Highlighting Effects of Cybercrime and Imperatives of Cybersecurity Insurance

The World over, one of the burning issues commanding attention and causing apprehension today is the escalating rate of cybercrime.  In Nigeria, activities of cybercriminals and hackers have posed serious threats lately, and efforts to curtail it have been challenging. In this article, EDET UDOH highlights the effects of cybercrime and the action taken by Nigerians and the governments to tackle the menace and ensure business sustainability.

The outbreak of Coronavirus (COVID-19)

The outbreak of Coronavirus  (COVID-19) which first known case was identified in Wuhan, China, in December 2019, has since spread worldwide, leading to an ongoing pandemic with associated consequences on world economies.  Experts said, “Coronavirus disease 2019 (COVID-19), also known as the coronavirus, COVID or Covid, is a contagious disease caused by severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2).”

Impact of COVID-19

The impact of the COVID-19 pandemic has led to about 3.26 million deaths worldwide and in a bid to flatten the curve and reduce the death tolls; the government of various nations of the world including Nigeria introduced various measures including lockdown, restriction of movements and curfew to curtail the spread of the virus.

This situation has led to increased digital access and the internet has remained a force allowing people to stay connected during periods of extended restriction while performing a lot of transactions online.

With about 4 billion users of the internet, it has become one of the greatest technological developments which are widely accepted for ease and efficiency.  Technological advancements and development have led to the emergence of cybercrime.

As a result of the foregoing, people have increasingly relied on the internet to work, transact businesses and stay entertained. But, with this increased use of internet services, the online threats that vulnerable people and organizations are exposed to have also increased.

Experts said online threat actors continue to take advantage of the fear created by the pandemic, with a greater focus on exploiting the digital service offerings and consumers fallibility, thereby making the internet unsafe for users.

To this end, experts have called on individuals, institutions, corporate organizations to adopt Cybercrime Insurance as a mitigating factor against cybercrimes and threats and other losses arising from internet connectivity.

What is Cybercrime?

Cybercrime, which involves any crime committed with the aid of a computer and networks like phishing, bank verification number scams, fraudulent emails, hacking, cyber harassment, spamming, social media hijacking etc, exploits vulnerabilities of both electronic devices and their users.

In Nigeria, in a bid to counter the activities of the cybercriminals, a lot of initiatives have been introduced by the government and private institutions to curtail or curb the activities of cybercriminals, some of which are listed below but the country continues to lose a huge amount of money to the activities of these faceless people.

Causes of Cybercrime

Investigations have revealed that factors such as the high rate of unemployment, the quest for wealth, lack of strong cybercrime laws, and incompetent security on personal devices have made cybercrime a significant problem for the country.

People involved in such fraudulent practice find it as an easy way of making money.

The danger of Cybercrime/ need to fortify businesses

According to the recent survey by Allianz Global Corporate & Specialty (AGCS), showed that Business interruption (BI) is no.1 with 41% of responses; Covid-19 Pandemic outbreak occupies no. 2 positions with 40% as this year’s top business risks with Cyber incidents ranking a close third with 40%.

The annual survey on global business risks from Allianz Global incorporates the views of 2,769 experts in 92 countries and territories, including CEOs, risk managers, brokers and insurance experts.

The top risks which concern businesses the most in Nigeria are Pandemic outbreak (#1 with 38% of responses) and Cyber incidents, which moves up from #8 to #2 with 32%. Macroeconomic developments fall from #1 to #3 with 31% and Business interruption moves one level down to #4 with 30%.

Before the Covid-19 outbreak, Business interruption (BI) had already finished at the top of the Allianz Risk Barometer seven times and it returns to the top spot after being replaced by cyber incidents in 2020. The pandemic shows that extreme global-scale BI events are not just theoretical, but a real possibility, causing loss of revenues and disruption to production, operations and supply chains. 59% of respondents highlight the pandemic as the main cause of BI in 2021, followed by Cyber incidents (46%) and Natural catastrophes and Fire and explosion (around 30% each).

The pandemic is adding to the growing list of non-physical damage BI scenarios such as cyber or power blackouts. “The consequences of the pandemic – wider digitalization, more remote working and the growing reliance on the technology of businesses and societies – will likely heighten BI risks in coming years,” explains Philip Beblo, an expert in AGCS’s global Property underwriting team.

“However, traditional physical risks will not disappear and must remain on the risk management agenda. Natural catastrophes, extreme weather or fire remain the main causes of BI for many industries and we continue to see a trend for larger losses over time.”

In response to heightened BI vulnerabilities, many companies are aiming to build more resilient operations and to de-risk their supply chains.

Commissioner for Insurance/Chief Executive Officer, NationalInsurance Commission (NAICOM), Mr. Olorundare Sunday Thomas

Cyber perils intensify

Cyber incidents may have slipped to #3 but it remains a key peril with more respondents this year than in 2020 and still ranking as a top-three risk in many countries, including Nigeria, South Africa, Brazil, France, Germany, India, Italy, Japan, Spain, UK and the US. The acceleration towards greater digitalization and remote working driven by the pandemic is also intensifying IT vulnerabilities.

At the peak of the first wave of lockdowns in April 2020, the Federal Bureau of Investigation (FBI) reported a 300% increase in incidents alone, while cybercrime is now estimated to cost the global economy over $1trn, up 50% from two years ago. Already high in frequency, ransomware incidents are becoming more damaging, increasingly targeting large companies with sophisticated attacks and hefty extortion demands, as highlighted in the recent AGCS cyber risk trends report.

