Dealing with the Challenges of Cyber Crime in the Nigerian Economy – The Insurance Solution...
-
Upload
louisa-johnson -
Category
Documents
-
view
215 -
download
0
Transcript of Dealing with the Challenges of Cyber Crime in the Nigerian Economy – The Insurance Solution...
Dealing with the Challenges of Cyber Crime in the Nigerian Economy – The
Insurance Solution
September 2015
By
Shola Tinubu (FCIB)MD/CEO, Scib Nigeria & Co. Ltd.
CONTENTS
Part 1- Background• Global Cyber Liability• Definition of Cyber Insurance
Part 2- Challenges
Part 3- Cyber Risks
a. Potential Risk Targetsb. Potential Business Consequencesc. Potential Legal Consequenced. Potential Cost
Part 4- Cyber Risk Management
Part 5- Regulatory Framework
Part 6- The Solution: Cybercrime Insurance
• Questions?
Part 1
Background
Global Cyber Liability
• 864.2 million personal records have been breached in the U.S. since 2005.
• 2.7 billion people in the world are online (approximately 40% of the world’s population).
• Portable devices carrying more than 172 million personally identifiable records were lost or stolen, between 2005 and 2014.
• In U.S. Healthcare alone, more than 120,000 people are being notified that their data has been breached every week!
Part 1 - Background
Global Cyber Liability (Cont…)
• More than a third of customers of companies that suffered a data breach no longer did business with the companies in question “because of the breach”
• Cybercrimes are widespread, systemic and insidious
• Cyber crime cost companies $300bn - $1trillion total in 2013
• Average cost of $500,000 and 24 days to identify and resolve an attack
• ~5% drop in share price for public companies
• Value of brand can decline 17-31%, depending on nature and industry
Source: www.aon.com
Part 1 - Background (Cont…)
EFCC, Nigerians raise alarm on hackingon July 29, 2011 / in Crime Alert 4:54 pm / Comments
- Fears of massive fraud in the banking and financial sector have been raised by the Economic and Financial Crimes Commission (EFCC) as Nigerians are alarmed by renewed upsurge in hacking into their personal computer systems and electronic mail accounts, using it to attempt defrauding friends and relatives.- This is coming as the United States approved $130billion to fight hacking and cyber related crimes, with focus on hacking and cyber crime fraudsters from Nigeria. Washington last week deported a Nigerian for defrauding 70 law firms through cyber crimes.
-This came as EFCC said that it has received reports of people trying to use electronic means to divert public funds, perpetuate forgery and fraud.
Source: Vanguard July 29, 2011
Part 1 - Background (Cont…)
Saturday Vanguard
Business Day
Nigerian payment cards vulnerable to hackers abroadNovember 4, 2014 | Filed under: Exclusive, main story | Author: Ben Uzor
- The failure of some more advanced economies to upgrade to the latest electronic payment card technologies is causing Nigerian card holders to be vulnerable to hackers when they travel abroad, BusinessDay has gathered.
- Facts have emerged that hackers in some countries abroad are duplicating Automated Teller Machine (ATM) cards belonging to Nigerian bank customers who travel to those countries and conduct payment transactions on their cards.
-The hackers clone the Nigerian cards and use them to purchase items worth millions of dollars from shopping malls in the US.
Source: Businessday
Part 1 - Background (Cont…)
Definition of Cyber Insurance
Part 1 - Background (Cont…)
Cyber insurance -- also called cyber security insurance, cyber liability insurance, cyber risk insurance, and data security insurance, among other terms –
What Does the Product Protect Against• Protection of businesses from Internet-based risks, • Risks relating to information technology infrastructure and activities.
ExclusionRisks of this nature are typically excluded from traditional commercial
general liability policies.
What Does Product Cover?
Covers include;• first-party coverage against losses such as data destruction,
extortion, theft, hacking, and denial of service attacks;
• liability cover indemnifying companies for losses to others caused, for example, by errors and omissions, failure to safeguard data, or defamation; and
• other benefits including regular security audits, post-incident public relations and investigative expenses, and criminal reward funds.
