; and, in some cases, make active affirmative use of cyber-attacks. Given these realities, governments have both a clear interest in promoting more robust cyber-insurance markets and the potential technical means to help do so.
Currently, the infrastructure, users, and services offered in information systems and networks encounter a wide variety of cyber risks caused by different threats, such as distributed denial of service attacks, persistent threats from insiders, worms, and viruses. A typical and effective approach to control these risks is self-protection. Self-protection is a cyber-defense strategy that combines both technical and operational methods to secure the users’ systems directly and reduce the likelihood of losses.
However, this approach often fails to achieve the expected perfect/near-perfect protection owing to some inevitable obstacles. As another effective method of mitigating these risks, cyber-insurance has drawn increasing attention recently.
It is generally recognized that a cyber-defense strategy is incomplete if it defends cyber-attacks by combining only technical and operational/procedural implies. Instead, a complete cyber-defense strategy should include cyber risk management to control security risks in information systems and networks. In general, cyber-insurance is introduced as a suitable network risk management technique to eliminate risks owing to security threats. Cyber-insurance refers to insurance contracts designed to mitigate liability issues, property loss, and theft, data damage, income loss from network outages and computer failures, Website defacement, and cyber extortion.
The Role of Government
“We have a major stake in shaping the digital revolution that’s happening around us and making sure that it serves our people, protects our interests, boosts our competitiveness, and upholds our values,” said Secretary of State Antony Blinken. “We want to prevent cyberattacks that put our people, our networks, companies, and critical infrastructure at risk.”
“There are, as with any good plan, a few pillars, five of them,” Blinken said. “We will build our capacity and expertise in the areas that will be critical to our national security in the years ahead, particularly climate, global health, cybersecurity in emerging technologies, economics, and multilateral diplomacy.”
The subsequent establishment of the Cyber Security Authority demonstrates Ghana’s commitment to the protection of critical information infrastructure and the need to prevent, manage, and respond to cybersecurity crimes and threats, and foster Ghana’s growing digital economy. Ransomware targeting private industry is a growing threat to the global economy, including Ghana and the United States. As more businesses moved online during the last year and a half, so did criminals. We must remind ourselves that criminals and their online techniques have no borders, and they have no morals. Without robust cybersecurity, cybercriminals also have no limits to the effects they can have on Ghana’s economy as they target businesses, government, and individuals.
For President Biden, cyber security is a top priority and essential to national and economic security. We know our allies and partners are a tremendous source of strength and advantage in the continuing fight against cybercriminals. We look forward to our continuing and collaborative relationship between the United States and Ghana. (U.S. Embassy in Ghana).
President Nana Addo Dankwa Akufo-Addo has launched a National Security Strategy blueprint to enable stakeholders in the security sphere to deal effectively with existing, new, and emerging threats to the country. “The National Security Strategy also aims to establish Ghana as a land of opportunities, with the resolve and the capability to protect her people, her culture and her values, to spur growth, development, and prosperity that inure to the well-being of her people, whilst positioning the country to play a meaningful and influential role at regional, continental and global levels,” he said. This is the main reason why cyber risk insurance should be considered. Cyber risk is a national security threat as indicated by the UN Security Council. If the government has the appetite to protect the people and the national resources then the residual risks should be transferred after the cyber risk security measures through cyber risk insurance. Cyber risk insurance is not a replacement for cyber security but rather a continuation of the process to cater to the residual risks.
What is the role of government in cyber risk insurance? Cyber security, as noted by many experts and also the World Economic Forum (WEF), is too big a job for governments or businesses to handle alone. And in agreement with WEF’s publication in 2021, a good step to start is getting a coalition of private sector players to share possible cyber-threat information and come up with standard solutions.
To reassure all stakeholders in the digital space, there is a need for a robust cyber-insurance market. An introduction to a panel discussion during a recent event considering the Role of Government in Fostering Cyber Insurance Markets goes like this: “Robust cyber-insurance markets can promote the public good by reducing the country’s vulnerability to cyber-attacks and by limiting the need for government support in the wake of such attacks. Moreover, governments play an important direct role in the cybersecurity ecosystem, as they face unique cybersecurity vulnerabilities; and, in some cases, make active affirmative use of cyber-attacks. Given these realities, governments have both a clear interest in promoting more robust cyber-insurance markets and the potential technical means to help do so.’’
Mr. Thomas Cook Jefferson-Dankwah – a renowned Cyber-Insurance expert who is currently the Executive Director of Hanssen Global UK and Ghana Ltd., a Microsoft Partner Network-Ghana said in his interview with B&FT newspaper that, Insurance companies handle all matters relating to the cyber-risk transfer. It must also be noted that Technology and Insurance Industries go hand in hand to mitigate cyber risk, which is part of the overall strategy of cybersecurity. And let me add that there is a need for coordination of the cyber-insurance ecosystem.
This is his advice that Cybersecurity and matters arising are high on the agenda for many nations across the world. Most advanced economies are even taking it more seriously than the developing ones. Like the US and the rest of the world, Ghana is equally prone to cyber-attacks. The CBNC report revealed not long ago that there have been cyber-attacks on the US government’s software contractor Solar Winds. This and many such attacks should be a wake-up call for us here in Ghana.
Recently reported by CNBC, President of the United States, Joe Biden, met with CEOs of big tech and insurance firms to discuss cybersecurity issues. The likes of Microsoft and Google have promised to invest billions of dollars in cybersecurity. The discussion of cyber security should involve the technology companies and the insurance regulator and the insurance associations.
Threats in our cyberspace take different forms and happen at various levels in the cyber architecture, therefore we need all hands on board, both private and public sector, in tackling them.
The writer is a Chartered Insurance Practitioner and an Associate of the Chartered Insurance Institute of United Kingdom and also Ghana (ACII-UK, ACIIG), and holds MPhil in Enterprise Risk Management and Business Consulting from Kwame Nkrumah University of Science and Technology. Attained Bachelor’s degree from University of Ghana, Legon and have Applied Insurance studies, Diploma and Advanced Diploma (AAIS & AIS) from Ghana Insurance College / Malta Insurance Training Institute.
Justice Peprah AGYEI +233208498571
References
Reference
