IN May, the WannaCry ransomware attack af-fected over 200,000 computers in more than 150 countries – causing the UK’s National Health Ser-vice to cancel surgeries, and impacting major businesses like Fedex, Spanish phone company

Telefónica and German state railways. Just last month, Petya affected more than 12,000 machines at major cor-porations such as shipping giant Maersk, the world’s biggest advertiser WPP and food company Mondelez.

Two such ransomware attacks in close succession show how vulnerable our systems can be, and import-antly, how debilitating such cyber intrusions are.

It is an easy throwaway solution – buying insurance coverage for cyber risk means companies and individu-als may transfer some financial exposure to insurance markets; but if you look closely, the cyber risk insur-ance market is immature and coverage is still less than ideal. It is not clear whether it is due to low levels of awareness or whether some companies, after conduct-ing a cost-benefit analysis, have little incentive to invest in preventing such cyber loss. Even when corporates do decide to buy coverage, the types of losses covered in standalone cyber policies can vary significantly across providers. There are also big differences as to which types of liability would be covered – for instance, whether ransomware would be covered? Furthermore, cyber incidents can sometimes cause damage to busi-ness reputation and future business, which are often difficult to quantify.

Currently, with the scare of WannaCry and the so-called Petya or Not Petya malware, interest in insur-ance will possibly rise. Nonetheless, as the Organisa-tion for Economic Co-operation and Development (OECD) points out, for insurance to have a real impact on risk reduction, the market must be offering a mater-ial level of coverage to a large number of individuals and companies – but such wider availability is not cur-rently the case.

The insurance market can enhance the management of cyber risk by promoting awareness, encouraging measurement, and providing incentives for risk reduc-tion. As part of this work on the digital economy, the OECD is addressing impediments to cyber insurance.

The report prepared for the G7 Presidency and G7 Fin-ance Ministers and Central Bank Governors’ meeting held earlier this year argues that due to the impact on economic and social prosperity, governments need to play a key role in supporting the development of this market; and outlined crucial obstacles to the develop-ment of this market for governments to better address.

First, they argue that the policy community could improve public policies to manage cyber risk such as of-fering incentives for businesses to measure and man-age their exposure to cyber risk. Secondly, insurance regulators should be key stakeholders when coordinat-ing cybersecurity matters across government bodies. Thirdly, governments could consider requesting that more transparency and clarity be provided on the ex-tent of coverage, as well as losses that are excluded by insurance companies.

INSURANCE INITIATIVESAnother major impediment for the insurance market to be effective is the need for more and better data on the frequency and impact of cyber incidents as well as re-lated claims payments in order to drive the confident underwriting of insurance coverage.

A number of national level and insurance company initiatives are already underway.

The upcoming implementation of the EU General Data Protection Regulation seeks to establish uniform notification and disclosure requirements, fines, and an environment for victims of data theft to pursue com-pensation.

Europol works closely with the Netherlands’ Police National High Tech Crime Unit, Kaspersky Lab and Intel Security to combat ransomware by helping victims ob-tain encrypted data without paying ransom, as well as providing guidance on countermeasures to prevent in-fection.

In the US, the Federal Trade Commission (FTC) spe-cifies that a company’s failure to update its systems and patch vulnerabilities known to be exploited by ransomware could violate the FTC Act. The FTC may also consider the accuracy of promises made to con-sumers by an organisation regarding the security of its

systems. Data security laws may also apply where

ransomware attacks are successful on account of com-panies’ failure to implement reasonable safeguards.

Nearer home, the governments of South Korea and Japan are considering insurance policies for SMEs that

are not perceived to have the extensive financial or la-bour capacity of larger organisations to improve their

own cyber resilience. The OECD report specifically cites work in Singa-

pore within the NTU-MAS Cyber Risk Management pro-ject (CyRiM). A government-industry-academia re-

search endeavour that also integrates inputs from global insurance companies and IT security experts,

CyRiM will facilitate research in a wide range of topics – longevity risk financing, actuarial science and insur-

ance economics. It will also recommend policies to the Singapore government on advanced cyber risk protec-tion and prevention. Some focus areas will include se-

curity data analytics, infrastructure and strategies to improve protection of corporate assets and data.

As cyber threats have impact across borders, an-other key issue that needs to be addressed is how re-

gional organisations can encourage public-private and private-private partnerships to increase regional cyber

resilience. This is especially relevant to the Asia-Pacific region where national market and regulatory frame-

works are not always strong enough. The government has a large role to play not only in ensuring the develop-

ment of coherent digital security and privacy protec-tion risk management practices, but also in the devel-

opment of this market by supporting business solu-tions which, while ultimately meeting their own in-

terests, can ideally lead to enhanced cybersecurity and reduced costs. If successful, this is especially benefi-cial given the concern among cybersecurity experts

across regions that the costs of cybersecurity are often unrealistic and unsustainable.