Part 1 - Background (Cont…)
Part 2
Challenges
Part 2 - Challenges
• Attacks or security breaches may lead to a variety of business
consequences, which are very difficult to quantify the impact
• Lack of historical data is one of the foremost issues faced while
determining the premium rate of an insurance policy and deciding on
whether to underwrite the risk.
• Lack of standard legal definitions of cyber liability across the globe.
• Lack of systems to alert consumers in a timely manner in the event of a
cyber breach.
• Inadequate protection of personally identifiable information held by
insurance companies and third-parties .
• Insufficient audits to determine if controls are in place to protect
personally identifiable information.
• Inadequate Periodic employee training and assessment .
• Lack of implementation of policy by the government
• High rates of poverty.
• Lack of awareness .
Part 2 – Challenges (cont…)
Part 3
Cyber Risks
Where
Who
What
FinancialImpact
Online Offline
Accidental
Malicious Internal External
LiabilityRegulator
y FineDefence Expense
Lost Income
Extra Expense
Crisis Expense
MediaTechnolog
yProtected
Data
Part 3 - Cyber Risks
What risks are there in Cyber?
Who creates cyber risk?
17%
10%
60%
6%7%
Internal Accidental
Internal Malicious
External
Internal Unknown
Unknown
2014 Year to Date (datalossdb.org)
Part 3 - Cyber Risks (Cont...)
Notable Trends in Cybercrime
• Motivation : Huge financial potential is making attackers more sophisticated
• Methods : Attacks are becoming more targeted
• Targets : The workstation (desktop or laptop) and the user is the easiest path into the network
• New wave of Cyber Terrorism
Part 3 - Cyber Risks (Cont...)
Sources of Data Breaches
49%
16%
9%
9%
7%
5%4% 2%
Laptop/SmartphoneThird PartyPaper RecordsInsiderBackupHacked SystemsMalicious CodeUndisclosed
Part 3 - Cyber Risks (Cont...)
Potential Risk Targets
• Any business handling customer data will, sooner or later, be confronted with the challenge of a data breach.
• The stakes are high. If customers don’t think the business can be trusted, the future of the company may be at risk.
• Companies with access to private, confidential information about their customers or employees have a responsibility for keeping it safe
• Companies who have a web presence have emerging content exposures
• Companies who have a dependency on technology have emerging transactional exposures
Part 3 - Cyber Risks (Cont...)
Potential Business Consequences
• Harm to business, company valuation, stock price, etc.
• Long-term financial and business damage
• Theft of valuable intellectual property and business plans
• Theft of customer data and funds
• Disruption of critical operations and corporate web sites
• Headline and reputational harm
Part 3 - Cyber Risks (Cont...)
Potential Legal Consequences
• Governmental investigations and sanctions
• Consumer litigation
• Class action lawsuits
• Shareholder derivative demands
• Potential claims against the company
Part 3 - Cyber Risks (Cont...)
Potential Costs
• Financial losses for company
• Financial losses for shareholders
• Brand reputation
Part 3 - Cyber Risks (Cont...)
Part 4
Cyber Risk Management
Cyber Risk Management Framework
Assessing Risk
Maintain Risk at Acceptable Level
Reduce Risk of Security Breach through Preventive Technology
Reduce Financial Risk through Insurance
Reduce Risk to Acceptable Level
Part 4 - Cyber Risk Management
Scib’s Cyber Risk Management Process
Part 4 - Cyber Risk Management
Managing the external accidental (aka vendor) cyber risk
Vendor risk assessment (financial, technical, legal, security, privacy,
quality control, compliance)
Contractual risk transfer(Scope of indemnity, limit of liability)
Vendor insurance(Professional Indemnity, Cyber)
Your insurance(Cyber, others…?)
Cyber Risk Management
Part 4 - Cyber Risk Management (Cont...)
