South Africa has not been immune to the risk of cybercrime: it is estimated that in 2014, cybercrime cost South African companies around R5.8 billion.
Furthermore, on average it takes 200 days for a South African organisation to identify an online security breach. Likewise, individuals have also been impacted: eighty four per cent of South African adults have been victims of cybercrime.
“Criminal activity including hacking has been on the rise in South Africa and internationally and these range from Distributed Denial of Service attacks to the hacking of social media accounts. These attacks can have devastating effects on society, and businesses and individuals need to protect themselves against the consequences of cybercrime with comprehensive cover,” says Candice Sutherland, Business Development Consultant (Corporate Solutions) at SHA, Santam specialist underwriting manager agents (UMA)
To protect a company from these risks, a good cyber-insurance policy needs to cover first party expenses, taking into account the actual costs of re-collecting and replacing data, as well as the expenses related to employee overtime, rented external equipment and services.
Additionally, the policy has to cover loss of business income, the notification expenses incurred to comply with privacy legislation, any crisis management expenses and possibly regulatory fines and penalties.
The risks individuals and companies are exposed to include the following: • system unavailability and downtime;
- business being held to ransom;
- loss of revenue;
- loss of data;
- reputational damage and costs associated with reducing the impact of a breach;
- loss of competitive advantage;
- industry and regulatory fines and penalties; and
- litigation arising from compromised data.
Maksure Risk Solutions has insurers that are able to offer the following cover:
Data recovery and business interruption: provides coverage to respond to a loss of income and operating expenses experienced due to a network security breach.
This will cover the expenses of specialists, investigators, digital forensic auditors, or loss adjusters as well as cover the cost of restoring or recovering data and operations, or costs incurred until it is established that data cannot be recovered or restored.
Crisis management & notification expenses: provides coverage for costs of responding to a security failure or privacy breach. These response costs could include notification expenses, the cost of providing credit-monitoring or other remediation services to customers or impacted third parties as well as service providers that specialise in crisis management and public relations.
This would include coverage for third party claims due to the failure of the insured’s network security or the insured’s failure to prevent unauthorised access to personal information.
Associated regulatory fines and penalties to the extent insurable by law could also be covered.
Sutherland concludes, “Organisations that have experienced breaches of data security can testify that cybercrime relates to more than just the loss infrastructural capacity. This is a real criminal activity which can lead to extortion, fraud and forgery as well as impact the sustainability of a business. If cyber security is properly managed with the right insurance cover, businesses and individuals can be safe out there.”