Cybercrime in South Africa is a silent but real and present danger and it’s showing no signs of slowing down. As a rule, most South Africans are guarded and seldom discuss the topic and, without legislation enforcing the notification and publication of data breaches, few companies openly admit they have been hacked.
Owing to the reputational risk and legal implications – many choose to remain silent rather than reveal a breach. Non-disclosure does not of course imply that cyber risk is not a
serious problem affecting the South African economy. In fact in a recent PWC Report (Economic Crime: A South African Pandemic), cybercrime is the 4 th most reported economic crime in South Africa, and the 2 nd most reported on a global scale. Businesses need to be cognisant of the very real threat; a risk which costs the South African economy hundreds of millions every year.
With virtually all industries being targeted – from legal and accounting to architectural and engineering firms – no business is safe. Moving on from credit cards, increasingly sophisticated cybercriminals are
breaching data and committing cyber blackmail – holding data hostage while attempting to extort money from companies trying to avoid the loss of data, intellectual property and reputation. It’s
therefore not a question of if but when a breach will occur.
The security designed to thwart these malicious attacks must evolve at the same pace or be left behind. Having an up-to- date firewall and
antivirus software is no longer acceptable; it’s the new bare minimum. Insurers are increasingly reviewing the risk management procedures put in place by organisations, including the checks and balances to avoid the sharp increase in spoofing mails and concomitant
fraud. Without doubt insurance forms a key component in the greater scope of risk management.
It’s designed to transfer indemnifiable losses off the Insured’s balance sheet should an incident occur, thus protecting their financial integrity and bottom line.
Cyber Liability insurance is cover that deals with all the exposures facing computer networks and systems. It includes the liability attaching to businesses in rendering their services and giving advice to third-parties (particularly IT related businesses), as well as the multimedia liability to which the business is held liable (for statements made in its marketing and advertising efforts, which includes defamation and breach of copyright). It also covers security and privacy liability, which the business will be held accountable for following a data breach (such as legal defence costs in the event of a class action against the business).
Business interruption following system vulnerabilities that bring down the network is also covered (this is often not covered by other insurance policies as there may be no physical damage to the IT infrastructure). Breach of legislation – fines and penalties imposed on the
business for failing to adequately safeguard stakeholder information (this can be up to R10m in terms of the Protection of Personal Information Act (POPI); and crisis management costs following a data breach, including customer notification, support and credit monitoring expenses are all included in this cover.
Lastly, Data extortion, which is the ransom monies paid to terminate an imminent threat on the computer networks and systems, is also covered by a cyber-policy. As a practical measure, Camargue encourages people to avoid paying ransom demands for two reasons:
1. Paying a ransom indicates to an attacker that you have the money or cover to do so; this makes the business a target for future attacks.
2. Even if you pay the money, there is no guarantee that the attackers will cough up the goods. There is no honour amongst thieves, after all.
No matter how perfect your security is, there’s always a weak link in the armour and the chance that you may be targeted, with skilled hackers infiltrating your network. It goes without saying that backups are critical to ensure that incidents such as a ransomware attack are no longer a crippling threat to a business. With this in mind it makes sense to employ an IT consultant to critically review your systems and identify the weak points – a move that requires an allocation of budget to this process.
Cybercrime is an ever-evolving threat that requires equally progressive counter measures and prevention is always better than cure. Insurance against a breach and access to a reputational consultant to manage the likely damage to the brand following a breach should be considered mandatory and good governance. A word of caution though – while Cyber insurance does provide.
Coverage for data breaches, insurers do require that insureds implement the necessary security to protect such information.
For further information on Camargue Commercial and Cyber Liability Cover contact
[email protected], Tel: 011 778-9140, visit www.camargueum.co.za or find us on Facebook.
Camargue is an underwriter of niche insurance products and a provider of risk management solutions
to a broad spectrum of industries in Southern Africa. Camargue’s unique M3 approach focuses on
managing, mitigating and migrating critical business risks.
Authorised Financial Services Provider License Number 6344
- Covid-19 lockdown spurs massive spike in new business account registrations online | #eBizInisghts| Jonathon Smit of Payfast |Podcast - May 29, 2020
- Insights on Data: Podcast 4 Data Literacy and Skills | #eBizInsights| Jayson O’Reilly|Podcast - May 27, 2020
- We’re facing a new way of connecting with consumers| #eBizInsights | Victor Koaho - May 27, 2020
- Types of Covid-19 tests explained| #eBizInsights | Gerald Naidoo - May 27, 2020
- The Marketing Research Foundation updates the industry| #eBizWires - May 27, 2020
- How do we get through this trauma? |#Lifestyle |#Monique Strydom| Podcast - May 22, 2020
- How to handle the unexpected news of retrenchment |#Insight |#Devan Moonsammy - May 19, 2020
- THERE IS NO RISK IN BEING DIFFERENT WHEN NOTHING IS THE SAME| #eBizInsights | Ursula McDonald & Pippa Capstick | Podcast - May 18, 2020
- Insights on Data Podcast 3: Data Analysis | #eBizInsights |Quinton Senekal - May 18, 2020
- Remote working during Lockdown | #eBizTechnology | Arthur Goldstuck | Podcast - May 11, 2020