Cyber Liability Insurance: Don’t run your business without it!

A computer network, database or online presence exposes your company to untold risk. Your company’s data servers contain reams of personal and financial data, daring hackers to obtain access and wreak havoc.

According to Internet security firm Kaspersky Lab, South Africa sustained around three million attacks from hackers in the first three months of 2012. Hackers and other criminals use malicious software or sophisticated "phishing” techniques to steal transactional data, both offline and online. On the back of more than 55 million malware threats each year – and 25 000 new computer viruses daily – the number of recorded cyber-attacks has increased by 140% from last year. In Symantec’s latest cyber-crime report they estimate that adults in 24 countries lost some $388 billion to cyber-crime last year. The figure is split between the cost of time lost due to these crimes ($274 billion) and direct cash costs ($114 billion).

Add to this the recommendations made by King III to safeguard against IT-related risks and there is more than enough to keep South African business owners awake at night. It is vital for businesses to ensure they’re protected from these risks. Companies that think they are covered by their existing business insurance policy could be in for an unpleasant surprise – because many traditional liability products do not address Internet or network exposures.

Technology-based innovation has led to huge dependencies and interconnectivities between companies around the globe. On the plus side these companies benefit from operational efficiencies and enhanced business practices. But technology brings with it a range of problems, including cyber-crime, media liabilities as a result of online publishing and a heavy reliance on the uptime of networks, by way of example.

Commercial organisations also face new business exposures due to continually evolving e-commerce laws. Cyber liability to third-parties, network security, commerce business interruption and loss of data are just some of the new liabilities clients need to build into their risk management and risk transfer strategies.

Providing adequate coverage to protect against rapidly evolving criminal strategies and the risk of human error or omission is virtually impossible. As a result companies are vulnerable in today’s technology-driven business world. Cyber liability insurance is therefore important for any company that maintains a website, operates a network, conducts business via the Internet, accepts payment via a website, or stores non-public client and/or employee information within a network.

There is another reason this information must be protected. In an industry rife with jargon and acronyms, it is not surprising that we have another regulation to contend with. POPI – not to be confused with opiates or the local "poppies” – is the acronym for the Protection of Personal Information Bill.

Due for promulgation later this year, POPI will be the most comprehensive Bill dealing with the protection of electronic information since the Electronic Communications Act. The Bill will cover any person or entity that collects personal information for storage on an electronic database. For companies failing to adhere to the legislation, stiff penalties are to be expected, as well as criminal charges and lengthy prison sentences.