According to Catharina Richter, Global Head of the Allianz Cyber Center of Competence at AGCS,  “Covid-19 has shown how quickly cybercriminals can adapt and the digitalization surge driven by the pandemic has created opportunities for intrusions with new cyber loss scenarios constantly emerging.”

“Attackers are innovating using automated scanning to identify security gaps, attacking poorly secured routers or even using ‘deep fakes’ – realistic media content modified or falsified by artificial intelligence. At the same time, data protection and privacy regulation and fines for data breaches continue their upward trend.”

Cybercrime, a global issue

All over the world today, one of the burning issues commanding attention and causing apprehension is the escalating rate at which cybercrime. In Nigeria lately, activities of cybercriminals and hackers have posed serious threats, and efforts to nip it in the bud has proven somewhat tasking.

Findings showed that war against Cybercrime Recent prediction by Cybersecurity has it that global community will lose more than $6 trillion annually by 2021 to cybercriminals.

Consequently, global leaders have deployed necessary mechanism and strategies capable of ridding the globe of the cybercrime menace.

Effects of cybercrime

Nigeria among vulnerable countries

Experts have identified Nigeria as one of the vulnerable countries in the world with a higher number of cyber-related attacks and threats.

The National Security Adviser (NSA), Maj-Gen. Babagana Munguno (rtd), during the inauguration of the Cybercrime Advisory Council, at the Office of the National Security Adviser (ONSA), Abuja, stated that “Global tracking of cyber-attacks indicate that Nigeria is among countries with high cases of software piracy, intellectual property theft and malware attacks. The situation is a serious challenge to our resolve to take advantage of the enormous opportunities that the Internet brings while balancing and managing its associated risks.

According to him, the situation was made possible due to a lack of awareness of cyber-security and poor enforcement of guidelines and minimum standards for the security of government websites, particularly those hosting sensitive databases of Nigerians.

The NSA, emphasized the need to take serious action to protect our national cyberspace as a national security requirement, adding that the importance of serious action to protect the nation’s cyberspace, increased tremendously with the growth in the number of Nigerians connected to the internet, from less than a million in 2003 to over 80 million in November 2015.

He warned that “any serious attack or interference to the operation of Nigerian cyberspace will harm the national economy as well as on public health and safety.

Common Cybercrimes in Nigeria

Munguno listed some of the common cyber-crimes in Nigeria to include: computer virus and malware infections, identity theft and privacy invasion, fraudulent electronic transaction, and theft of intellectual property.

Other include radicalisation and violent extremism, terrorism perpetrated through cyberspace, website hacking and defacement; and distributed denial of service attack, amongst others.

Nigeria Spends N127 billion on Cybercrime annually

The federal government said the estimated annual cost of losses caused by cybercrime to Nigeria is 0.08 per cent of the country’s Gross Domestic Products (GDP), which represents about N127 billion.

Munguno who is the Chairman of the 31-member Cybercrime Advisory Council said that the “activities of hackers and cybercriminals in recent times have threatened government presence, economic activities and security of Nigerians and vital infrastructure connected to the internet.“

The 2014 Annual report of the Nigeria Deposit Insurance Corporation (NDIC), he said, showed that, between the year 2013 and 2014, fraud on e-payment platform of the Nigerian banking sector increased by 183 per cent, adding that a report published in 2014 by the Centre for Strategic and International Studies, UK, estimated the annual cost of cybercrime to Nigeria at about 0.08 per cent of our GDP, representing about N127 billion.

Nigeria loses N5.5 trillion in 10 years to cybercrimes

Deloitte West Africa Chief Strategy Officer Mr Tope Aladenusi, while speaking at a webinar hosted by FirstBank of Nigeria Limited with the theme: “Staying Protected Amidst the Pandemic Chaos,” revealed that Nigeria has lost N5.5 trillion to fraud and cybercrimes in 10 years, adding that losses from cybercrimes seemed to be more than drug trafficking.

Aladenusi, who doubles as the cyber risk services leader said global losses from cybercrime, was over $ 1 trillion in December 2020. He attributed the rise in cyber frauds to insufficient skilled resources, deficiency in awareness, rapidly changing technology landscape and weakness in cybersecurity controls.

Also speaking at the event, FirstBank chief information security officer Mr Harrison Nnaji said an increasing number of customers have been obligated to use online transaction platforms, adding that consumers are presently faced with several associated cyber risks.

National Security Adviser, Maj. Babagana Munguno (Rtd) with President Buhari

He listed cybercrimes instruments to include the use of unsecured networks for connection, phishing attacks, call centre scam, SIM hijacking, and business e-mail compromise, among others.

He advised citizens to back up their data, be cautious of free Wi-Fi, choose unique passwords, and be smart with social media and to check bank statements regularly to avoid hackers.

Government Policy directive on cybercrime

Legislation as an option, against this backdrop, the Senate, in 2014, proposed a seven-year jail term for anyone found guilty of cybercrimes or off Enders of computer-related fraud. The bill was sponsored by Senator Ifeanyichukwu Mbadiwe.