Part 5
Regulatory Framework
27
The Act is segmented into three (3) parts;i. Part I -Object And Applicationii. Part II ‐ Protection Of Critical National Information Infrastructureiii. Part III ‐ Offences and Penalties
The Act dubbed: ‘Cybercrimes Prohibition, Prevention Act’, was signed
by former President Goodluck Jonathan on May 15, 2015.
Cybercrime Prohibition, Prevention Act 2015
Part 5 - Regulatory Framework
28
Objectives
The main objective of the Act is to provide an effective and unified legal,
regulatory and institutional framework for the prohibition, prevention,
detection prosecution and punishment of cybercrimes in Nigeria. It also
seeks to ensure the protection of critical national information
infrastructure as well as promoting cyber security and the protection of
computer systems and networks electronic communications, data and
computer programmes intellectual property and privacy rights.
Cybercrime Prohibition, Prevention Act 2015 (Cont…)
Part 5 - Regulatory Framework (Cont...)
29
The Cybercrime Act is a crucial piece of legislation:
- It will encompass stronger obligations around minimum technical and organizational control as well as prompt failure disclosures.
- The Act provides more power to regulators around imposing financial penalties as well as subjecting companies to regulatory audits.
- Firms must start preparing early as there are a number of additional administrative and record keeping obligations that may require fundamental organizational and IT change and in some cases at significant cost.
Implications of the Cybercrime Prohibition, Prevention Act 2015 to Business Operations
Part 4 - Regulatory Framework (Cont...)
30
Fines up to N7,000,000.00 or imprisonment for a term of not less than three years or both fine and imprisonment in the event of a computer related fraud and identity theft and impersonation.
Part III under Offences & Penalty, section 6, subsection 3 & 4 of the Cybercrime Prohibition, Prevention Act 2015
New Cybercrime Regulation Impacts
N
Part 5 - Regulatory Framework (Cont...)
Part 6
The Solution: Cybercrime Insurance
What is Cyber Insurance?
Cyber insurance covers the losses relating to damage to, or loss of information from, IT systems and networks.
Cyber Insurance also offers coverage for liability that arises out of unauthorized use of, or unauthorized access to, electronic data or software within a company’s network or business. In addition, it provides coverage for liability claims for spreading a virus or malicious code, computer theft, extortion, or any unintentional act, mistake, error, or omission made by employees while performing their job.
Part 6 - The Solution: Cybercrime Insurance
Part 6 - Scope of Cyber Insurance Coverage (Contd)
First Party SectionsInsured’s Loss
Network-related Business Interruption
System Failure Business Interruption (some policies)
Dependent Business Interruption (some policies)
Extra Expense
Intangible Asset damage
Reputation Damage (some policies)
Expense/Service SectionsExpenses Paid to Vendors
Crisis Management
Breach-related Legal Advice
Forensic Investigation
Breach Notification
Call Center
Credit Monitoring, Identity Monitoring, ID Theft Insurance
Cyber Extortion Payments/ Assistance
Liability SectionsDefense Costs + Damages
+ Regulator Fines
Failure of Network Security
Failure to Protect/ Wrongful Disclosure of Information, including employee information
Privacy or Security related regulator investigation
All of the above when committed by an outsourcer
Wrongful Collection of Information (some policies)
Media content infringement/ defamatory content
Scope of Cyber Insurance Coverage
First Party Response expense reimbursement options include:
Legal & Forensic Services
Crisis Management/Public Relations
Notification and Remediation Expenses
Business Interruption and Additional Expense
Computer Program and Electronic Date Restoration
Computer Fraud
Funds Transfer Fraud
Telecommunications Theft
Part 6 - The Solution: Cybercrime Insurance (Cont...)
Scope of Cyber Insurance Coverage
Third Party Defense & Liability expenses (including defense costs)
Data security breaches can take many forms and do not necessarily lead
to any direct consumer injury like identity theft. However, you will likely
need to defend against individual and/or class action lawsuits anyway.
