Emerging trends in cyber liability insurance in Nigeria include data compromise, response advisor’s professional fees, information technology consultant’s fees, data restoration, data protection investigations costs, regulatory fines, privacy and data breaches, network security, hacker theft, business interruption and restoration, cyber extortion, and crisis communication costs.
A well-negotiated cyber liability insurance policy should fit a Nigerian business like a latex surgical glove.
Background
Globally, cyberattacks are increasing in frequency, sophistication, and dimension in the form of data compromise, business interruption, poor network security, and cyber extortion.
The foregoing cyber incidents make cyber liability insurance a critical component of risk management strategies, even among Nigerian businesses.
An average Nigerian university processes and controls more than 15,000 data annually. An average educational institution or Nigerian business is a data processor of major importance.
Although cybersecurity architecture varies among countries. Cybersecurity-related risks are common across jurisdictions. Cyber liability insurance has developed in other markets but is still nascent in Nigeria.
In this commentary, our education law and fintech team examine emerging trends in Nigeria’s cyber liability insurance from the touchstone of global cyber liability insurance practices.
What is Cyber Liability Insurance?
Cyber liability insurance, or cyber insurance, is an insurance policy that mitigates financial and other losses associated with cybersecurity attacks and related incidents.
Such losses include data compromise, response advisor’s and information technology (IT) consultant’s fees, data restoration costs, investigations costs, regulatory fines, and defence costs.
As well as costs arising from event management, privacy and data breaches, network security, hacker theft, business interruption and restoration, cyber extortion, and crisis communication.
The global market for cybersecurity insurance has increased in response to the escalating cyber threat landscape, and Nigerian businesses are not immunized against cyberattacks or data breaches.
Cyber Liability Insurance Regulatory Landscape
The advanced cybersecurity framework supports cyber liability insurance within the United States insurance market.
Critical U.S. regulations include the Gramm-Leach-Billey Act, the Health Insurance Portability and Accountability Act and other U.S. State government legislation, including the New York Department of Financial Services Cybersecurity Regulation.
The European Union’s General Data Protection Regulation (“GDPR”) and the Network and Information Systems Directive are significant drivers of the cybersecurity insurance market.
The E.U.’s GDPR strict data protection requirements and severe data breach penalties incentivize cyber liability insurance.
Nigeria’s nascent National Data Protection Act 2023, the Nigerian Data Protection Regulation 2019, Cybercrimes (Prohibition, Prevention, Etc) Act 2015, and other cyber-related legislation impact cyber liability insurance.
Nigeria has no specific legislation on cyber liability insurance, which depends on each business’s potential cyberattack losses.
Emerging Trends in Cyber Liability Insurance
KDT Business Schools is a data processor of significant importance under the National Data Protection Act 2023. KDT Business School processes over 24,000 data annually.
KDT Business School’s annual revenue is over 8 billion Naira, and its exposure to data protection regulatory fines under the NDPR 2019 is estimated at 160 million Naira for each breach under Nigeria’s legal regime for cyber security.
Asue Insurance proposed cyber liability insurance to KDT Business School. Asue Insurance would cover liabilities arising from cyber security and data protection losses, including:
- data compromise
- response advisor’s and information technology (I.T.) consultant’s professional fees
- data restoration
- data protection investigation costs
- regulatory fines
- privacy and data breaches
- network security
- hacker theft
- business interruption and restoration
- cyber extortion
- crisis communication costs
According to the National Information Technology Development Agency (NITDA), there is a growing awareness of cybersecurity risks. Still, insurance uptake needs to be higher due to cost concerns and a need to understand the benefits.
Conclusion
Low awareness, limited policy options, and the absence of regulatory mandates impede the adoption of cyber liability insurance in Africa’s most populous nation, Nigeria.
Given Nigeria’s high rate of cyberattacks and data breaches, there are significant use cases and opportunities for cyber liability insurance.
Cyber liability insurance is essential in managing cybersecurity and related incident risks.
The Nigerian government and industry stakeholders can promote the adoption of cybersecurity insurance through education, regulatory incentives, and the development of more tailored insurance products.
Nigerian businesses must negotiate cyber liability insurance to shore up regulatory and transactional risks from cyber incidents.
While Nigeria’s market is still in its infancy, the experience of more developed markets like the U.S. and the U.K. offers valuable lessons.
Insurance companies and regulators must enhance cyber liability insurance awareness and develop suitable policy offerings and a supportive regulatory framework that can significantly improve the utilization rate of the cyber liability insurance landscape.
SRJ Legal is Nigeria’s first bespoke and dedicated education law practice. We complement our education law with fintech and dispute resolution (litigation). We provide corporate counsel services to schools, educational non-profits, alumni associations, regulatory bodies, and parent-teacher associations.