The upper legislative chamber also approved the new law to curb online and related Internet crimes in Nigeria. The passage of the bill was sequel to the presentation of the Senate Committee on Judiciary, Human Rights and Legal Matters’ Report through its then Chairman, Senator Umaru Dahiru, on the Cyber Crime Bill referred to it for further legislative work. However, in 2017, a call for the review of the bill was made when the Senate Committee on ICT and Cybercrime, observed that the current law on cybercrime in Nigeria needs to be reviewed to meet the standard in developed countries.

Chairman of the committee, Abdulfatai Buhari, Oyo-APC, indicated while addressing the press shortly after a plenary. The conference was important to affect a review of the Cyber-crime Act which he described as “scanty. Buhari explained further that the cybercrime bill should be reviewed to prepare the country for impending dangers.

“Most people don’t even know that we have a cybercrime law in this country. That’s one of the reasons for this conference,” the lawmaker explained.

Meanwhile, the Attorney-General of the Federation, Mr Abubakar Malami, (SAN), told newsmen recently that the federal government has taken several steps through domestic policies and legislation as well as multilateral cooperation and collaboration to fight cybercrime.

Malami asserted Abuja at a meeting with the delegation of the Council of Europe on an Initial Assessment Visit to Nigeria and inauguration of the Global Action on Cyber Crime Plus, (GLACY+), National Coordinating Team. Represented by Mr Umar Mohammed, Director, Public Prosecutions, Malami disclosed that Nigeria’s Cybercrime Act, of 2015 had outlined the legal and institutional framework needed to drive the country preparedness to fight cybercrime.

Government Initiatives/Fight Against The Menace

In a bid to meet the challenges of cybercrimes in Nigeria, the Nigeria Police Force (NPF) in collaboration with the International Criminal Police Organisation (INTERPOL) recently organised a workshop on INTERPOL cybercrime training for practitioner investigators from African countries.

The menace of cybercrimes often referred to as ‘yahoo yahoo’ in our clime has continued to heighten as millions of resources have allegedly been freighted out of the country through online scams.

Not unawares of the phenomena, the Nigeria Police in collaboration with other agencies of government including the Economic and Financial Crimes Commission (EFCC), has continued to battle this new face of crime head-on.

This is even as the immediate past Inspector General of Police (IGP), Ibrahim Idris, indicated the readiness of the Force to tackle the rising spate of cybercrime in the country, at the workshop on International Criminal Police Organisation (INTERPOL) cybercrime training for practitioner investigators from African countries in Abuja.

While acknowledging the fact that: “Law enforcement in Africa is only just beginning to grapple with this menace (cybercrime) in our various jurisdictions,” Idris assured that the existing hi-tech Criminal Information System, will adequately be equipped, to boost the investigating capacities of officers.

Idris, who was represented by the Deputy Inspector General of Police (DIG) in charge of Force Criminal Intelligence and Investigative Department (FCIID), said a dedicated hi-tech and cybercrime unit, has been deployed within the INTERPOL national central bureau in the country.

The training, he said, “is coming at an auspicious time in which criminals in the Cyberspace deploy their ICT know-how to unleash mayhem and financial injuries on law-abiding citizens in our various jurisdictions.”

At the Second Annual Conference on “Combating Financial Fraud, Cybercrime, and Cross-Border Crimes”, the US Ambassador, Stuart Symington, was quoted in a statement issued by the U.S. Embassy, saying “there is not a country in the world that is kept secure day and night, year after year by anything other than the people of that country.

“They are to national security what every user of a computer is to internet security,” saying they are the critical link.

In a bid to tackle the situation or curtailing the scourge of cybercrime, the Nigerian government, through its National Security Adviser, NSA, Major General Babagana Monguno (retd), inaugurated a 31-man Cybercrime Advisory Council, in Abuja.

Decrying the situation, the NSA, who is also the committee chair, described the scourge as a serious challenge that members of the newly inaugurated council must confront.

Quoting Section 42 of the Cybercrime Act 2015 which provides for the establishment of the Cybercrime Advisory Council, the NSA disclosed that members of the council were drawn from the Economic and Financial Crimes Commission, Independent and Corrupt Practices and other related offences Commission, Directorate of State Security Service, Office of the National Security Adviser, Ministries of Trade and Investments, Foreign Affairs, Finance, and Justice.

The rest are; Nigeria Stock Exchange, Nigerian Prison Service, Nigerian Police Force, Galaxy Backbone, among others.

According to him, “the protection of activities in our cyberspace has become increasingly important to the security of our great nation. You will agree with me that activities of hackers and cybercriminals in recent times have threatened government presence, economic activities, security of Nigerians and vital infrastructure connected to the internet.”

Penalty for Cybercriminals

Against this backdrop, the Senate, in 2014, proposed a seven-year jail term for anyone found guilty of cybercrimes or off Enders of computer-related fraud. The bill was sponsored by Senator Ifeanyichukwu Mbadiwe.

The upper legislative chamber also approved the new law to curb online and related Internet crimes in Nigeria. The passage of the bill was sequel to the presentation of the Senate Committee on Judiciary, Human Rights and Legal Matters’ Report through its then Chairman, Senator Umaru Dahiru, on the Cyber Crime Bill referred to it for further legislative work. However, in 2017, a call for the review of the bill was made when the Senate Committee on ICT and Cybercrime, observed that the current law on cybercrime in Nigeria needs to be reviewed to meet the standard in developed countries.

