For all the latest insurance, broker and risk management news and insight
Latin American companies and individuals are waking up to their cyber vulnerabilities – and as markets dictate, where there is demand, service must follow, say Alex Guillamont, director, and Andrés Ávila, associate lawyer at Kennedys Latin America & Caribbean.
According to Norton’s 2011 cybercrime report, the cost of cybercrime to the global economy is around $445bn annually. Worldwide, cybercrime is worth more than the global black market in marijuana, cocaine and heroin combined, which is around $288bn.
In turn, the theft of confidential information – or phishing – costs banks in Latin America more than $93 billion annually.
A captive market
Many international insurers are already pioneering cyber coverage in Latin America which – with its online population of 255 million people, it is something of a captive market for insurers.
The JWT Worldwide Report 2014 also states that Latin America has an internet penetration of around 43% and an enlarged online banking population – and it’s growing steadily. Industries such as electrics, water, oil, gas and data are increasingly using industrial control systems that could be the target of cyber attacks, and they are in immediate need of cyber coverage.
The region can be divided into three groups in terms of the cyber exposure landscape. Brazil, Mexico and Argentina rank top in terms of online users, vulnerabilities and cyber coverage demand, followed by countries like Colombia, Chile, Peru and Venezuela. They in turn are followed by a third group of countries like Ecuador, Uruguay, Panama and other Central America countries.
Insurers will not be alone when offering cyber policies in Latin America – based on previous experience, the local governments will prove to be reliable and committed partners in the prevention of cyber breaches.
Argentina, for instance, was the first Latin-American country to establish a Computer Security Incident Response Team in 2005. The equivalent computer incident response entity in Mexico is called UNAMCERT, CSIRT in Panama and COLCERT in Colombia. These are fully operational, semi-military units with rapid response capabilities trained to fight fraud digitally as well as in real life.
In 2012, Argentina implemented guidelines on cyber security based on four core pillars: rising awareness of cyber risk; securing digital assets; promoting judicial and academic understanding of cyber risks; and promoting partnerships between the government, businesses, and civil society organisations.
Brazil followed that trend and established a steering committee for information security that defines cyber security policy and evaluates information security issues.
Budapest Convention on Cybercrime
In 2013, six million Colombians‘ personal emails – including the president’s – were hacked. Colombia’s government is now discussing establishing a digital committee which would work along the existing Cyber Security National Agency and manage public, private, regulatory, international relations and create a cybersecurity policy to strengthen the existing digital security units of the military and police.
In 2013, the Dominican Republic was the first Latin American nation to accede to the Budapest Convention on Cybercrime, followed by Panama in 2014. These are the only two Latin American nations that have ratified this treaty. Both countries have benefited from the convention in terms of modernising their infringement of copyright laws, computer-related fraud and violations of network security.
In an effort to be admitted to the treaty, Colombia is also working on a unique digital security policy for businesses, academia and the public. Judges and public prosecutors are also being trained in cyber security.
In turn, countries like Chile and Venezuela are due to update their cyber legislation. Chile is already working on a personal data protection bill and Peru has enacted a new cybercrime law that outlines criminal offences such as illegal personal data traffic, computer fraud and identity theft, as well as threats and illicit access to data.
This awareness in the region is arising from the increased understanding that cyber policies address key exposures that are generally not otherwise covered by other insurance policies like commercial general liability, bankers blanket bond, or even computer crime policies.
Cyber Vs traditional policies
Many Latin American insureds may think their traditional policies will respond to cyber risks. However, inevitable risk gaps will only be filled by a specialised cyber insurance product. While this is still to be tested in depth in Latin American courts, that day will soon come.
One of the key aspects of such risk gaps consist of whether, in any given jurisdiction, a court will consider that lost or destroyed data amounts to tangible physical damage to property.
Naturally, this is because a traditional property or general liability policy are commonly triggered by actual physical loss or damage to tangible property. Can megabytes be considered the same? There are strong arguments on both sides.
In turn, crime policies may cover computer fraud – but no coverage is granted for crisis management control or loss of confidential information. Loss of income may also be excluded under crime policies. Furthermore, errors and omissions, BBB and personal indemnity policies normally do not cover instances like breach of security, theft of data and intellectual property or damages as a result of a computer virus.
A cyber policy covers a wide variety of risks that will depend on the insured’s needs – but a basic cover should contain protection against some or all of the following: first party damage, such as business interruption from a network breach, costs to recover and restore damaged data and defence costs; third party claims caused by failure to protect electronic data; and crisis management and response costs.
Additional cover can also be purchased by way of endorsements such as website liability (i.e. error or omission in content) and cyber extortion, amongst others.
The market is evolving rapidly. It is now not a question of “if” you enter cyber security but “how”.
See original article:
Qualified in Colombia
Andres Avila is qualified in Colombia and has been working in Kennedys since the opening of the Miami office on reinsurance related matters.
Andrés leads our regulatory team and he has experience advising clients and litigating D&O, FI, PI, P&C, Cyber risks, CAR, engineering, environmental claims. He has also advised clients on commercial law matters.
Andrés is a Spanish native speaker and is fluent in English; he also has a good working level of French. Andres is co-author of academic articles on reinsurance law and he has contributed thoroughly to the 3rd edition of The Guide of insurance and reinsurance law in Latin America, Caribbean and Iberia.
Alex Guillamont is the director of Kennedys Latin America and leads the Latin American and Caribbean practice at Kennedys. He handles disputes on behalf of leading international insurers and reinsurers, having represented clients across the region. With 15 years of experience, Alex is an acknowledged leading expert on insurance and reinsurance matters regionally. After serving the market with claims in Iberia from our London and Madrid offices, he relocated permanently to Miami in June 2010.
The industry has voted him year on year into the LATAMIR Power 50 list, Latin American insurance sector most influential professionals. His team in Miami has been awarded the 2013 and 2014 Reactions Latin America Awards for best insurance Law Firm.
Alex is involved in complex losses on major environmental and natural disasters, contractors all risk, political and trade risk, financial institutions and D&O claims, energy losses, regulatory compliance and third party administration schemes and political risk in the entire region—most recently in Argentina, Bolivia, Bahamas, Brazil, Chile, Central America, Colombia, Costa Rica, Ecuador, Haiti, Mexico, Panama, Peru and Venezuela. He and his team advise carriers on regulatory issues and strategic deployment of offices, wordings and claims handling procedures, audits of ceding companies and underwriting agents.
He is fluent in English, Spanish and Portuguese and has conversational French. Alex s is author of The Guide of insurance and reinsurance law in Latin America, Caribbean and Iberia and is finalising its 3rd edition. He is also a regular contributor to insurance press like Financier Worldwide, Insurance Day Magazine, Intelligent insurer, Latin Lawyer, Latino Insurance, etc. and is asked frequently to speak at Latin American & Caribbean industry events.