❚ The writer is a research fellow responsible for cyber policy and strategy in the cyber risk management project at Nanyang Business School, NTU. This piece is written with Tina Sim and Janet Loh of Nanyang

Business School College Communications.

Deepening cyber resiliencethrough insurance initiatives

By Frank Vogl

FROM 2003 to 2010, Luiz Inácio Lula da Silva was the most powerful man in Latin America. He was the highly popular president of Brazil. Now, he faces

the prospect of a decade in prison.Lula has been found guilty of corruption charges and

sentenced to nine-and-a-half years behind bars. He is out on bail pending an appeal. He calls the case against him “a farce” that is politically motivated. He has been accused of accepting more than US$1.1 million in gifts from a con-struction company to make improvements to his beach-front apartment.

Lula’s protégé and successor as president, Dilma Rousseff, was impeached last August on allegations of mis-representing the national budget numbers. No corruption charges have been filed against her. Her successor, cur-rent president Michel Temer, has been formally charged with corruption, which he denies.

Further charges may be brought against Lula that more directly link him, like many other Brazilian politicians, to the finances of giant state-owned Petrobras. The oil com-pany provided large contracts to companies that paid bribes to senior employees, who in turn provided illicit funding to political parties and individual politicians.

For a long time after the initiation of major investiga-tions into Petrobras, Lula appeared to be in the clear. The assumption was that it has been his minions who soiled their hands, while he stood well above the political dirt.

The impression was all the stronger because he has long enjoyed enormous popularity. Lula has always soun-ded and looked like a man of the people. He presented himself as the counterpoint to the establishment elites who for decades governed Brazil to serve themselves at the expense of Brazil’s citizens, especially the tens of mil-lions of poor people.

POWERFUL SIGNALThat Lula now faces prison is the most powerful signal to the entire political and business establishment in Brazil that new leaders and new political approaches are desper-ately needed. Lula’s sentence is also a signal to all of Latin America that justice can prevail.

From Mexico to the tip of Argentina, the stench of grand corruption has pervaded politics for decades. The political class, partnered by big business, has been able to control and manipulate the judiciary and law enforce-ment. A new era of change may be dawning, driven above all by the Brazilian example.

The origins of what indeed is a revolution in Brazil were the massive public protests that were unleashed by the exceptionally high costs of public spending. This also concerned “trophy” items, such as the over US$3 billion spent on new stadiums for the 2014 World Cup football championships and the more than US$4 billion on infra-structure for the 2016 Rio Olympic Games.

The protests gave Brazil’s civil society, the media and, most importantly, a younger generation of public prosec-utors and judges, the impetus to investigate and publicise government mismanagement and corruption. That invest-igations found that Petrobras was just a piggy bank for funding politics added to public outrage and the zeal of the law enforcers.

The disclosure that Latin America’s largest construc-tion company, Odebrecht, not only ran a domestic Brazilian bribe-paying programme running into tens of millions of dollars, but that it also ran a similar pro-gramme on an efficient basis in other Latin American coun-tries – including Colombia, Peru and Ecuador – illustrates just how rotten large-scale public contracting has become.

Now, the tables have been turned. Instead of being a na-tional hero, Lula is a symbol of all that has been corrupt in Brazilian politics, just as the jailing for 19 years of corpor-ate chief executive Marcelo Odebrecht is of the corruption of big industry.

Brazil now faces the challenge of restoring public trust in politics and business. And what is happening in Brazil today may well happen in Mexico tomorrow. Public anger over corruption in politics is rising and opposition politi-cians are set to make this the big issue in next year’s elec-tions.

In both Brazil and in Mexico, courageous journalists and civil society activists are seeking to take advantage of every scandal to strengthen public protests and demand that honest public prosecutors and judges can do their work. The developments in these countries are in turn set to have significant influence on other countries in the re-gion, notably Argentina, Colombia and Peru.

History may point to the sentencing to prison of Lula as the symbolic day when justice finally started to gain the upper hand over the entrenched forces of establishment corruption.

❚ This originally appeared in The Globalist

(www.theglobalist.com). The writer is co-founder of Transparency International and author of Waging War on Corruption: Inside the Movement Fighting the Abuse of Power.

By Henrik Raber

WE are entering a new era of green fin-ance. An increasing focus on the en-vironment has spurred global lead-

ers and corporations to take action to address cli-mate change and our effect on the environment as we push on with growth and development. This transition to a greener, more sustainable fu-ture will present new opportunities for business growth and much needed investment and in-terest in developing countries. This is where the green bond product has found its niche in the market.

