In 2021 year-on-year ransomware attacks increased by 13%, a rise greater than the past five years combined according to the Verizon Business 2022 Data Breach Investigations Report (2022 DBIR). The 15th edition of the report released in May 2022 analyzed 23,896 security incidents, of which 5,212 were confirmed breaches. The report revealed that roughly four out of five breaches can be attributed to organized crime, with external actors approximately four times more likely to cause breaches in an organization than internal actors. 2022 DBIR also found that human element was involved in 82% of all breaches analysed over the past year. It terms 2021 as an unprecedented year in cyber security history. The report says as criminals look to leverage increasingly sophisticated forms of malware, it is ransomware that continues to prove particularly successful in exploiting and monetising illegal access to private information. Heightened geopolitical tensions are also driving increased sophistication, visibility and awareness around nation-state affiliated cyber attacks. Verizon CEO and chairman Hans Vestberg said, “Over the past few years, the pandemic has exposed a number of critical issues that businesses have been forced to navigate in real-time. But nowhere is the need to adapt more compelling than in the world of cyber security. “As we continue to accelerate toward an increasingly digitized world, effective technological solutions, strong security frameworks, and an increased focus on education will all play their part in ensuring that businesses remain secure and customers protected,” said Mr Vestberg. For many businesses, the past year has also been dominated by supply chain issues, and this trend was also reflected across the cyber security landscape and 62% of system intrusion incidents came through an organization's partner. Compromising the right partner is a force multiplier for cyber criminals and highlights the difficulties that many organizations face in securing their supply chain. In a finding that exposes the cost of human influence, people remain - by far - the weakest link in an organizations' cyber security defenses. Of the total breaches in the 2022 report 25% were the result of social engineering attacks, and if human errors and misuse of privilege are added, the human element accounts for 82% of analyzed breaches over the past year. Source: asiainsurancereview.com

Global cyber security spending in industrial critical infrastructure sectors (energy, transport, water and waste management and more) is expected to touch $23bn by the end of 2022 and grow at a CAGR of 10% to reach $36.67bn in 2027 according to a new report by technology intelligence firm ABI Research. The 19-page new report State of Cyber & Digital Security released in June 2022 said, “Organizations and verticals continue to integrate technologies like the internet of things, 5G and blockchain, meaning more points of connection - and points of vulnerability - than ever before.” The report says, “Security is a complex, multi-layered discipline that touches upon many notions: From protection and trust to resilience and offense. In today’s connected societies, security needs to permeate all aspects of modern technologies to support successful digital and cyber ecosystems. A weak link in a chain can present an open door to a threat or be at risk from misconfiguration. “The biggest challenges for security implementation lie in understanding the value of the technology as an enabler and then finding the right solution, before applying it effectively. There is unanimous agreement that security is needed; but where and how and when and to what degree are not as easily determined.” As a result, ensuring ‘security’ is not just a hardware issue or a software issue - it is a web of challenges and solutions spanning entire technology ecosystems. The report also focuses on: Growing presence of mobile identities The emergence of next-generation cryptography Central banks embracing digital currency Critical infrastructures primed to adopt enabling cyber security solutions Optimizing data security in telematics to enable intelligence-driven monetization The drive toward embedded cellular connectivity continues The impact of a remote workforce Source: asiainsurancereview.com

