Steering cyber security

Munich Re is a leading solution provider for cyber


(re) insurance globally and is committed to the development of cyber insurance in the South African market. Leadership magazine speaks to Nico Conradie, CEO of Munich Re of Africa

Could you please give us a rundown of your educational and working history?

After obtaining an MSc in Physics, I worked for a couple of years as a research scientist. I did not plan to have a career in financial services and landed in reinsurance by accident so to speak. Looking back on nearly 30 years in reinsurance, I am pleased with the outcome and thoroughly enjoy being part of the insurance and reinsurance community.

Reinsurance is an ever-evolving industry, in which one has the privilege of working with a diverse group of professionals ranging from engineers to actuaries and from occupational therapists to lawyers. It is a truly global business, affording one an opportunity to be exposed to cultural diversity on a world-wide scale and of collaborating on projects spanning several continents.

You were appointed to your position as CEO in February 2016 —please tell us a bit about the last four years at the helm?

Given that Munich Re of Africa serves sub-Saharan Africa, it goes without saying that the recent couple of years have been filled to the brim with socio-political and economic challenges. Africa is a wonderfully diverse continent with insurance needs ranging from providing access to the most basic financial services via innovative technology platforms to serving sophisticated customers, demanding first-world products and services.

Munich Re is at the heart of these developments, helping to develop new products; training and development of human capital; leading-edge risk and capital solutions and so forth. Together with a superb team it has been a great journey thus far, steering our organisation towards growth and profits whilst serving the needs of diverse customers. Boredom has certainly not been a key feature of the last couple of years.

What achievements are you most proud of during this period?

We see ourselves as being in the business of enabling peace of mind through the provision of risk solutions. This is done in practice through innovation, whether such innovation is focused on new insurance products, new distribution solutions, data analytics, training and development of, say, underwriters and claims managers, or through highly complex capital and risk management structures.

I am always humbled and delighted when I see colleagues who joined us in relatively junior roles, grow and develop eventually to take up senior executive roles in our wider group or somewhere else in the industry – knowing that Munich Re of Africa has made some small contribution to their growth and success, and thus to the wellbeing of the wider community we serve.

Before we climb deeper into cyber security, please speak to us about the term and how prevalent is it today?

Cyber security is a general term which refers to securing digital assets for its confidentiality (only the authenticated user can access), availability (accessible to authenticated user whenever required) and integrity (can be modified only by authenticated users with appropriate rights). Although cyber security is prevalently used to refer to Information Technology (IT) security, cyber security also includes the domain of both IT security and Operation Technology (OT) security. With the advent of Industry 4.0 and the different cyber incidents in different industrial control systems, the importance of OT security is gaining momentum.

The increasing dependency on digital infrastructure and digital assets for both businesses and private individuals has increased the necessity for awareness on cyber risk as well as the importance of having basic cyber security measures in place. Cyber insurance is one of the key risk management measures to be seriously considered.

Should a business or a government face a cyber incident, just how damning could it be for that organisation?

The impact of a cyber incident on businesses or a government can be catastrophic. Cyber-attacks can potentially lead to several types of losses, including damage to tangible and intangible assets, losses related to business disruption and theft, as well as various forms of liability to customers, suppliers, employees and shareholders.

The major losses related to cyber incidents are incident response and data restoration costs, which includes costs associated with repairing affected systems, networks and devices; costs of restoration and recreation of data and computer malware decontamination costs. These costs have a high correlation to the size, complexity and heterogeneity of the digital infrastructure. Business interruption due to cyber incidents may result in significant financial loss or loss of profit.

Organisations hold a large amount of private data that is housed for various reasons, which include personal records ranging from banking details, residential addresses, contact numbers etc. Furthermore, organisations may store third party data arising from business transactions, which may be sensitive in nature.

Unauthorised access to this private information by cybercriminals often results in damages i.e. theft of data for malicious use and aid in fraud. Cyber-attacks may have legal consequences on organisations in instances where there is failure to comply with data protection and privacy laws.

The reputational damage for an organisation that has suffered a cyber-attack can strain the relationship with suppliers, investors or any other parties that have vested interest in the business. The effects of a cyber-attack could tarnish the organisation’s brand, which may be eroded if the incident is not well managed.

Any business can face this threat at any time. What would you say is the best form of risk management considering the great losses this could cause?

Cyber incidents can devastate even the most resilient organisations. However, a proactive approach to cyber risk management should enable organisations to survive major incidents. Cyber risk is the responsibility of the Board and senior management of organisations to ensure that the risk assessment and effective planning for controls is upheld to the highest standards. Over and above the implementation of IT security technologies and processes, a key component to cyber security requires awareness training of all employees.

The first step is to ensure there is strategic planning and budgeting for cyber risk management, then allocate responsibilities amongst key individuals for the implementation of such plans. Policies and procedures for addressing cyber risk and incorporating cyber onto the risk-based audit plan. Organisations must report at Board level on their risk profile as well as the effectiveness and progression on the cyber security plan to mitigate cyber risks.

What options does Munich Reinsurance have on offer for potential or existing clients?

We have been actively enabling our clients (primary insurance companies) by providing holistic cyber solutions which include cyber product design, original policy development, underwriting training and granting access to a network of service providers ranging from incident response and forensics—to crisis management and legal support—and ongoing support on single risk assessment. In other instances, we provide tailored solutions which allow our clients to offer bespoke solutions to their policyholders.

In addition, we offer IT solutions that will assist our clients in cyber underwriting, risk assessment, portfolio monitoring and reporting features. We are committed to the development of cyber insurance in the South African market.

Are you happy with the company’s growth in Africa and what are your long, short-and medium-term goals you’d like to achieve as CEO?

We are not focused on market share or top-line numbers. Having said this, it is a sign of a healthy company if it is growing profitably. We are generally satisfied with what we have achieved over the many years that Munich Re has been doing business in Africa, especially if one also considers the many challenges facing our continent.

“We are never complacent, and thus “happy” is probably a word I would not have used. We are working hard to find additional opportunities to add new business to our portfolio, provided that this new business contributes positively to our bottom line.

Our business is all about helping our primary insurance customers grow and succeed. It sounds overly simplistic, but precisely this has always been my goal: working with our customers to find ways of helping them succeed and in doing so ensuring our own growth and success. I don’t think this will ever change.

“Naturally, I am not wishing to imply that we do not also focus on other aspects of running a successful business: the winning in the proverbial war for talent, the need to improve efficiency through, for example, digitalisation, and making sure we employ our skills in topics such as data analytics and cyber insurance to the benefit of all our stakeholders.

comments powered by Disqus

This edition

Issue 414


Leadership_Mag JJ's View - The rise and fall of leadership in the 26 years of democracy. #JJsview #leadership #may2020 Read on pag… 7 days - reply - retweet - favorite

Leadership_Mag Leadership May 2020 Cover Story - The future of South Africa post the Global Pandemic. Read it in our new interacti… 7 days - reply - retweet - favorite

Leadership_Mag The interactive version of the May 2020 #Leadership magazine is available now. 11 days - reply - retweet - favorite