Introduction of the risk-based cybersecurity framework

In its effort to combat cybercrimes, the Nigerian government through the Central Bank of Nigeria (CBN) introduced a risk-based cybersecurity framework and guidelines for deposit money banks and payment service providers. The significance of this framework is to lay out proactive steps to acquire critical information assets including customers’ information that are accessible on the internet.

On the level of preparedness of the Nigeria Police to tackle the menace, the former Inspector General of Police, said: “Setting up of cybercrime unit across the country down to local government level is an indication of the country’s readiness.

Attorney-General of the Federation and Minister of Justice, Abubakar Malami

“The Vice President recently laid a foundation for a building on which we will build cybercrime facilities and the good thing about the government of the day is that they are interested and they are worried also.

“The FG is willing to support us and that is why they gave out a contract for the building of the facility and by God’s grace, in no distant time, we are going to overcome the crime.”

Speaking further, he said: “We also have international partners who have been assisting us. In fact, the Nigerian Police Force (NPF) is putting heads together to see how they can help to depend on our needs and I believe with time, we will be self-sufficient to tackle the menace of cybercrime.”

On his part, the INTERPOL Acting Head of Training Unit, Digital Investigation Support Cybercrime Directorate, Wei Xian Tee said: “Countries across the globe are faced with cybercrime offences. It is having a huge impact and having huge victims and even traditional forms of crime are moving into cyberspace like extortion.

“Cybercrime is a transnational crime and we are working hand in hands with other cybercrime units. The way cybercrime is, there is no single country that can fight it alone. So, we encourage countries to come together and work to fight it.”

On how successful INTERPOL has achieved in tackling cybercrime, he said: “We have been very successful but we have to work ahead of the criminals to gain more success and tell the world that it will be safe cyberspace for them to live and work in.

Learning from Finland experience

Finland has been named the “least exposed country” in the world when it comes to cybercrime due to a three-point government strategy implemented last year.

The country topped a study of 108 nations, with Afghanistan the country most exposed to attacks.

The insight was published in the Cybersecurity Exposure Index 2020, which assessed the impact of Covid-19 on cybersecurity, with a focus on unauthorised access, data theft, extortion and cloud attacks designed to compromise and weaponise virtual machines.

According to Josh Frisby, founder of PasswordManagers.co which produced the report, Finland has learned from experience.

He said: “One of the main reasons why Finland has managed to reduce its exposure and address threats effectively is because the strategies in place have been influenced by waves of new cyberattacks that have been designed to worm their way through and penetrate antiquated security systems.

“This is a far cry from other countries, especially African states, where very few have developed rigorous national cybersecurity strategies, let alone regulations and laws,” he added.

Unveiled last year, Finland’s strategy is composed of three parts: international cooperation; coordination of cybersecurity management, planning, and preparedness; and cybersecurity competence.

However, the country isn’t immune to attempted attacks.  Last year, Finland’s National Bureau of Investigations and National Cyber Security Centre jointly investigated a spate of cyberattacks launched during Q2, the most serious of which brought down the national police force website and other public services.

Previously, hackers have targeted the municipal computer system for the city of Lahti and the IT system managing the official online results for the Finnish parliamentary elections in April 2019.

In its methodology, the index analysed the International Telecommunication Union’s  Global Cybersecurity Index along with information from Microsoft on malware encounter rate, ransomware encounter rate, cryptocurrency mining encounter rate, drive-by-download page encounter rate and cloud provider related incoming attacks.

Europe was a top performer on the regional level, with 70.73% of European countries classified in the low and very low exposure groups. Finland was followed by Denmark, Luxembourg, Estonia, and Norway.

The continent as a whole boasted the lowest exposure score per country at 0.329, followed by North America at 0.462.

At the other end of the spectrum, Afghanistan was the most exposed followed by Myanmar, Ethiopia, Palestine, and Venezuela. By continent, Africa had the highest exposure score per country at 0.643, followed by South America at 0.577.

Meanwhile, the Asia-Pacific region accounted for 40% of high and very high exposure countries globally.

“The stark reality is that cybercriminals relentlessly search for unprotected endpoints to find a crack in the security shield of enterprises that they can exploit.

Inspector-General of Police, Usman Baba Alkhali

“The issue is that as enterprises scale, so do the number of endpoints, and if there is a lack of asset management diligence, which there often is, these new endpoints can be the demise of security infrastructures,” he added.

Shifts in Attacking Strategies and lesson to learn

The Partner, Risk Advisory and the Head, Cyber Risk Services, Deloitte West Africa, Tope Aladenusi, in his contribution in 2020 Cyber Security Outlook, described 2020 as the beginning of a new decade that will witness unprecedented cyber-attacks and cybersecurity solutions and named it the “year of shifts”.

According to him, as we expect significant changes in cybercrime and counter-measures, we also expect “cyber” to be one of the top news headlines throughout this decade in Nigeria and across the globe.

He said they made several predictions in their 2019 Cyber Security Outlook that came to pass.

For the year 2020, according to him, we envisage some shifts that will affect the Nigerian Cyberspace – shifts in attack targets; attack magnitude; identification and authentication; monitoring; awareness and education; regulatory oversight; collaboration; and a shift in the way organisations deal with cyber-attacks.

