Protect your clients against cyber crime

While it is customary to insure against risks such as fire, theft, and loss of income, to date the foreseeable exposure related to IT systems has not enjoyed any noteworthy attention.

 

But, with the development of new insurance solutions specially designed to anticipate and deal with this risk type, advisers now have an opportunity to add further value by raising this issue, and providing significant and suitable insurance cover.

Directors have long appreciated the necessity to insure companies under their stewardship against operational, credit and business risks – and rightly so. But, a recent risk assessment published by the World Economic Forum, grades Information Technology higher than nearly every other kind of threat.

 

Businesses should understand they cannot completely remain safe from cyber-threats if they do not take the necessary precautions. Although such threats existed long before malware emerged, data theft, fraud and industrial spying are all now typically conducted through cyber-attacks.

Many corporate executives still appear to accept the fact that their IT departments protect them from cyber risk. Cybercrime, however, should not be viewed as a technology issue that can be isolated, but as a pervasive business risk with significant consequences.

Cyber threats can have significant consequences with a negative impact on a business’s assets, revenues, and profitability. If companies fall victim to such an attack, a domino-effect is not surprising.

Initial financial loss can quickly escalate into reputational damage, legal exposure and diminished operations. Clients also refrain from doing business with the organisation, which leads to further financial loss.

Whether the breach is caused by hacking, a rouge employee or a simple error in storage and disposal of information, the cost to a business or individual impacted by the breach, can be devastating. The costs associated with lawsuits arising from a breach can cripple a business.

Privacy and data protection are issues of growing importance worldwide, given the ease with which data can be electronically stored, retrieved and transmitted. Businesses that collect personal data from clients for use in business have the problem of civil liability incurred by the illegal acts of a cyber criminal.

 

Companies are required to take steps to protect the information they collect and also have specific responsibilities in the event of a breach of a data network. Loss of private data exposes lawbreakers to civil liability, and in countries that have data protection-specific laws, constitutional penalties apply.

South Africa does not presently have a data protection-specific law, but there have been recent suggestions that the Protection of Personal Information Bill, which will administer data protection, will become law early next year.

Assuring against the numerous risks depends on a solution, which is capable of anticipating and dealing with the domino-effect and all its implications, rather than simply providing financial compensation. Professional assistance such as reputation management, specialist legal aid and even digital forensics to identify, track down and retrieve lost or stolen data, are required.

Dealing with a breach does not only require closing a loophole or receiving a financial pay-out. It also depends on limiting the damage and restoring market confidence by taking decisive action, including identifying culprits and bringing them to book, recovering information and ensuring prevention of similar future attacks.

Certain companies like AIG have introduced an exclusive solution which addresses information technology risk. These policies cover you for financial, legal, investigative and reputation exposures for a single premium. They provide professional assistance from attorneys, forensic investigators and public relations practitioners at the disposal of policyholders.