In the Philippines, farming is a risky business. The country is battered by an average of 20 typhoons a year and as the storms become more intense due to climate change, the stakes get bigger for Filipino farmers, who make up a quarter of the country’s workforce. Melinda Grace Labao knows this all too well. She saw firsthand the hardships that typhoons caused her now 77-year-old father as he managed the family’s one-hectare rice farm in Bulacan province, north of Metro Manila, for over 40 years. “When farms are hit by a typhoon, farmers are back to zero,” said Ms. Labao, Officer-in-Charge for Microinsurance at private insurer CARD Pioneer Microinsurance, Inc. “They are wiped out financially because they cannot recover their investments in the crops.” The government and crop insurers are trying to change that, with support from the Asian Development Bank (ADB). On Feb. 3, the state-owned Philippine Crop Insurance Corp. (PCIC) and CARD Pioneer signed an agreement launching the country’s first public-private partnership on crop insurance, a move that could revolutionize the country’s agriculture insurance industry. INSURING HIGH-VALUE CROPS “Agriculture insurance empowers our farmers and farm managers to open up to new technologies and innovations in the market,” said Insurance Commissioner Dennis Funa during the signing ceremony. Insurance can reduce farmers’ risks, he said, allowing them to try new technologies to increase and improve their farm yield. Under the co-insurance agreement, CARD Pioneer and PCIC will share, at a ratio of 70:30, the risk underwritten for each insurance policy to be issued under a pilot test. The product will initially target farmers of high-value crops, namely coconut, coffee, cacao, banana, sugarcane and pineapple — a segment of the market that PCIC has had limited coverage so far. Crop damage from typhoons and natural calamities can ruin farmers’ livelihood, wreak havoc on the food supply, and drive up prices in the country. Agricultural losses from Typhoon Odette, a category 5 typhoon that pummeled central Philippine regions in December 2021, were estimated at $82 million (P4.2 billion), affecting more than 178,000 farmers and fishermen, according to the government’s National Disaster Risk Reduction and Management Council. Crop insurance aims to give farmers relief during typhoons and in dry seasons, such as the El Niño drought phenomenon when crops, especially in rainfed areas, become too wilted to be harvested. But only about one-third of the estimated 10.9 million farm owners in the Philippines are covered by crop insurance, according to the PCIC. PRIVATE SECTOR PARTICIPATION CRITICAL The PCIC, the country’s dominant agricultural insurer, provides subsidized coverage to mostly small farmers for losses due to natural calamities, plant diseases, and pests. Commercial farms comprise just 2% of the PCIC’s client base. “Clearly, there is a huge market and a need for participation from the private insurance industry,” said PCIC President Jovy Bernabe. “That participation is increasingly critical, considering that the risks that farm producers are facing… have been exacerbated further by climate change.” Discussions among ADB, the Department of Finance (DoF), the Insurance Commission, and private insurers on how to expand crop insurance began in 2018. A technical working group was created, with representatives from government agencies, development partners such as the Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ), and the Philippine Insurers and Reinsurers Association. “With private sector involvement in the crop insurance market, there will be more options for farmers, which, in turn, will help increase their financial resiliency,” said ADB Senior Financial Sector Specialist for Southeast Asia Kelly Hattel. EXPANDING CROP INSURANCE COVERAGE With the agreement, CARD Pioneer is also expanding its operations into high-value crops. It currently offers insurance coverage against typhoons, floods, and monsoon rains for rice and corn under its Binhi (Seed) Crop Insurance Program launched in 2016. CARD Pioneer will help widen high-value crop insurance in the country by offering the product in areas not reached by PCIC. It plans to tap its existing partners from rural banks, cooperatives, nongovernment organizations, and sellers of farm inputs to market the product. Crop insurance could be offered as an add-on to agricultural loans, said Ms. Labao. “If the pilot testing is successful, CARD Pioneer will learn from us, they get the technology from us, the know-how. They might even expand to other portfolio like rice, corn, livestock. There is a huge market for livestock — swine, poultry,” said Mr. Bernabe. ADB is assisting the crop insurance industry with a technical assistance grant, which builds on $600 million in ADB loans supporting government reforms since 2016. The Inclusive Finance Development Program aims to increase financial inclusion in the country over the long term, with ADB currently preparing additional support worth $400 million. ADB has been assisting the government in developing its microinsurance industry since 2008. It supports implementation of the government’s National Strategy for Financial Inclusion and the Insurance Commission’s efforts to strengthen regulation for private insurers offering crop insurance. In November 2021, the commission issued guidelines for an agriculture insurance regulatory framework, under which falls the PCIC and CARD Pioneer partnership. Source: www.bworldonline.com

The Philippines' Financial Stability Coordination Council (FSCC) launched its Systemic Risk Crisis Management (SRCM) framework yesterday. The SCRM involves the continuous surveillance of risk trends; review of infrastructure; conduct of systemic stress tests; and arrangements for communications both under normal and stressed conditions. The FSCC comprises the central bank (Bangko Sentral ng Pilipinas or BSP), Insurance Commission, Philippine Deposit Insurance Corp (PDIC), Securities and Exchange Commission (SEC), and the Department of Finance. The SRCM framework was “in keeping with the objective of managing systemic risks and strengthening the resilience of the system,” BSP governor Benjamin Diokno said in a speech at the launch ceremony. “It defines arrangements among the FSCC agencies that we will rely on in good times so that we are best organised under stressed conditions,” Mr Diokno said. “As we develop the tactical plans that underpin this strategic document, the SRCM is thus a living document that evolves with the market and the needs of its stakeholders.” Mr Diokno said the SRCM will monitor risks during good times so that the domestic economy will be prepared for times of stress. “We look at all the possible risks, not only on the part of the public sector, but also on the part of the private sector.” He said that at present, he did not see any domestic-caused risks to the financial system as most challenges emerge externally, such as slowing global growth, higher oil prices due to Russia’s invasion of Ukraine, as well as the US Federal Reserve’s interest rate hikes. “But other than that, we don’t see any risk for the Philippine economy.” Source: asiainsurancereview.com