The shift in an Attack target

He predicted that many attacks in 2020 will move from big “well prepared” organisations to the seemingly unlikely targets, especially companies who are of the notion that they are not prone to cyber-attacks or do not have enough resources to attract any attack. The main targets for cyber-attackers will be the cloud-based systems, user mobile devices, Internet Of Things (IOTs) and Small & Medium Enterprises (SMEs) as well as organisations in the non-financial sector.

Organisations with cloud-based infrastructure will be exposed due to misconfigured cloud-infrastructures, mobile devices will be exposed to more sophisticated phishing attacks that could convince even the most security-conscious individuals and lastly, SMEs will be exposed due to their unpreparedness, stating that 2020 will also see organizations liable to exposure through unprotected third party vendors and suppliers.

The shift in Attack Magnitude

Organizations in Nigeria are becoming more cybersecurity conscious through the implementation of protective and security monitoring mechanisms. This has led to organizations becoming more successful at detecting and responding to attacks and breaches within the shortest possible times.

Despite the efforts of organizations, Aladenusi said cyber-attacks are becoming more focused, that there are indications from reports of the Nigerian Interbank Settlement Scheme (NIBSS) that mobile fraud cases would likely rise above those of automated teller machines (ATM) by 2020 compared to 2019, which he said saw fewer successful attacks but resulted in higher losses and impact on the affected organizations.

Phishing and Business Email Compromise (BEC) were the most common and successful as they prey on human emotions and give rise to higher profits for the attackers. It was predicted that the year 2020 will likely witness a sharp rise in this trend. Organizations will need to be proactive to stay ahead of the attackers.

The shift of identification and authentication

With the recent data breaches happening globally, compromised passwords obtained via credential harvesting is the leading cause of data breaches. Obtaining user credentials is one of the easiest ways to gain access to a system, so it stands to reason that attackers will try and exploit the path of least resistance. Human error also contributes to a huge amount of security breaches.

In 2020, it was predicted that more organizations will move towards the “Zero Trust” security model, where security strategy begins with: “Never trust, always verify”. Zero trust architecture ensures that data and access across the network are secure and based on user identity and location parameters. It inspects and logs all traffic, learns and monitors network patterns, and adds authentication methods into the security mix, all to see every user and device connected to the network at any moment.

The Expert said also that there will also be a rise in the adoption of biometric technologies for authentication and identification in computer systems, ATMs and physical access controls.

Shift in monitoring

According to Tope Aladenusi, in 2019, organisations took strategic decisions by implementing or subscribing to Security Operation Centres to monitor and defend their firms from existing and emerging threats. Consequently, we saw a rise in cyber threat monitoring services which has helped many organisations secure their most priced data.

Time is crucial when protecting an organisation’s assets from cyber threats and attack elements as it is important for the security measures to work fast to keep pace with hackers and cybersecurity threats. Safeguarding data is critical for businesses and so they require faster detection, response and recovery from imminent threats.

Chairman, Economic and Financial Crime Commission (EFCC), Umar Mohammed Abba with President Buhari (Photo Credit: Premium Times

Artificial Intelligence (AI) and machine learning is now an effective tool in threat monitoring to gain a serious advantage against fraudsters and hackers. He forecasted that in 2020, Cyberthreat monitoring and intelligence would take a new direction as many organisations (outside the banks) will begin to rely on AI and machine learning monitoring to help uncover attacks before they happen.

the shift in awareness and education

He said 2020 will see a shift in security awareness thereby creating more impact which will ultimately protect the populace, adding “We will see more local, grassroots, pidgin and native language awareness to reach low-income users or targets. We will also see security awareness that is adaptable to the user’s lifestyle instead of the generic traditional awareness mechanism. Cyber Security will also be included in the curriculum of schools as a way to increase awareness and develop scarce skills around cyber security.”

The shift in regulatory oversight

2019 witnessed an increase in the number and sophistication of data breaches which has been a continuous trend for the past decade. This trend has led to increased regulatory oversight initiatives across the world with prominent examples like the Nigerian data protection regulation, General data protection regulation, Asia pacific data protection and cyber security guide, German’s IT security act of 2015 amongst many more.

It was also predicted 2020 will see many regulators including government agencies release guidelines around Cyber Security, with a new focus on data privacy. We already have the Nigeria Data Protection Regulation (NDPR) released by NITDA and The Central Bank of Nigeria will soon be releasing more guidelines for Fintechs and banks during the course of the year with strict penalties attached for non-compliance.

We also expect better enforcement of the existing cyber security and data protection regulations.

Shift in collaboration

Historically, government establishments in the country have worked in silos, with each establishment fully responsible for all its security operations. Due to recent events, it is evident now more than ever that collaboration is needed in the security landscape most especially in the threat intelligence front.

The expansion of cyber threat intelligence (CTI) all over the world is largely credited to information sharing and establishments in Nigeria will begin to embrace this idea. Cyber Threat alliance is an important factor for the advancement of security operations. It has become obvious that the wider the scope and insights into threats that can be created, processed and shared across these organizations, the easier it becomes for new and emerging threats to be identified and promptly mitigated.

As a result of the benefits associated with cyber threat alliance, 2020 was identified as a year for collaborations between regulators, private organisations, government parastatals, security agencies, as well as collaboration among countries.

