School of Information Technology and Engineering

Permanent URI for this collection

http://etd.aau.edu.et/handle/123456789/460

Browse

Browsing School of Information Technology and Engineering by Author "Ephrem Baheru"

Now showing 1 - 1 of 1
  • No Thumbnail Available
    Item
    A Cyber Insurance Framework for Ethiopia: Key Components and Recommendations
    (Addis Ababa University, 2024-11) Ephrem Baheru; Sileshi Demesie (PhD)
    The exponential rise in cyber threats such as ransomware, identity theft, and other forms of cybercrime has driven many organizations to seek cyber insurance as an extra layer of protection. Cyber insurance has emerged as a means of mitigating residual risks that remain after implementing various cyber risk mitigation strategies. Cyber-attacks in Ethiopia have been rising steadily each year, driven by a surge in digital transformation initiatives across various sectors, including government, financial institutes, and other critical infrastructure. This highlights the urgent need for cyber insurance services in the country, as it could help organizations manage financial losses and recover more effectively from cyber incidents. This study reveals that no insurance provider in the country currently offers cyber insurance services. This research envisioned promoting cyber insurance practice in Ethiopia by developing a cyber insurance framework that could be used by public and private organizations. To develop the framework, data was collected through a face-to-face interview with insurers, potential insureds, and regulatory bodies, and the data was analyzed using a qualitative approach. We also studied global best practices and trends in cyber insurance. The framework is designed to help Ethiopian organizations manage cyber risks and effectively recover from cyber incidents and reputational damage. The framework includes key components such as stakeholder engagement, insurance coverage, risk assessment and underwriting, premium calculation, risk mitigation and loss prevention, incident response and claims process, regulatory compliance, awareness and education, review and iteration, collaboration, and information sharing. A case study is used to demonstrate how a company successfully implemented the cybersecurity framework.