Read the last of the three series of articles on Cyber risks. There is a 'disproportionately high' mismatch between cyber risk awareness and implementation of protection measures given the increasing frequency and severity of attacks according to Munich Re. A new report, Munich Re Global Cyber Risk and Insurance Survey 2022, warns that lack of human resources and skilled personnel, poor integration and interoperability of security solutions and insufficient collaboration between individual departments, are among the main challenges for companies looking to improve cyber security. The new survey, which included more than 7,000 participants from 14 countries across all industries and company sizes revealed that although cyber risk awareness among managers has risen by nearly 10% since 2021, 83% of surveyed representatives said that their own company is still not adequately protected against digital threats. This is despite 38% of C-level respondents admitting that they are ‘extremely concerned’ about a potential attack, up from 30% last year. More than 70% of companies surveyed have now been affected by ransomware or a data breach, up from 53%. On a more positive note, 43% of executives said that they had been offered cyber insurance, up from 34% in 2021, and 35% are now considering coverage for their company. “Supply and demand for cyber insurance have increased slightly, but most respondents are still not adequately protected or even prepared,” according to the report. Munich Re estimates that the global value of cyber premiums was $9.2bn at the start of this year and expects this to reach approximately $22bn by 2025. A lack of historical data and non-existent or inconsistent legal obligations related to reporting ransomware or cyber business interruption events are also making it difficult for insurers when pricing cyber risks. The report said, “The insurance industry finds itself able to collect and analyse more and more information from covered losses. Insurers and Munich Re are in a uniquely privileged position to collect proprietary information from risk owners. Cyber insurance, together with other stakeholders, can leverage this data to reshape cyber risk assessment and better explain the modelling of cyber risks to its insured.” Source: asiainsurancereview.com

Read the second of the three series of articles on Cyber risks. The toll of almost three years of unrelenting workplace disruption, digital transformation and ransomware attacks means most leaders are no more confident in their ability to manage cyber risk than they were two years ago. A new 26-page report The State of Cyber Resilience published jointly by Marsh and Microsoft Corporation analyses how cyber risk is viewed by various functions and executives in leading organisations, including cyber security and IT, risk management and insurance, finance and executive leadership. Over 660 cyber risk decision makers globally participated in the study. The report has revealed that leadership confidence in their organisation’s core cyber risk management capabilities – including the ability to understand/assess cyber threats, mitigate/prevent cyber attacks, and manage/respond to cyber attacks – is largely unchanged since 2019, when 19.7% of respondents stated they were highly confident, compared to 19% in 2022. Marsh head of cyber Sarah Stephens said, “Given the continued rise of ransomware and the current tumultuous threat landscape, it is not surprising that many organisations do not feel any more confident in their ability to respond to cyber risks now than they were in 2019.” Many organisations are still struggling to understand the risks posed by their vendors and digital supply chains as part of their cyber security strategies. Only 43% of respondents stated that they have conducted a risk assessment of their vendors or supply chains. Other findings of the report include: Only 41% of organisations look beyond cyber security and insurance to engage their legal, corporate planning, finance, operations or supply chain management functions in making cyber risk plans. Nearly four in 10 respondents (38%) said their organisation uses quantitative methods to measure their cyber risk exposure, which is a critical step in understanding how cyber attacks and other events can create volatility. This is an improvement from the 2019 survey, when three in ten respondents (30%) stated that their organisation uses quantitative methods. Marsh US and Canada cyber risk practice leader Tom Reagan said, “Cyber risks are pervasive across most organisations. Greater cross-enterprise communication can help organisations bridge the gaps that currently exist, boost confidence and better inform overall strategic decision making around cyber threats.” Source: asiainsurancereview.com