The shift in bearing the consequences

According to expert, “As the cyber insurance market is fast becoming a common tool for risk management, the cybersecurity insurance market is predicted to reach an astounding mark of $7.5 billion in the year 2020 as reported by Tripwire. Organizations will start to push for cyber insurance as a means to safeguard against the implications of a cyber-breach.

“Though cyber insurance as a product has been around for a long period of time, it has certainly not yet matured. 2020 will see an increase in organizations in Nigeria exploring cyber insurance as against focusing efforts solely on preventive measures for detecting and blocking potential attacks as well as practises around disaster recovery to enable an appropriate response.

“Insurance cover will include but not limited to cyber-attacks, data breaches and other incidents that affect third parties or supply chains.”

Federal Government warning

The Federal Government has warned that cybercriminals are now using telegrams bots and google forms to perfect phishing.

The warning was given by the National Information Technology Development Agency (NITDA), through a statement issued on Friday, May 14, 2021, via its official Twitter handle.

NITDA in its statement said that cybercriminals make use of free email services to obtain data of victims and then gain access to the data of linked bank cards etc.

Managing Director/CEO Allianz (AGCS), Oliver Bate

“Hackers use legitimate services such as Google Forms and Telegram to obtain user data stolen during phishing attacks.

“Various ready-to-go platforms which are available on the darknet are used to manage the entire process of the phishing attack and keep financial records linked to them. Such platforms are distributed under the cybercrime-as-a-service model, which subsequently leads to more groups conducting attacks.

“Cybercriminals mainly resort to free email services to obtain data of victims (all info harvested on phishing websites is automatically sent) and gain access to the data of linked bank cards,” the statement stated.

The way forward

There are many initiatives and frameworks employed by different countries to combat cyber crimes, which the Nigeria government can emulate. For instance, the Canadian government has established an Anti-Fraud Centre which is the central agency in Canada that collects information and criminal intelligence on cybercrimes.

In 2018, the Canadian Anti-Fraud Centre received 59,009 fraud reports from victims and businesses, with losses totalling $97,654,160.35. However, the centre estimates that less than 5% of fraud victims file a report, which poses a challenge in its ability to provide current information on ways to prevent a similar attack.

Nigeria is experiencing a surge in cybercrimes supported by poor economic conditions, high rate of unemployment and the quest for quick wealth which are the two major factors that drive individuals towards cybercrime

This threat poses a great risk, which can only be eliminated through the strict enforcement of cybercrime laws and a strong economy.

However, the Nigerian government could help mitigate cybercrimes and threats if action is taken like creating awareness on simple security tips such as having an updated and recognized anti-virus software, avoiding pop-ups requiring personal information, using strong passwords, and ignoring emails or calls requiring financial details to help unblock cards or accounts and also establishing anti-fraud centres to combat cybercrimes in the country.

Need for awareness

As the world is facing this hydra-headed menace, there is a need for conscious effort for a sustained and deliberate awareness of the subject matter and measures for prevention.

In Nigeria, Leadway Assurance Company Limited, one of Nigeria’s foremost insurer, as part of its awareness campaign on this subject matter, has advocated for cybersecurity awareness among businesses to curb the rising cyber-risks in local and international businesses, as well as the various ways to mitigate the threats and attacks.

The company stated this when it hosted global industry thought leaders and subject matter experts to an online discourse to x-ray the rising cyber-risks in local and international businesses.

The webinar, moderated by Liz Booth, Editor, Commercial Risk Africa, featured Inuwa Kashifu Abdullahi, Director-General, National Information Technology Development Agency (NITDA); John Anyanwu, Partner, Technology Advisory Services, KPMG Nigeria,; Tariq Fadai, IT-Security expert, Africa and the Middle East, Munich Re, Gilbert Flepp, Head, Cyber Risks and Technical lines, Chubb Eurasia and Africa, Adetola Adegbayi, Executive Director, General Insurance, Leadway Assurance Company Limited.

John Anyawu, speaking during the session, said: “Since the start of the pandemic, there have been increased dependency on the internet and mobile apps, and more reliance on digital channels.

“This has brought about a noticeable increase in cyber-attacks globally, and it has posed potential risks to businesses.”

He added that every organization needed to implement prevention, detection, and responsive measures against the risks of cyber-driven attacks and fraud, noting that if organisations implemented the right cybersecurity measures, they would function with confidence regardless of the times.

Tariq Fadai gave insight into how cyber attackers operated, recommending defence mechanisms organizations could adopt.

He further opined that organizations with “poor security hygiene need to change”.

Tariq also noted that, with the pandemic forcing corporate organisations to deploy remote-work conditions and routines, systems have moved to cloud services with an increasing reliance on third party services.

“There is a risk of unavailability of services due to overcrowding, and several organisations might experience data loss as well. Every business owner should understand and make good use of important cyber-attack controls”, he added.

Corroborating Fadai, Gilbert Flepp, emphasized the urgent need for organisations to institute maintenance of cyber-security protocol, endpoint detection and response tactics like implementing robust anti-Malware control and learning how to administer a disaster recovery plan.

In the same vein, Inuwa Kashifu Abdullahi expressed concerns over the recent increase in daring cyber-attacks on businesses and individuals.

Managing Director/CEO, Leadway Assurance, Mr. Tunde Hassan-Odukale

“Never before has cyber threats been the way it is today. As the world is recovering, cyber-criminals are taking advantage of the pandemic to mask their activities.

