Underwriters unable to price cyber-insurance amid threats

Friday, November 12th, 2021 00:29 | By
Image used for illustration purposes. PHOTO/Illustration

Kenyan companies are staring at huge losses running in cyber-related crimes after revelations that underwriters are unable to offer cyber insurance to protect their businesses.

The Association of Kenya Insurers (AKI) Chief executive Tom Gichuhi revealed that local insurance industry players lack capacity to price and offer indemnity covers to protect firms exposed to ransomware.

“This is an area we are running short of, and not just here, but globally,” said AKI boss, warning that such exposures are likely to increase, owing to the absence of professionals in the cybersecurity insurance space.

Communication Authority (CA) estimates in it’s most recent report that Kenya’s economy lost in excess of Sh35 billion to cyber-crime with more than 56 million cyber threats recorded for the quarter ended, December 2020. This is a 59 per cent increase in threats detected compared to the previous quarter.

Consequences of attacks

Now Gichuhi says the severity of financial consequences will be profound, adding that the huge costs incurred in cyber breaches and money paid to the affected companies in claims, has rendered local insurers powerless in their pursuit to tap into the growing demand for cyber insurance.

“Financial capacity, underwriting capacity and lack of personnel to determine such risks has been the challenge and it is also a new area and estimating such costs is not easy,” argued Tom, disclosing that most Kenyan insurers are passing on such offers to foreign firms familiar with the business.

Cyber insurance premiums can cost from $650 (Sh73,000) to $120,000 (Sh13.4 million) annually. It could be more.


The association’s revelations spell doom to businesses amid rising cases of cyber threats targeting corporations. Reports indicate that these cases surged since the pandemic hit, as digital thieves took advantage of weakened security as the pandemic forced new work-from-home, where firewalls are weak.

New data from the regulator shows that a whopping 38.8 million cyber threats were detected in just three months to June 2021, a 37.3 per cent jump from the 28.2 million cyber-criminal activities identified in the first three months of the year.

The authority attributes the trend to a surge in impersonation, online fraud and abuse cases arising from increased use of the internet.

“This increase in cyber threat events detected is attributed to the significant increase in targeted attacks at Internet of Things (IoT) devices; increased activity by organized cybercrime groups,” noted the industry regulator in its fourth quarter statistics report.

Cyber insurance carriers are raising premiums and limiting coverage in the face of severe ransomware attacks, just as organizations are clamouring for more protection now and in the post pandemic era.

AKI says recent surge in ransomware attacks is upending the cyber insurance industry, and will push the requirements and cost of coverage sooner rather than later just as more companies need it.

Since March this year, companies are reporting increased instances of pony-trekking mainly through password compromises due to the unprecedented changes in the way firms and their employees are currently forced to do business.

More on Business