Your policy will provide defense and pay liability judgments against you
up to the limit of insurance you select.
In addition, you will have access to a proprietary breach preparedness
web site with pre and post-breach services and resources.
Part 6 - The Solution: Cybercrime Insurance (Cont...)
Property Insurance: Denial-of-Service attacks do not constitute
‘physical perils’ and do not damage ‘tangible property’
Professional Indemnity:- Unauthorized access exclusions.
- Requires negligence in provision of defined business activities.
- Generally no cover for information commissioner regulatory actions
General Liability InsuranceGeneral Liability coverage is limited to
‘publication or utterance’ resulting in one of traditional privacy torts.
“Publication” resulting from hacking is not an act of the insured
Fidelity Guarantee Coverage- This covers loss as a result of the
dishonesty of staff resulting in the loss of money, securities, or tangible property.
Common Hurdles:- Intentional acts and insured vs.
insured issues. -No coverage for crisis
expenses required by law or to protect reputation.
Your Standard Policies Probably Don’t Work
Part 6 - The Solution: Cybercrime Insurance (Cont...)
Cyber Insurability Analysis
Professional Indemnity
Part 6 - The Solution: Cybercrime Insurance (Cont...)
Who needs Cyber Insurance?
Everybody that has phones with personal or corporate data.
Every organization that receives and sends email.
Companies who host, store, share or transmit proprietary & confidential data
Companies who transact business and generate revenues from the Internet
Companies whose business operations would be impacted by a service disruption
Companies who outsource storage, processing or sharing of confidential information
with third party service providers
Companies who publish electronic content
Companies whose high profile increases the probability of extortion
Part 6 - The Solution: Cybercrime Insurance (Cont...)
Who needs Cyber Insurance? (Contd)
It can happen to anyone…
The culprit is often someone close to your business: A surprisingly
large proportion of data breaches are carried out by insiders—over half by
some estimates
Size doesn’t matter: Half of the potential companies that suffer data
breaches have very few employees
The perpetrator could live halfway around the globe.
Any company can be hit: Retailers, health care institutions,
manufacturers, professional service providers, media and entertainment
companies, and financial institutions are likely to be targeted
A breach can result from a simple mistake: e.g. An employee misplaces
a laptop or Blackberry, or leaves it in an unsecured location, such as an
unlocked car
Part 6 - The Solution: Cybercrime Insurance (Cont...)
What is the cost of the cover?
A good starting point is to determine what exposure does the company have .what types of incidents you want cover for and for what limit. The company should state both your own costs (known as first-party costs) and the costs that others may attempt to claim from you as a result of the incident (known as third-party costs).
Depending on the nature of the risks, premium rates can range between 1% to 6.0 % of the limits covered.
Part 6 - The Solution: Cybercrime Insurance (Cont...)
Risk Assessment Parameter
Optimal ProgramInsurable
Risks
Contractual Requirements
Budget
Risk Tolerance
Loss Modeling
Peer Purchasing
Data
Scope of Coverage/ Control
Market Limitations
The Solution: Cybercrime Insurance (Cont...)
How can Scib facilitate the cover?
Scib approach
Strategic Meetings / DiscussionScib will take a collaborative approach with prospective client to identify and analyze exposures, risk and potential insurance including proposed structures, or alternative solutions
Submission DevelopmentScib will work with prospective clients to obtain relevant, necessary and favorable underwriting information to present to markets
Scib approach (Cont…)
Marketplace LeverageScib will put our vast knowledge of market conditions and trends to work on behalf of each prospective client, negotiating favorable terms and conditions with top tier carriers.
Strategic Negotiations and PlacementScib will utilize proven and sophisticated negotiation strategies to finalize placements that meet collaboratively established goals. Throughout the process Scib advises on Cyber risk management best practices and provides frequent thought leadership and guidance on emerging exposures and coverage issues
Our Vision and Mission
Our Vision
• To Be The No.1 Risks Solutions Provider Of Choice.