“It is important that we learn how to keep information safe, how to back up, how to secure email getaway regularly and to make sure everyone is vigilant, web-responsible and aware of emerging threats and use technology to prevent them from causing havoc,” he noted.

Ensuring Business Continuity

According to Allianz Risk Barometer respondents, improving business continuity management (62%), is the main action companies are taking followed by developing alternative or multiple suppliers (45%), investing in digital supply chains (32%) and improved supplier selection and auditing (31%).

According to AGCS experts, many companies found their plans were quickly overwhelmed by the pace of the pandemic. Business continuity planning needs to become more holistic, cross-functional, and dynamic, monitor and measure emerging or extreme loss scenarios, be constantly updated and tested and embedded into an organization’s strategy.

NAICOM and Cybersecurity Insurance

The National Insurance Commission, the Insurance industry’s regulatory organ, saddled with responsibility for ensuring the effective administration, supervision, regulation and control of insurance business in Nigeria and protection of insurance policyholders, beneficiaries and third parties has a major role to play in ensuring products are developed to tackle the menace of cybercrime in Nigeria.

Speaking on “Role of Insurance in cybersecurity in Nigeria”, Chief O.E. Chukwulozie the then Commissioner for Insurance, National Insurance Commission at the Opening Ceremony of the Cybersecurity Forum for the Financial Services Sector held at the Sheraton Hotel & Towers, Abuja on March 2 2005 harped on the unique role that Insurance could play in promoting Cybersecurity and in fostering the growth of e-Commerce in Nigeria.

He said what makes E-commerce thriving in the developed countries is Cyber and Network Security Insurance! He called on insurance underwriters in Nigeria to tap into the opportunities available in the cybersecurity insurance segment by developing products that will mitigate the cyber/internet-associated risks.

He assured them of the Commission’s preparedness to assist them in every way possible. “Please rest assured that the National Insurance Commission is prepared to give every necessary assistance to any company and the insurance industry in general in this respect, he assured.”

According to him, “Increasingly, a large number of Nigerian entities are migrating their business processes online. Investments in and use of computers and the internet have become almost commonplace in Nigeria and Most Nigerians now wonder how we survived in the days when we had no emails, GSM, online banking transactions, etc.

“Why is it possible for entities to carry on transactions of this magnitude online? Is it because there is zero fraud in e-Commerce activities in Europe and America? Not at all. The fraudulent activities associated with e-Commerce in the USA alone and the scale of losses suffered by US merchants are mind-boggling, to say the least! In 2002 alone, a record US$2.1 billion was lost to e-Commerce fraud in the US. In 2004, the eCommerce fraud record set in 2002 was overtaken by an estimated $2.6 billion online fraud loss to US merchants.

“What is the major secret behind this meteoric rise in e-Commerce in the US in the face of the challenges posed by losses to fraudsters? The answer is Cyber and Network Security Insurance! The US e-Commerce environment is structured in such a way that risk transfer mechanisms are in place so that individuals do not personally bear the losses that are possible or can be occasioned during online transactions. In this and other developed countries, such losses are mitigated by Insurance-based solutions.

“Insurance companies in the US have been developing and marketing internet-specific insurance policies, which mitigate the effect of online fraud and other cyber risks, since 1997. To illustrate the pivotal role played by Insurance vis-a`-vis Cyber activities in the US, the Insurance sector was one of the key private sector groups invited by the US government during the development of the US “National Strategy to Secure Cyberspace” after the 9-11 attacks to work with the US government to increase corporate awareness of cyber risks and collaborate with leaders in the technology industry to promote best practices for network security.

“Some people may argue that with the rate of infrastructural developments and the current rate of ICT utilization in Nigeria especially for eCommerce related activities, there is really no justification for any speedy action on the part of the Insurance companies to develop and market Cyber Insurance products. In my view, such an argument would not hold water as, in actual fact, there is already sufficient e-Commerce related activity. I firmly believe that the reason why the growth of e-commerce and online business activities have not surpassed the present level in Nigeria is that there are no risk transfer mechanisms in the first place to make this aspect of business attractive in Nigeria.

Acting Head of Training Unit, Digital Investigation Support Cybercrime Directorate, INTERPOL, Wei Xian Tee

Today, Cyber Insurance is set to become the most lucrative aspect of the Insurance business. Premiums written for this aspect of Insurance in the US alone is expected to exceed $2 billion within the next four years.

Whither the Nigerian Insurance sector? There is an urgent need for us to start looking into this money-spinning aspect of our business and develop new products to obtain our share of premium in this new business line.

There is no doubt that Cyber Insurance is here to stay; the question is: when are we going to be part of the action?

Need to Adopt Cyber-Risk Insurance as a mitigating mechanism

Having discovered the numerous effects of cybercrime on individuals and organizations, and the huge losses, there is a need for individuals and organizations to adopt a mitigating mechanism to mitigate the losses emanating from cyber attacks to safeguard their data and ensure business continuity.

In her remarks, at a recent Webinar organized by Leadway Assurance, to sensitize individuals and business owners on the scourge of cybercrime and its negative effects, Adetola Adegbayi, Executive Director, Business Development, urged organisations to prioritise cyber-risk insurance as part of risk mitigation system against a cyber-attack, especially when business operations are delicately hinged on remote accesses.

