- Banks, Tech Firms Combat N2.19bn e-fraud With Cyber-insurance
Banks and financial technology firms are beginning to see the need to explore cyber-insurance as a means of alleviating the impact of electronic payment fraud in the country.
Industry statistics show that Nigeria is losing about N127bn to cyber-fraud every year. A report by the Nigerian Electronic Fraud Forum also indicates that N2.19bn is lost to electronic payment fraud annually.
The Central Bank of Nigeria, according to findings, is taking the lead in adopting cyber-insurance coverage even as there is a growing interest by the Deposit Money Banks and fintechs in managing cyber-risks with an insurance policy.
While the sources of the fraud in the financial industry are known, electronic movement of money by cybercriminals, who hack into the system, has necessitated the need to seek insurance cover to mitigate losses.
Though most organisations prepare to mitigate cyber-threats by upgrading their cybersecurity system, insurers say many of them do not understand that system upgrade may not address some of the exposure they face.
The Assistant General Manager, Clients Services, SCIB Nigeria and Company Limited, Mr. Roberts Abodunrin, explained that NeFF had started looking into solutions that could address electronic fraud due to the success the firm recorded in providing similar solutions to mCASH.
He said, “Sometimes when making payment online, it may not get to the intended owners and sometimes cybercriminals may have hacked into the payment system. The CBN has seen the exposure and is looking for the solutions that will take care of the exposure in the online payment gateway.
“We are telling the banks and payment gateways that the policies, such as fidelity guarantee insurance, which covers fraud from workers and connivance from outside as well as armed robbery attacks, are physical threats but financial fraud is not physical anymore.
“These policies are currently outdated because they cannot capture what is really happening. That is why cyber-insurance is important for cyber-risk exposure for new threats we are beginning to experience. The solution is offshore and is currently not in Nigeria.”
The Nigeria Deposit Insurance Corporation, in one of its reports on the number of fraud cases in banks, revealed that the number of fraud cases attributed to internal abuse by bank workers increased from 231 in 2016 to 320 in 2017, or 38.53 per cent above the figure reported for the previous year.
The report stated that the 286 responses received from banks in 2017 cited 26,182 cases of fraud and forgeries, which were 56.30 per cent higher compared to 16,751 cases reported in 2016.
In addition, the amount involved in the reported fraudulent activities increased by 3.33bn from the 8.68bn reported in 2016 to 12.01bn in 2017 or 38 per cent.
For online banking and the ATM card-related fraud, the NDIC stated that 24,266 cases were reported, representing 92.68 per cent of all the reported cases. These amounted to 1.51bn or 63.66 per cent of losses in the industry in 2017.
The National Information Technology Development Agency had earlier this year alerted the country to potential cyberattacks, saying that the banking, health, power and transportation systems as well as other critical national infrastructure would be targeted.
The agency had last week given approval for the upgrade of the Central Bank of Nigeria’s Information and Communications Technology security and systems infrastructure projects.
Despite the increasing awareness of cyber-insurance in the financial services sector, insurers and brokers in the country have not developed adequate capacity to underwrite cyber-risks.
The Assistant Executive Secretary, Nigerian Council of Registered Insurance Brokers, Mr. Temitope Adaramola, explained that not many underwriting firms had started providing cover for cyber-fraud due to knowledge deficit in the area.
According to him, the uptake of insurance services in the country is very slow due to the reactive nature of Nigerian companies to risks.
Presently, Adaramola stated that less than 10 per cent of underwriters were providing cyber-insurance policies through international brokers.
He said, “In this clime, there is always an impression that we are living in a world of our own. We are living in self-denial just like our lethargic reactions to other issues. Those who are proactive among them have started looking into it considering that insurance is a global business.
“The momentum in terms of exchange of ideas and discussions during special programmes increased about two years ago. Cyber-insurance has gained traction in many advanced countries. The good thing about it is that the advanced markets of the world are not leaving the issue lying low. They are making us to realise that it is a matter we have to take seriously. It may take a little while but we are not really there yet.”
According to Adaramola, South Africa and Egypt have a high level of acceptance of cyber-insurance as a risk management device compared to other African countries, including Nigeria.
The Head, Enterprise Risk Management and Compliance, FBN Insurance Limited, Mr. Raymond Akalonu, noted that the cyber-insurance policy being offered in the country was underwritten by international brokers.
According to him, re-insurance backing will be required to domesticate cyber-insurance in the country.
He noted that fintech companies with international exposure like Remita and SystemSpecs were demanding cyber-insurance cover for online theft.
“What we do in the country is more or less like providing cover on the basis of foreign insurance. We are losing a lot of money, money that should have come here to increase insurance contribution to the GDP,” Akalonu said.
He added, “Again, growing local capacity is what we are losing. Supposing Nigerian brokers start paying claims, they will learn through the entire insurance value chain. Insurers will know what is expected or not but because we are not writing it, it is increasingly difficult to learn compared with when we underwrite.
“We are now fronting for other underwriters but if it is your own policy, you go the extra mile by getting trained.”