Beyond cybersecurity policy, banks must explore insurance cover

David Gowu

Despite a Cyber & Information Security Directive (CISD) to help protect financial institutions from cyber-attacks and information breaches, Executive Director of the Institute of ICT Professionals Ghana (IIPGH), David Gowu, has said there is need for cybersecurity insurance as banks can still be vulnerable.

His comments come on the back of recent reports of cyber-attacks targetted at banks and other financial institutions which have resulted in huge losses to them.

Bank of Ghana data have revealed that in 2019 cyber-fraud accounted for the highest value of attempted fraud in the banking sector, amounting to GH¢50.5million with actual loss of GH¢14.3million.

“Although there are measures and requirements such as employing a specialised cybersecurity officer and other directives as part of the BoG policy to financial institutions, this new area of cybersecurity insurance is very important for financial institutions as well as both big and small businesses; so that in the event there is a cyber-attack, banks can still recover something to keep the business going,” he said at the ninth edition of the Ghana Economic Forum organised by the B&FT.

He further stated that the banking sector regulator – Bank of Ghana – should make it a requirement that industry players subscribe to cybersecurity insurance to provide an extra cushion for both players and depositors.

“As the financial institutions are going digital, the bad guys are also going digital; and there have been situations wherein some cyber criminals have successfully attacked banks, making away with depositors’ money, and this is where insurance is necessary,” he said.

Commenting on the issue, Chief Executive Officer of Hollard Insurance, Patience E. Akyianu, said banks must do more than just the traditional approach of protecting their data, and rather subscribe to cybersecurity insurance products.

“We have been trying to engage banks to take up this kind of insurance, but their approach is to make sure that they tighten security around their system, processes and data. A lot of them have put in measures that make them confident there is enough security in place, but I think the next step for them is to consider this insurance and so we are engaging them,” she said.

She emphasised that considering the impact of COVID-19 on business, and the fact that every business is moving to digital, there is an increasing need for cybersecurity and insurance companies to have policies available to this effect, ranging from retailers to corporates – adding that the new normal of working from home makes this more important for them to consider.

She further stated that insurance companies must come out with innovative products which address the challenges brought on individuals and businesses during this pandemic period.

“One of the things that insurers need to push with the regulator is to consider how to be innovative with products and payments; so that instead of continuing with annual premium payments, we try and make it possible for customers to pay motor-insurance cover, for instance on monthly basis so that it can be more manageable,” she said.

Leave a Reply