Digging in to fight the cyber war - Middle East Focus
Matt Hogg looks at Cyber Risk in the emerging Middle East Market
Traditionally, even the most brutal of wars have their informal truces. The history books regale us with accounts of soldiers in the American Civil War swimming to an island in a river to exchange tobacco and newspapers, or a game of football between British troops and their Boer enemies at the end of the Boer War. But that tradition does not, it appears, apply to today’s cyber war.
During the December holiday season, an opportunistic hacker took the opportunity to penetrate the security of one of the BBC’s servers in London and then sought to sell access to other criminals. In the war against online threats, there is no ceasing of hostilities, with 2014 set to see a rise in the number of attacks internationally, including in the Middle East. For a region crammed with financial services and energy interests, the Middle East and North Africa Region (MENA)) poses an attractive target for cyber criminals – and potentially some state-sponsored cyber terrorists.
Financial crime in the UAE is certainly a very real threat, as are the potential attacks on critical national infrastructure and the energy sector. Some have already predicted the IT infrastructure of the power and energy sector may be the battlefield on which cyber battles between opposing forces are fought. The bad news is that whichever side wins, the battlefield itself is destroyed.
Cyber risk has been a tricky topic for brokers to broach with their clients in the Middle East, but that is set to change in 2014. The well-publicised events around Saudi Aramco in 2012 and other targeted attacks within the region, have led to a shift in mind-set. However, there remains a gulf between MENA C-level executives discussing the merits of cyber liability cover and actually making the decision to buy the product, so more awareness and guidance is needed within the region.
In Europe, where politicians have increasingly been comparing the threat posed by cyber attacks to that of terrorism, there has been a slow but significant change in this respect as more insurers create products and state governments seem prepared to discuss their merits. This pattern is evident from the US cyber insurance market, where privacy laws create demand. European moves towards legislation that will compel businesses to disclose breaches of sensitive data are also afoot and look set to be one of the key drivers in the cyber insurance market this year.
Changes to the legal ecosystem in the Mena region will be a significant factor in determining the appetite for cyber insurance products. While the laws and regulations in the UAE may not be quite as stringent with regard to privacy breaches as some other regions, there are still pockets of concern across the UAE, particularly in the free trade zones which often use English-style law. The UAE has bolstered laws with regards to cybercrime in recent years and, whatever the laws in place, the threat is still very real.
For 2014, the priority must be to raise awareness of severity of the cyber threat and to educate businesses and the insurance broking community. For over a decade now, the authorities have placed cybercrime on a similar level to financial crime. But that is changing. As cyber criminals and rogue states gain the ability to reach out and affect the real, physical world through IT infrastructure – destroying a generator, for example – the true potential of this threat is becoming apparent.
Enquiries in the London insurance market have risen dramatically – by around 800% year-on-year. Take up remains slower in the MENA region, but all the indicators are that this is set to change. Many MENA companies are essentially international organisations and, as such, their exposures come from all around the globe. Businesses like these cannot afford to take cyber threats lightly and are increasingly aware of the fact.
The key is for MENA businesses to recognise that cyber insurance is a legitimate risk transfer strategy and to place it high on their agenda before the criminals escalate the hostilities. Unlike wars of old, outright victory is impossible. Today’s cyber war will be a relentless struggle, for which businesses around the world and in the Middle East need to be prepared.
Strategic Assets division, Liberty Specialty Markets
Originally published in the MENA Insurance Review, February 2014