Gulf cyber risk insurance to grow as threat awareness rises

Cyber risk insurance is likely to see a significant growth in the Gulf region over the next few years as companies become more aware of increasing threats to sensitive digital data.

“Cyber risks are an issue for all organizations in any industry – especially in the financial, health, hospitality and education sectors – that own or store a great deal of personally sensitive data,” Mahan Bolourchi, regional head-financial risks (Middle East) at Howden Insurance Brokers LLC, told Argaam.

According to a survey report by PwC, companies in the Middle East suffered larger losses than other regions last year as a result of cyber incidents.

The PwC report, which covered how survey results from over 300 Middle East companies compared to those in the rest of the world, said 56 percent of Middle East firms lost more than $500,000 compared to 33 percent globally, and 13 percent lost at least three working days, compared to 9 percent globally.

“According to our latest survey, the Middle East region is one of the most targeted regions in the world by cyberattacks, and we have seen that manifest into multiple high profile incidents over the past couple of years,” Wael Fattouh, PwC Middle East Partner (Risk Assurance Services), told Argaam.

While most big companies, such as mainstream banks, usually insure their cyber data, smaller firms still need to be educated and brought under the insurance cover.

“Sometimes, there are (companies) who are against the idea,” Bolourchi said. “But if you (know) the consequences of the potential loss, then you take it quite seriously.”

Governments in the region have recently stepped up their efforts to improve cyber security and raise awareness against risks, especially after the recent scares such as the WannaCry ransomware threats.

In May, Dubai launched its Cyber Security Strategy with the aim to provide integrated protection and support innovation in cyberspace.

PwC’s Fattouh said governments can play a big role in improving cyber awareness. Multiple approaches would be required he said, depending on the level of maturity as well as sensitivity of the target sector.

“The most direct and visible approach is the issuance of detailed and clear frameworks that outline the standards required and practices needed to be implemented in a given area,” Fattouh said. “For example, the security frameworks issued by some of the central banks to the banking sector.” 

Write to Nadeshda Zareen at nadeshda.zareen@argaamplus.com