Meeting evolving cyber risks head on
Technology, and our use of it, is expanding at an exponential rate. While the adoption of technology provides a powerful tool for differentiation, harnessing efficiencies and driving down costs, it does leave us increasingly exposed to evolving cyber and data related risks.
How reliant are you, as a company, upon your IT systems and data? Could you continue operations if these were suddenly taken away? How would your clients or business partners respond if the data they entrusted you with was compromised or published online?
Couple this reliance with the various and evolving ways in which a breach could occur and the need to plan your response to a breach becomes apparent.
According to a recent PWC study, “Economic Crime: A South African pandemic”, 32% of South African companies reported being victims of cybercrime with a further 16% stating they were not sure if they had or had not been victims to cybercrime. The study also found that most South African companies are not adequately prepared in case something happens – only 35% reported having a cyber incident response plan.
While an internal cyber incident response plan is still required, the external cyber incident response plan and resources provided under a cyber policy are invaluable.
Victim to attacks
A privacy or network security breach could lead to significant damages and financial liabilities, the reality is that you do not need to be targeted or even hacked for an incident to occur.
Companies face a number of risks on a daily basis, many of which do not require a targeted attack or even a hacker. Examples include:
• Staff falling victim to a phishing scam or clicking on a malicious online advert, infecting the company network with malware such as a key logger or crypto locker.
• A rogue employee selling data, be it to a competitor or the highest bidder. Stolen data can fetch top dollar and it is easier to trade than you would think.
• Public Wi-Fi connections - consider the data on your device are you sure the connection can be trusted?
• Physical paper records not being properly disposed of.
• An aggrieved client enlisting the services of a professional hacker.
The list goes on and on and on, however, new risks emerge continuously. The question therefore is, how are you managing these new and emerging risks?
What is the answer?
While the Protection of Personal Information Act (POPI) may not be in place, cyber insurance cover is very relevant in covering existing exposures and costs that a company would incur in responding to a breach.
Cyber insurance is specifically designed to address the resultant expenses and consequential damages of a systems or data breach, including investigation, containment, damage limitation, liability and business interruption cover which is typically excluded under other policies.
First and third party cover is provided for the consequential damages of a network security or privacy breach, for example, breaches as a result of malicious or negligent acts carried out by employees.
One size does not fit all
Just as companies differ, so do their cyber risks. For some companies business interruption poses a bigger risk than potential reputational damage.
For this reason, cyber policies are modular and can be crafted to include or exclude modules or set module sub-limits to suit the needs and budget of policyholders.
Where next?
Ten years ago cyber risk seemed a remote risk at best, now it regularly features on board agendas and in the top five of most industry risk surveys.
Data and technology will continue to become more pervasive in our daily and professional lives as autonomous cars, drones, 4D printing and the internet of things in general revolutionise our daily lives.
As technology is here to stay and evolve, so is cyber related insurance.
