“There are, as with any good plan, a few pillars, five of them,” Blinken said. “We will build our capacity and expertise in the areas that will be critical to our national security in the years ahead, particularly climate, global health, cybersecurity in emerging technologies, economics, and multilateral diplomacy.”
The establishment of the Cyber Security Authority demonstrates Ghana’s commitment to the protection of critical information infrastructure and the need to prevent, manage and respond to cybersecurity crimes and threats as well foster Ghana’s growing digital economy. Ransomware targetting individuals and private industry is a growing threat to the global economy, including Ghana. As more businesses moved online during the last year and a half, so did criminals. We must remind ourselves that criminals and their online techniques have no borders, and they have no morals. Without robust cybersecurity, cyber criminals also have no limits to the effects they can have on Ghana’s economy as they target businesses, government and individuals.
We are much aware that various central banks around the world are looking into the possibility of an e-currency or digital version of their physical currency. Our BoG has also announced the possible introduction of e-Cedi shortly. Ghana has also been pushing for digitisation and introduction of new technologies in the economic space. There are risks associated with digitisation, which include environmental risks, operational risks, third-party liability risks, etc. Cyber risks could have a great impact on third parties who have given out their private information to institutions, and small and medium-sized enterprises which would not have the financial capacity to secure softwares and other equipments to protect themselves against these cyber attacks.
As the global economy becomes increasingly dependent on information technology (IT) systems and digital networks, cyber risk has become a great threat. Global annual losses caused by cybercrime have been estimated as high as US$445billion (McAfee 2014). According to the World Economic Forum (WEF 2014), there is a 10 percent probability of a critical information infrastructure breakdown within the next 10 years that might cost about US$250billion. In response, insurance companies have started to develop policies to protect against those emerging risks.
Cyber security, as noted by many experts and the World Economic Forum (WEF), is too big a job for governments or businesses to handle alone. This makes Cyber Insurance Plan a must-have for all companies which store customers’ data! Among the threats to our cyberspace, according to the World Economic Forum (WEF), is the danger of digital mistrust which has the potential of hindering full cooperation from many people, hence, limiting the potential benefits to us.
To reassure all stakeholders in the digital space, there is a need for a robust cyber-insurance market. Robust cyber-insurance markets can promote the public good by reducing the country’s vulnerability to cyber-attacks, and by limiting the need for government support in the wake of such attacks. Moreover, governments play an important direct role in the cybersecurity ecosystem as they face unique cybersecurity vulnerabilities; and in some cases, make active affirmative use of cyber-attacks. Given these realities, governments have both a clear interest in promoting more robust cyber-insurance markets and the potential technical means to help do so.
Currently, the infrastructure, users and services offered in information systems and networks encounter a wide variety of cyber risks caused by different threats, such as distributed denial of service attacks, persistent threats from insiders, worms, and viruses. A typical and effective approach to control these risks is self-protection. Self-protection is a cyber-defense strategy that combines both technical and operational methods to secure the users’ systems directly and reduce the likelihood of losses.
It is generally recognised that a cyber-defense strategy is incomplete if it defends cyber-attacks by combining only technical and operational/procedural implies. Instead, a complete cyber-defense strategy should include cyber risk management to control security risks in information systems and networks. In general, cyber-insurance is introduced as a suitable network risk management technique to eliminate risks owing to security threats. Cyber-insurance refers to insurance contracts designed to mitigate liability issues, property loss and theft, data damage, income loss from network outages and computer failures, Website defacement, and cyber extortion.
Most people, including myself, have written on the need to have a minimum compulsory cyber insurance in place based on the digitisation path of Ghana now. Mr. Thomas Cook Jefferson-Dankwah, a renowned Cyber-Insurance expert who is currently the Executive Director of Hanssen Global UK and Ghana Ltd., a Microsoft Partner Network-Ghana, said in his interview with B&FT newspaper that insurance companies handle all matters relating to the cyber-risk transfer. It must also be noted that technology and insurance industries go hand in hand to mitigate cyber risk, which is part of the overall strategy of cybersecurity. And, let me add that there is a need for coordination of the cyber-insurance ecosystem.
Most insurance experts argue that cyber insurance policies are still in their infancy, and a lot of work needs to be done when it comes to standardising coverage and making sure that insurance carriers are able to support the needs of modern businesses. Not only that, education is important in order for businesses to understand the threat of cyber attacks and the seriousness of these types of threats. Would cyber crimes increased when these bad people know insurance have made provisions to pay for the lose due to their attack?
The writer is a Chartered Property Casualty Underwriter (CPCU) of The Institute, USA and an Associate of the Chartered Insurance Institute of United Kingdom and Ghana (ACII, ACIIG). He also holds MPhil in Enterprise Risk Management and Business Consulting from Kwame Nkrumah University of Science and Technology, attained Bachelor’s degree from University of Ghana, Legon and have Applied Insurance studies Diploma and Advanced Diploma (AAIS & AIS) from Ghana Insurance College / Malta Insurance Training Institute.
Justice Peprah AGYEI +233208498571