WITH cybercrime on the rise in Zimbabwe, many business leaders have been urged to rethink their security practices and strategies for risk management.
Over the past few months, there has been an upsurge in cases of credit card cloning as debit cardholders lost more than US$200 000 to ATM bank card cloning.
Between January and March, over 150 card cloning cases were reported countrywide.
Due to cash shortages, Zimbabwe has become a cashless economy with the populace not aware of the risks they encounter on a day-to-day basis.
Local financial institutions, such as CABS, MBCA Bank, Tetrad Holdings and Metbank, have also suffered at the hands of website defacers and hackers.
Media houses such as Fingaz, NewsDay, Herald, DailyNews, Hmetro and Zimbo Jam have been compromised.
Even the techno-savvy ZOL, Econet’s Ownai as well as Pastel and Chips have not been spared from the hacks and breaches.
In May this year, Harare Institute of Technology (HIT) had its website attacked by hackers who had access to more than 3 500 student account credentials.
On the political landscape, it is the same song.
In August last year, ZANU PF’s website was hacked.
The website showed links to pirate movies such as Despicable Me, Cars 3 and Logan, while some sections of the website also showed pornographic material.
In June this year, barely a month before the harmonised elections, the Zimbabwe Electoral Commission (ZEC)’s database was hacked and crucial information on the biometric voters’ roll was stolen.
The hackers cloned the commission’s domain, which hosted the voters’ roll complete with phone numbers and splashed the data on the internet.
African Cyber Business and Cyber Defence Operation Centre says Zimbabwe sits at number 134 most attacked countries in the world and in the threat landscape.
“In the last couple of weeks, 25 websites have been hacked in Zimbabwe but then there is obviously much more than that,” said head of African Cyber Business and Cyber Defence Operation Centre Vernon Fryer.
Cyber insurance experts have warned businesses to guard against hackers, saying the global annual cost of cyber-crimes is now estimated at US$1 trillion per year and growing.
According to the Zimbabwe Republic Police (ZRP), the most common types of cybercrime in Zimbabwe is phishing which is theft of information through email, credit card fraud, identity theft, telecommunications piracy, unauthorised access and hacking.
Insurance has evolved accordingly in order to address this new breed of risks, as can be seen by the increasing number of carriers venturing into the cyber insurance market.
However, in Zimbabwe, organisations have been investing heavily in cyber-security and less have signed on for cyber insurance to protect their firms after an attack.
Cyber-insurance is an insurance product used to protect businesses and individual users from internet-based risk, and more generally from risks relating to information technology infrastructure and activities.
In Zimbabwe, cyber insurance is a new cover phenomena introduced by Minerva Risk Advisor and FBC Reinsurance.
Speaking to journalists attending the ZimSelector Insurance Mentorship Programme, Minerva Risk Advisor’s business development executive Tichaona Chihambakwe said almost everyone and every sector was at risk of cyber-attack.
“With the growth of internet banking, use of plastic money, the multi-currency regime and the use of bank cards, everyone is at risk,” said Chihambakwe.
“It is thus advisable for media organisations, banks, hotels, medical aid insurance companies, telecommunications companies and internet service providers as well as airlines to insure their data.”
Chihambakwe said short-term insurance broking firms were considering introducing cyber insurance in the country following a sharp rise in cyber-crimes.
“Minerva and other insurance brokers are currently crafting a cyber-insurance policy that suits Zimbabwe’s needs,” he said.
“Globally, there’s a rise in cyber risk while risks of this nature are typically excluded from traditional commercial general liability policies or at least are not specifically defined in traditional insurance products.”
Minerva’s product – Cyber Liability Insurance –provide cyber solutions for theft of information, business interruption, cyber extortion, identity theft expenses as well as network and information privacy liability.
South Africa’s CyGeist Cyber Insurance Underwriting Management Agency director Ryan Van de Coolwijk, said global cyber-crime annual turnover is now higher than the illicit drug trade revenue.
Van de Coolwijk said according to recent statistics, 974 million records were compromised in 2014.
This means, at any given second, 31 records are compromised on the cyber space.
“Many companies are under the impression that their traditional insurance products cover them against evolving cyber risks,” said Van de Coolwijk.
“The reality is somewhat different because traditional insurance products generally require damages to be of a tangible nature.”
The infrastructure, the users and the services offered on computer networks today are all subject to a wide variety of risks posed by threats that include distributed denial of service attacks, intrusions of various kinds, eavesdropping, hacking, phishing, worms, viruses and spams, among others.
In order to counter the risk posed by these threats, network users have traditionally resorted to ant-virus and anti-spam software, firewalls, intrusion-detection systems (IDSs) and other add-ons to reduce the likelihood of being affected by threats.
A report by Standard & Poor’s Corp insurers said cyber breaches have the potential to result in very real, material business disruptions, financial losses and reputational risk to companies yet many companies remain unaware of the extent of their exposure to cyberattacks.
“Cyber coverage represents a huge area of opportunity for underwriters, with some analysts predicting that the size of the cyber insurance market will grow to US$10 billion in the next five-to-10 years,” the report said.
“Since many companies don’t have cyber insurance, lots of incidents go unreported every year, making it more difficult to reliably estimate the frequency or costs of such events.”
Economic analyst Tilda Sibanda opines cyber security is important to the evolution of e-commerce.
“Cyber-attacks lead to reputational damage,” said Sibanda.
“They compromise the trust and confidence and are a threat to e-commerce.
“Security of information and transactions online are important for the development of e-commerce globally.”
The current situation warrants serious attention, prompting the Government to draft the Cyber-Security Bill which is expected to be enacted in the near future.