Series of three articles Digitalization has given rise to financial fraud fueled by the increase in internet and social media users, who have become easy prey to a sophisticated group of scammers using the latest technology and legitimate platforms to lure and entrap more victims. The insurance industry is increasingly taking measures both to address cyber risk awareness and protection. Read the first of the three series of articles on Cyber risks. Financial fraud leads the pack in cyber crimes Financial scams accounted for 57% of all financially motivated cyber crime in 2021 according to new research by cyber security firm Group-IB. The research has revealed that the scam industry is becoming more structured and involves more and more parties divided into hierarchical groups. The number of such groups jumped to a record high of 390, which is 3.5 times more than 2020 when the maximum number of active groups was close to 110. Due to scam-as-a-service (SaaS), in 2021 the number of cyber criminals in one scam gang increased 10 times compared to 2020 and now reaches 100. Traffic has become the circulatory system of scam projects. Group-IB researchers emphasise that the number of websites used for purchasing and providing ‘grey’ and illegal traffic and that lure victims into fraudulent schemes has increased by 1.5 times in the last one year. Scammers are evolving in 2022 on a new level of scam attack automation: No more non-targeted users. Scammers are now attracting specific groups of victims to increase conversion rates. Social media is more often becoming the first point of contact between scammers and their potential victims. The number of brand-impersonating scam resources created per month also increased. In the Middle East, Asia Pacific and Europe, Group-IB analysts noted an increase of 150%, 83%, and 89% respectively. While hacker groups continue successfully to attack business and government organisations worldwide, scammers have adopted their methods to improve their schemes. Chaotic loners attract organised criminal gangs with SaaS. Group-IB deputy head of digital risk protection Antony Dolgalev said, “Scammers are now focused on attracting targeted traffic. In the past, their schemes were aimed at unsuitable users who were brought to a fraudulent resource, but since 2021 the strategy has changed drastically.” Scammers now attract specific groups of victims to increase conversion rates. The statistics relating to grey and illegal traffic on one platform, which was taken as an example by Group-IB DRP analysts, showed that India, US and Vietnam are the main countries where the platform is distributed. Digitalisation is the main global trend and fraud is no exception and the fact that the number of internet users increased up to 4.95bn in 2021, contributed to this. Moreover, the number of social media users and unique mobile phone users has also grown and has reached 4.62bn (+10% compared to 2020). In 2021, 48.15% of scam schemes started with an active dialogue with the victim, experts concluded. There was also a trend to simplify scam end-pages, with scammers actively shifting towards spreading scam proposals via legitimate platforms such as Facebook and Instagram. Source: asiainsurancereview.com

PHOTO L to R: Atty. Albert Lawrence A. Vinzon-Division Manager of Anti-Money Laundering and Corporate Governance Division (AMLCGD); Atty. Theodore Joseph Campanano; Atty. Ma. Patricia Foria; Atty. Randy G. Serrano - Deputy Insurance Commissioner for Legal Services Group; Edgardo D. Rosario; Rogelio J. Concepcion; Michael F. Rellosa; Agnes L. Silaya; Shirley F. Dela Cruz; Divina T. Pamute - Supervising Insurance Specialist of AMLCGD; Grace Christy A. Domingo-Supervising Insurance Specialist of AMLCGD PIRA, led by its Chairman and Legal Committee Chair, Edgardo D. Rosario, paid a courtesy visit on May 26, 2022, to Atty. Randy G. Serrano, the new Deputy Insurance Commissioner for Legal Services Group. Also present from PIRA were Atty. Ma. Patricia E. Foria and Atty. Theodore Joseph Campañano, both Legal Committee Members; PIRA Executive Director Michael F. Rellosa, General Manager Rogelio J. Concepcion, Agnes L. Silaya and Shirley F. de la Cruz. Apart from introducing the Association and providing updates on its various collaborations with the Insurance Commission, the PIRA team also discussed with Atty Serrano pending legal issues affecting the non-life insurance industry, particularly IC Advisories on the Anti Money Laundering and Counter Terrorism Finance.

By Herminia S. Jacinto THE Insurance Commission turned 73 this year, and the celebration was held last April 1 at the Philippine International Convention Center. The event was attended by representatives from government and business. It was on Jan. 3, 1949 that the then Bureau of Banking, which supervised the insurance industry, was renamed as the Office of the Insurance Commissioner by virtue of Republic Act 275. In 1974, Presidential Decree 612 was promulgated, creating the Insurance Code of the Philippines. The code has undergone several revisions; the last one was on Aug. 15, 2013 when Republic Act 10607, also known as the Amended Insurance Code, was signed into law by then president Benigno Aquino 3rd. The code has covered all aspects of insurance supervision, including the provision for a progressive increase in the paid-up capital or net worth of the insurance companies every three years until 2022. There have been 11 insurance commissioners since 1949, among them former senator Juan Ponce Enrile, lawyer Gregoria Cruz Arnaldo, whose tenure was the longest (1970-1985) and lawyer Eduardo Malinis, who served two terms (1995 to 2004; 2007 to 2010). Heretofore, the term of the insurance commissioners was determined by the president of the Philippines, but the Amended Insurance Code of 2013 now fixes the term to six years without reappointment. The present insurance commissioner is lawyer Dennis Funa. True to its mandate of safeguarding the rights and interests of the insuring public and pre-need and HMO customers, the Insurance Commission officers and staff are professionals coming from different fields of expertise so we can be assured of efficient and fast service. Many of its functions are now computerized so there was not much interruption of its efficient service during the pandemic period. The website www.insurance.gov.ph was up and running 24/7 so information could easily be sourced or sent to their office. Like all business operations, the insurance business was also affected by the slump in 2020, the first year of the pandemic, but by 2021, the industry was back with vengeance! The 31 life companies produced premium income of P310 billion in 2021, or an increase of 13 percent over 2020 premiums. Insurance consciousness and the need for protection and savings was noticeably high during this period. Net income for 2021 was P30 billion, almost the same as the 2020 results. Source: manilatimes.net