FANews
FANews
RELATED CATEGORIES
Category Risk Management
SUB CATEGORIES General | 

South Africa - a target for international hackers?

29 October 2015 Jonathan Faurie
Jonathan Faurie, FAnews Journalist

Jonathan Faurie, FAnews Journalist

One of the realities of the ever changing insurance sector is that risk has become dynamic and is constantly evolving; none more so than the growing presence of cyber liability which is starting to have a profound impact on the market.

What is certain is that the industry cannot just sit back and let cyber liability grow to a stage where it becomes uncontrollable. Discussions with clients need to take place to make them aware of the risk that cyber liability poses and how to work past it.

Accessing the problem

One of the advantages about cyber liability is that there is a lot of information about it, and the risk can be assessed by having access to easily acquired information. Speaking at AIG’s 2015 Financial Lines Conference, Mark Camillo, AIG Head of Professional Liability and Cyber for EMEA, said that in the US alone there is an average of two cyber-attacks a day which affects millions of people.

“There has been a vast increase in awareness in the US over the past year regarding cyber-attacks. This is becoming a serious issue in a market which is moving ever more closer towards privacy than before. At the moment we are seeing larger corporations are the targets of these attacks where information is being locked out and key documents being held ransom. This is the modus operandi of criminals who view these companies as prime targets,” said Camillo.

International implications

While companies in the US have been prime targets, the problem is of a global nature and South African companies will eventually become targets for international hackers. This is concerning for companies in the financial services sector as they hold personal details of clients.

This could have major impacts when one considers information privacy in the South African context. While the Protection of Private Information (POPI) Act is in the process of being implemented, slow progress is being made. Rohan Isaacs, Director at Norton Rose Fulbright, said that work is currently being done on appointing a regulator and setting up its offices.

We also must not become complacent in thinking that criminals only target large companies. Rodesh Govender, Manager of Information Protection and Business Resilience at KPMG, says there are also a number of smaller hidden attacks which are occurring on a daily basis. “The modus operandi is the same as with major companies. The criminals are locking out the information and are holding it at ransom. The problem is we do not know the full extent of the problem as companies feel they should just pay the ransom so that they can get the information; they do this without reporting the incident to the authorities.

Cyber resilience

Because of the global nature of the risk, any company can potentially be a victim. This doesn’t mean that companies must sit and wait for it to happen. AIG reports that there are a number of steps that can be put in place to build cyber resilience:

-  System hygiene. Establish a proactive and systematic process for managing standard systems hygiene;

-  Develop a plan. Create a cross functional team of senior management to plan for cyber security events and consider hypothetical attacks;

-  Map out your risk profile. Study cyber patterns and attack modes to develop a tailored approach to protecting company assets;

-  Assess and measure. Focus on rough figures, not precise estimates and avoid analysis paralysis;

-  Mitigate risk. Invest in risk mitigation measures to protect company assets against greatest risk;

-  Cyber insurance. Obtain cyber insurance to provide contingent capital and specialised assistance in the event of an attack;

- Get started. A rough plan is okay – becoming resilient to cyber risk starts with a single step. 

Extra measures

Apart from purchasing a cyber-liability product, setting up a team and crafting a plan is the best way to mitigate the effects of a cyber-attack. This involves drawing up the company’s cyber risk profile and mapping the risk landscape

“Accessing the risk profile and the risk landscape of a company is important and cannot be a rushed job. Every organisation will be different as they serve different clients and target specific income groups. Cyber assessment should be key to internal risk practices,” said Govender. 

Isaacs added there is no value in being a silent victim. “Companies need to notify authorities as soon as possible after the attack. In that way, companies can work to negate incidents of loss. Companies should also not use just any vendor they can find to help repair the damage from cyber-attacks, check with the company that you have your cyber policy with,” said Isaacs. 

Editor’s Thoughts:
The insurance industry sees cyber liability as a major threat, and brokers need to highlight this to clients as the nature of cyber threats is continuously changing. Please comment below, interact with us on Twitter at @fanews_online or email me your thoughts jonathan@fanews.co.za.

Comment on this post

Name*
Email Address*
Comment
Security Check *
   
Quick Polls

QUESTION

The two-pot retirement solution has shone a spotlight on certain shortcomings in SA’s pension fund landscape. Which of the following steps would you take to improve compliance and retirement outcomes?

ANSWER

Enhance communication between members, funds.
Enforce penalties for non-compliant employers.
Enhance fund oversight to reduce arrears.
Simplify the withdrawal process.
fanews magazine
FAnews November 2024 Get the latest issue of FAnews

This month's headlines

Understanding treaty reinsurance – and the factors that influence it
Insurance brokers: the PI scapegoat
Medical Schemes' average increases for 2025
AI is revolutionising insurance claims processing and fraud detection
Crypto arbitrage: exploring the opportunities and risks
Subscribe now