A wake-up call in the cyber crime space

Two years ago it was difficult to find victims of cyber crime. Today, cyber crime is escalating dramatically and it is therefore important to alert and guide clients of this new risk to businesses.

For brokers, failure to alert clients of cyber risks, as well as not assisting them to find appropriate risk transfer solutions, could lead to intermediaries facing PI claims or worse, losing their client to another broker. Another issue is that the client could possibly be a
victim of cyber crime and close his or her business.

Low cyber protection

Although there is increasing client concern regarding cyber risks and more brokers beginning to put cyber insurance on the agenda when they talk to clients, the cyber insurance market penetration levels remain low. What is the reason? The possible variables include:

• The economic climate is still tough, resulting in pressure on existing insurance purchases. Added to this are new risks emerging;
• Cyber is still somewhat intangible. Limited local examples make it difficult to quantify the risk;
• It presents a new risk businesses never needed to consider before. People can visualise and quantify loss of machinery, physical stock items, office equipment and buildings – but invisibility of data is a new challenge to most;
• Cyber and countless potential data exposures overwhelm most, making procrastination and avoidance a magnetic alternative; and
• Current regulations still allow companies to sweep cyber incidents under the carpet. This is a risky course to follow as it may cause reputational damage down the road.

Alert to the reality

The fact remains that cyber risks are real, they are here to stay and their growth is certain. Brokers have a duty to their clients, as well as to the growth of their own businesses built on loyal clients, to place learning all there is to know about cyber crime high on their to-do agenda. It is only through personal understanding that brokers will be empowered to explain the new age cyber risks clearly.

Business owners need to be alert to the reality and to fully understand that suffering a cyber crime incident can have multiple major repercussions. This includes first party financial costs involved in professionals investigating and responding to an incident, reputational damage, lost business and potential liability lawsuits.

In their 2016 Cost of a Data Breach Study, the Ponemon Institute released a South African specific report. It considered incidents from 19 South African companies across nine industry sectors. According to that specific research, the average number of breached records was 18 255. The number may not appear significant, but the total organisational cost was R28.6 million and the largest component resulted from lost business of R10.55 million per incident. This study found that having an incident response team was the biggest factor to reducing the ultimate breach costs.

In spite of increasing media reports of cyber crime, only 35% of South African organisations have a cyber incident response plan.

Opportunity in cyber

Almost every company is reliant on IT systems and data. Cyber addresses core risks and represents potential business growth for brokers in a challenging market. However, while brokers have a vital face-to-face role to play in guiding their clients, insurers have a parallel responsibility.

It is essential that insurers creatively assist brokers to gain the knowledge and understanding it takes to highlight evolving cyber risks to business owners and find appropriate risk transfer and mitigation strategies.