The Paris Climate Agreement galvanised com-mitments to green initiatives and technology across the globe. The resulting need for finance saw unprecedented growth in green bond issu-ance and interest in the past year. The Climate Bonds Initiative (CBI) reported more than 90 new issuers in 2016 and a doubling of green bond is-suance from just over US$40 billion in 2015 to cross the US$80 billion mark. The market contin-ues to mature and diversify with bonds from an increasing number of countries, bond types and issuer types. Demand also far outstrips supply among investors both with and without a green mandate.

But the growth trajectory of the green market does not stop there. Many countries worldwide have reaffirmed their commitment to the Paris Climate Agreement. Specifically, we saw Apple re-

affirming its commitment to the environment by issuing a mammoth US$1 billion green bond. Meeting these commitments is estimated to re-quire nations to spend nearly US$1 trillion a year till 2035. We can expect more issuances from sov-ereign and sub-sovereign issuers as govern-ments seek green investments to finance infra-structure development on a large scale. Accord-ing to the CBI, green bond issuance is projected to nearly double to US$150 billion in 2017, and the OECD expects this to potentially reach between US$620 billion to US$720 billion a year in the near future.

Despite the flurry of activities worldwide, Asean has been hesitant to venture into the green bond market. It is a cautious approach by an especially promising untapped region. Most of Asean is still undergoing rapid modernisation and is expected to grow at a robust rate of 5.2 per cent between 2016 and 2020, according to the OECD. Much of the region’s infrastructure and in-dustry are still under development, which presents a rare opportunity to bypass traditional polluting, resource-inefficient technologies and practices for green sustainable ones. Therein lies a prime market for green bonds.

The initiative to develop the Asean Green Bond Standards, for example, was a great first step in tackling the issues faced by the market. This was one point which garnered unanimous consensus among panellists at a recent Green

Bond Conference in Singapore, organised by Standard Chartered Bank.

Based on the International Capital Market As-sociation’s (ICMA) Green Bond Principles (GBP), the standards are expected to provide consist-ency and transparency. They seek to provide more granularity to what constitutes a suitable project to be funded by green bonds, and will help to eliminate “greenwashing” – the practice of using proceeds from green bonds towards non-green purposes. The principles will firmly set the standards for classification and informa-tion disclosure, which will go a long way in main-taining the credibility and integrity of this new market and help promote this Asean asset class to global investors.

COLLECTIVE EFFORTThe Green Bond Grant scheme introduced by the Monetary Authority of Singapore (MAS) is an-other good example. The scheme, aimed to off-set costs of external reviews for green bond issu-ances, shows how policymakers can encourage the growth of green bonds. In fact, the Singapore market saw City Development Limited issue its first green bond – indeed the first in Singapore – even before the MAS scheme came into play. This probably speaks much about pure market intent.

These are all clear indicators that Asean gov-ernments have taken notice of the burgeoning

green bond markets in neighbouring China and India, and are preparing their own markets. But more has to be done. Governments need to ad-opt the role of enablers and introduce policies on both demand and supply sides, to promote mar-ket confidence and spur growth.

Governments have traditionally played a role in directing capital to infrastructure investments for decades. Today, proven tools are readily available for policymakers to increase invest-ment in green through the bond market.

As for investors, the rationale for holding green bonds in their portfolio holds strong. Green bonds and conventional bonds are com-parable in almost every aspect. But green bonds have exposure to various sectors with environ-mentally-friendly businesses, allowing investors to further diversify their portfolio. Increased transparency and accountability requirements due to the nature of the bond could provide an additional layer of security to the asset.

As the world continues to focus on green fin-ance, Asean will also become engaged. Policy-makers play a large role in developing the Asean capital markets for green bonds, but issuers and investors also need to come together in a collect-ive effort to develop the market. There is huge potential for the Asean green bond market for all participants to capture.

❚ The writer is global head, Capital Markets at

Standard Chartered Bank.

The insurance market can enhance the management of cyber risk by promoting awareness, encouraging measurement of exposure, and providing incentives for risk reduction. BY CAITRIONA HEINL

CyRiM, a government-industry-academia research endeavour that also integrates inputs from global insurance companies and IT security experts,will recommend policies to the Singapore government on advanced cyber risk protection and prevention. PHOTO: REUTERS

Will the sentencing of Brazil’s fallen hero be the start of a new era?

Much of the region’s infrastructure and industry are still under development, which presents a rare opportunity to bypass traditional polluting, resource-inefficient technologies and practices for green sustainable ones.

Asean’s green future needs a determined push to flourish

The Business Times | Wednesday, July 19, 2017OPINION | 33