Our Mission
• Pursuit of Excellence in the Provision of Risks Solutions of a Global Standard using Innovation
Who We Are
Established July 1978.
Joint Venture between F.I.M Consultants Ltd. & Standard Chartered Insurance Brokers Ltd. UK*
Post Standard Chartered Bank’s Divestment – Sedgwick remains a Shareholder and Technical Partner ……….SCIB
Today
• Scib is ranked No. 1 of 500 plus registered brokers in Nigeria.
• Staff Strength of 75. Highly experienced and motivated.- Additional 55 comprising Consultants and other support staff.
• Multi-disciplinary team comprising of Lawyers, Chartered Accountants, Chartered Insurance Practitioners and others with background in Actuarial Science, Engineering and Economics.
• Head Office in Lagos: - Head Office Annex in Lagos
- Regional office in Ibadan, Port Harcourt, Kaduna & Abuja. - Branch office in Kaduna
International Affiliation • Scib is the Network Correspondent for Aon in Nigeria.
• Aon is the Largest Insurance broking company in the world with over 500 offices in more than 120 countries.
www.aon.com
Aon has a leadership position in relation to financial institutions.
1. 100% of the top 10 global insurers2. 94% of the top 50 global banks3. 60% of the top 10 asset managers
This gives Scib a Global Access.
Aon
Scib
Global Reach
500 Offices
120 Countrie
s
49
No. 1 Insurance Broker in the World
No. 1 Insurance Broker in Nigeria
WHERE WE ARE
WESTERN REGIONAL OFFICE - IBADAN
Arit of Africa House (1st Floor)14 SanusiAkere StreetOluyole EstateIbadan.Mobile number-08085852816Tel/fax: 02-2414154E-mail: [email protected]
EASTERN REGIONAL OFFICE - PORTHARCOURT
UPDC Building26 Aba RoadPort HarcourtRivers StateMobile number-08028399355Tel: 084-770888; 084-575499E-mail: [email protected]
NORTHERN REGIONAL OFFICE - ABUJA
Suite 20 & 21 Yashua Plaza(Behind AP Plaza)1046 Adetokunbo AdemolaCrescentWuse II – Abuja.Mobile number-08023143111Tel. 09-6710628E-mail: [email protected]
HEAD OFFICE ANNEX
Custodian House 16A, Commercial Avenue (2nd Floor)Sabo-Yaba, LagosMobile number-08085852816Telephone: 2704920 - 3,Email: [email protected]
KADUNA BRANCH OFFICE
Turaki Ali House (1st Floor)3 Kanta RoadP.O. Box 8741Kaduna.Mobile number-08023143111Tel/Fax: 062-241567E-mail: [email protected]
HEAD OFFICE
66 AdeniranOgunsanya Street.SurulereP.O. Box 1782LagosMobile number- 08081007745Tel: 01-2710030-4, Fax: 01-2710035E-mail: [email protected]
Why Use A Broker?
Assessment of client risk profile.
Prompt Claims processing and management
Advice on cover required by client.
Technical advice and advice on market developments.
Selection and recommendation of insurer.
Detailed knowledge of the market, insurers, products/policies and practices.
Risk management
Why Use Scib? Prompt Claims processing and management
Assessment of your risk exposure profile.
Advice on cover required.
Technical advice and advice on market developments.
Selection and recommendation of insurers
Detailed knowledge of the local and international market, insurers, products/policies and practices.
Risk management
Global Knowledge
Global reach
Our Key Differentiating Factors
Specialized unit to handle financial institutions
People/Professionalism (Technical Competence)
High Ethical Standards
Leverage
Integrity
Service
Experience
Contact Person
G. A. Olanbiwoninu Senior Manager
He has been in the field of marketing since 1995Specialty: Business Development and MarketingTel: 234 01 271 0030-4D/L: 234 808 100 7745Email: [email protected]
Questions?
Locks Keep Out only the Honest
Jewish Proverb
Quote
Thank You !