The ICT field is one that is characterised by numerous developments since its conception. It has proved its importance in our lives by becoming a ‘basic’ need for survival in the 21st Century world. The finance market, for example, has created new business opportunities for banks, investment firms and insurance companies, despite the sharp increase in regulation following the 2008 financial crisis. In this challenging environment, financial firms will require highly skilled ICT professionals with the skills to adapt to new technologies and respond to the ongoing regulatory requirements of the post-recession period.
Integration of ICT and financial services is hardly new. However, due to recent government intervention in major financial institutions, governments and the public are demanding for more transparency, such as increased auditing and reporting requirements. In addition to this evolving regulatory environment, security risks have never been higher with fraud, identity theft and information leaks more prevalent today than in the past. Cyber threats are on the rise and are impacting major economies such as the United States, Britain among others, and their financial services.
Cybercrime involves the use of a computer by an unauthorised/authorised person(s) to commit an offence “…with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm, or loss, to the victim directly or indirectly, using modern telecommunication networks such as Internet (Chat rooms, emails, notice boards and groups) and mobile phones (SMS/MMS).” (Halder, D., & Jaishankar, K. (2011)) The concept in cybercrime is simple; one gains access to your personal files and information and uses it for their personal benefits. Recent developments in the technology world have seen a new wave of cybercrime evolve from having a simple approach to a more complicated approach towards victims. Such include; malware attacks, social engineering scams and financial frauds, etc.
Cybercrime is a fast-rising problem not only in the world but also in within Africa. Various cases have been reported by governments and financial institutions in the continent. A study conducted by International Data Group Connect showed that each year, cybercrime cost the South African economy an estimated 573 million dollars. For the Nigerian economy, the cost was estimated to be 500 million dollars and in our very own republic, Kenya estimated cost was 36 million dollars (3.7bn Kshs.). These figures show the size of the problem in a part of the world which is currently experiencing exponential growth, fed by the rise in the prices of raw materials and the boom in the technological sector.
Over the recent 3-5 years ago, Kenya has experienced attacks that have seen large sums of money lost over the web. In 2013, the CBK suffered a major breach when its website was taken over by a cyber-based group known as the Gaza Hacker Team. On December 2014, Kenyan police nabbed 77 Chinese nationals who were running a cybercrime centre in Nairobi. According to security officers, the group was involved in hacking and money laundering. Recently, the former Cabinet Secretary of Planning and Devolution, Ann Waiguru, faced corruption charges over allegations that the National Youth Service (NYS) system was hacked leading to a loss of 695.4 million Kshs and the list goes on.
Cyber security remains a critical issue that needs to be addressed with concern. Research done by Serianu Limited concerning the state of cyber security in Kenya shows that 67% of discovered devices comprising of routers, web servers, applications and databases are vulnerable to attack. The government, banking and finance sector remain the core targets of cyber fraud. This is stimulated by the adoption of technology solutions and automating various operations within those sectors (IFMIS, i-Tax, Internet Banking, m-Pesa etc.) The largest cyberattack on the finance sector is recorded in September 2014 saw J.P Morgan Chase and Co. Bank lose personal data for about 76 million customers in the United States. The corporation spends 250 million dollars (2.5bn Kshs) in enhancing security to guard against data breach. By late July, security specialities at J.P Morgan began to suspect that hackers were inside the bank’s systems because of some unusual activity there. J.P Morgan began to look for the suspicious internet addresses found on the Corporate Challenge website, together with help from the Federal Bureau of Investigation (FBI). These unusual events that led to the detection of the data breach at J.P Morgan shows how it is difficult for companies to stay one step ahead of cybercriminals.
Efforts made by the government have led to the legislation and drafting of The Cybercrime and Computer Related Crimes Bill 2014. The insurance sector also has called for action against it prompting a new form of insurance known as Cyber Insurance. Although cyber coverage is relatively new in the insurance marketplace, many companies are now taking close look at the protections provided by cyber risk insurance policies due to the emerging cases of cybercrime. In most cases, cyber insurance companies offer companies a stand-alone policy which is far better and comprehensive than an extension to an existing policy. The policy mainly covers first-party and third-party cyber risks present in the company at hand. Currently, cyber insurance is mostly sold in developed countries due to the complex underwriting and management it requires. Locally, uncertainty still exists on whether insurers have built capacity to comfortably offer cyber insurance given it is an emerging area. Most players are still grappling with questions relating to whether there is need, market and technical capacity (actuarial, underwriting, claims handling/processing, cybercrime risk mitigation etc.)
Cyber insurance will protect and reimburse your business in the event of loss of data as well as providing the necessary support for legal, notification and other costs in the event of a breach. However, cyber insurance will NOT reimburse your business for a financial loss (such as a hacker stealing money from a bank account); this would be covered under a crime insurance policy which many businesses may already have. For this reason, companies should have various jurisdictions that should keep their staff on feet whenever such issues arise. The larger public should also step up and be aware of their network environment in order to prevent cases of cybercrime to evolve.