“The shrewdness of the company’s management over the years has informed several innovations that would soothe any impending crisis in businesses and individual lives.

“Cyber-risk insurance policies have been robustly re-engineered for organizations and individuals in the face of rising cyber-attacks and fraud on businesses,” she said.

Adegbayi revealed that the Leadway cyber-risks insurance policy is now optimized to provide first-party coverage and third-party liability risk covers on cyber-perils for organisations, while the individual policy coverage is on the verge of introduction into the market once approved by the National Insurance Commission.

According to Tope Aladenusi said, “As the cyber insurance market is fast becoming a common tool for risk management, the cybersecurity insurance market is predicted to reach an astounding mark of $7.5 billion in the year 2020 as reported by Tripwire. Organizations will start to push for cyber insurance as a means to safeguard against the implications of cyber-breach.

“Though cyber insurance as a product has been around for a long period of time, it has certainly not yet matured. 2020 will see an increase in organizations in Nigeria exploring cyber insurance as against focusing efforts solely on preventive measures for detecting and blocking potential attacks as well as practises around disaster recovery to enable an appropriate response.

“Insurance cover will include but not limited to cyber-attacks, data breaches and other incidents that affect third parties or supply chains.

Speaking recently on “Understanding Cyber Insurance” at a Virtual training workshop organized by Leadway Assurance for Insurance journalists, Mr. Uzodinma Ibe of the Casualty & Liability Underwriting, General Insurance, said with increased online and internet connectivity becoming part of our day to day business, as a result of COVID-19 pandemic, there is need for Corporate entities, institutions, religious organizations and individuals to provide necessary measures to protect their database and computer networks from attacks by hackers.

He said a comprehensive report by a United Kingdom (UK) cybersecurity company, identified that there was high traffic when it comes to information, transactions and data emanating from Nigeria into digital space, adding that the survey noted that 36 per cent of Nigerian organizations suffered cyber attacks in the last twelve months.

Uzodinma also said that 64 per cent of Cyberattacks in Nigeria exploited misconfigurations on the organization servers, pointing out that Nigeria has the highest data Leakages in the world.

Director-General, National Information Technology Development Agency (NITDA), Inuwa Kashifu Abdullahi

On business activities, social networking and governmental activities, he said the report has also identified where Nigeria as a digital hub is and to what extent are their cyber exposures.

To avoid cyber attacks on our computer networks, which sometimes resulted in data and financial losses, there is a need for enterprises, individuals, corporate organizations, to see it as a serious business and take up some form of cyber mitigating effort in this regard.

According to him, “Here in Leadway, through our research we have been able to identify a particular area of cyber exposure where corporate entities can find themselves and see how we can do proper risk management and provide a specific insurance product that can help them mitigate such exposures through Cyber Risk Management Insurance which in some quarters called Cyber Liability Insurance and in some, Cyber Risk Management Insurance.

“We have been able to highlight that technology, social media and transactions over the internet (cyber platforms) play a key role in how most organizations conduct business and reach out to prospective customers today. These vehicles have gateways – platforms, integrations that cyber attackers often use.

From the Leadway point of view, our Cyber Enterprise Risk Management Insurance Policies try to help any organization mitigate risk exposure for certain cost expenses involves with recovery after a cyber-related security breach or similar event.

On who is being indemnified or who is being provided cover, he explained that Leadway Cyber Insurance provides first-party coverage and third-party liability risk covers against cyber-attacks for organizations.

“First-party which is the policyholder, the individual or that corporate entity that buys the insurance, such policy caters for private investigation expenses where there is some form of data compromise or breach to reach out to different customers to inform them of the breach.

“Third-party liability coverage indemnifies companies for losses to others caused, for example, by errors and omissions, failure to safeguard data or defamation; and other benefits including regular security-audit, post-incident public relations and investigative expenses, and criminal reward funds.

“Risks of this nature are typically excluded from traditional commercial general liability policies or at least are not specifically defined in traditional insurance products. Most people believe that only large-scale industries, such as banks only need cybersecurity insurance. However, any electronic information such as your name, email, contact number, financial records, medical records, payment information, government documentation, etc., stored in your personal devices can be easily and quickly hacked by a genius hacker,” he explained.

Founder, PasswordManagers.co, Mr. Josh Frisby

Cyber-insurance is a speciality lines insurance product intended to protect businesses, and individuals providing services for such businesses, from Internet-based risks, and more generally from risks relating to information technology infrastructure, information privacy, information governance liability, and activities related thereto.

Conclusion

As the threat of cybercrime is becoming more intense, there is a need for collaborative efforts between individuals, businesses, the government and the international community. Reforms such as increasing awareness on the mode of operations of cybercriminals, improved personal security, are vital in combating cybercrimes.

As the past decade has proven, attackers are willing to explore known and unknown tactics to exploit organisations. By combining cybersecurity lessons and practices from the past decade, we can develop better strategies for the next decade of cyber defence.

While we have focused on some shifts and changes that can cyber-secure our 2020, we must prepare our environment for adaptation. This involves adaptation to new cybersecurity regulations, adaptations to new attack vectors, and most importantly adaptation to collaboration between technologies, processes and intelligence. As always, we wish you a Cyber Secure 2020

Also, to mitigate the losses associated with cyber attacks, there is a need to adopt Cyber-Risk Insurance by individuals and organizations.

.