The role of cyber liability insurance in protecting SA businesses against mounting cases of cyber crime
Karen Rimmer, Head: Distribution of PSG Insure
23 November 2022: According to recent research, South Africa is the world’s sixth biggest cybercrime hotspot, with ransomware attacks alone having doubled over the last year. For Karen Rimmer, Head of Distribution at PSG Insure, this is a stark reminder that the prevalence and scale of recent cyber-attacks on businesses of all sizes has rendered reliable cyber security a necessity. Adequate cyber liability cover is a vital component of guarding against the exponential damage that can be wrought by even the most rudimentary cyber-attacks.
High-profile data breaches resulting in millions of rands in accumulated damage continue to capture media attention and make headlines across the country. While much focus is placed on the financial impact of data loss or downtime, a large proportion of the damage extends beyond the initial impact of the crime. Long-term reputational damage, operational disruption and the loss of intellectual property have far-reaching effects on victims of cybercrime.
Furthermore, while cases of cybercrime in large corporates and governmental departments are widely publicised, the danger posed to small businesses is just as critical. For a small business, the knock-on effects of a data breach could have serious consequences, including decreased productivity, the cost of defending third-party liability lawsuits and irrecoverable revenue losses.
In light of National Cyber Security Awareness Month, Rimmer urges business owners to review their risk management strategies and processes, and to ensure that all their bases are covered as far as mitigating the risk of cybercrime is concerned.
As she expands: “Cyber criminals are becoming increasingly sophisticated, which is why businesses need robust cyber security policies. Prevention should be your first line of defense, but in the event that a cyber-attack cannot be avoided, having the backing of cyber liability insurance can assist in softening the blow and help your business to recover as quickly and cost-efficiently as possible.”
Cyber-attacks can take several forms. In South Africa, ransomware attacks are the most prevalent and involve digital extortionists holding a company’s data ‘hostage’ until a specified amount of money is paid. The extent of the takeover could range from taking down a business’s website to total Distributed Denial of Service (DDoS) attacks which disable entire networks, services or infrastructure.
Other cyber threats include electronic fund transfer or payment redirection fraud. Often referred to as “man-in-the-middle attacks”, in these cases, electronic payments are intercepted by cyber criminals. In addition to these more common forms of cybercrime are malware attacks, identity theft, social media attacks and social engineering attacks.
A cyber-attack can set in motion a chain of events that can continue for months and years after the incident. “It is therefore crucial that businesses arm themselves with the most effective cyber liability insurance that covers multiple risks simultaneously,” says Rimmer.
Currently businesses have access to two main types of cyber products. First-party cyber cover can be packaged as a value-added product with a rate that is linked to the company’s annual turnover. Alternatively, full cyber cover is comprehensive and will include first- and third-party cover for several potential losses.
Several liabilities need to be considered, including the potential for third-party claims and the associated legal defense costs. Lengthy court proceedings resulting from cases of data theft or manipulation can prove exorbitant and potentially crippling. Furthermore, a comprehensive cyber policy will include reimbursement for a third-party claim in the event that the company’s computer network was breached by malware and negatively impacted the third party.
Cover for media liability is also a wise consideration and will provide financial reimbursement in the event that a company has to defend a third-party claim for defamation, breach of copyright or privacy rights violations as a result as the company’s media activities. Victims of cybercrime will require forensic support in investigating the source and cause of the crime, which on its own, is a costly endeavour for which business’ should consider insurance.
As Rimmer concludes: “In an increasingly digital business environment, the importance of cyber liability insurance cannot be overstated. Business owners are advised to discuss the potential risks that abound within the digital world with their adviser and find ways to supplement their insurance policies with thorough and regularly updated risk management protocols.”
ENDS