Is the spotlight bright enough?
As the world is increasingly interconnected, everyone shares the responsibility of securing cyber space.
When Newton Lee made this statement, he was cognisant of the fact that the world has become increasingly interconnected and that the majority of business done in the world today is being done over the internet.
Because of this, criminals have also moved a significant portion of their business to the internet. According to a report conducted by internet security company McAfee, cyber crime has been estimated to cost the global economy in excess of $400 billion each year.
The big hitters
According to a cyber crime report that was published recently on the bestvpns.co.uk website, 2017 was a busy year for cyber criminals.
According to the report, over 200 000 computers in 150 countries were affected by the WannaCry malware. In the same year, over 12 500 machines in 64 countries faced the threat of Petya ransomware.
Attacks and cost
As evidenced above, cyber crime does not only affect people in their personal capacity and businesses, but also has the ability to influence the political space.
What are the biggest threats in society and what are the costs associated with them? According to the bestvpns.co.uk report, malware was the biggest threat in 2017 and carried a cost of $2 364 806.
Other types of attacks (and their cost) included:
- Web-based attacks at a cost of $2 014 142;
- denial of service attacks at a cost of $1 565 435; and
- malicious insider attacks at a cost of $1 415 217;
Local worries
What are the biggest cyber challenges facing South Africa? FAnews spoke to Ethan Pitts, a Cyber Risks and Commercial Crime Underwriter at Camargue, to find out more about the South African cyber liability scene.
“In order to understand how you may be at risk, you need to think why a cyber criminal might target your company. The primary reason is direct financial gain, hacking into bank accounts to make transfers or using phishing and other social engineering attacks to extract money from their unsuspecting victims,” says Pitts.
According to Pitts, the second most common incentive for hacking a company is to obtain confidential information, which can either be sold to competitors (think of the formula for a new drug which has not yet been patented) or black-market sources which specialise in Identity Fraud. With enough confidential information on someone, a skilled hacker can build an online persona and use that to gain access to the victim’s bank accounts or clone their identity documents.
The third reason for attack, previously limited to financial institutions and the telecoms industry, follows the pattern of a DDoS attack. By locking down a network with ransomware or infecting the key systems of a business with disruptive malware, hackers can bring down businesses and then extort them for a solution to their problems. Very few businesses have considered the cost that a cyber incident can have in terms of lost revenue, not to mention the costs incurred in restoring systems.
Prevent a heart attack
While the South African economy does have its fair share of large multinational companies, it is the Small, Medium and Micro-sized Enterprises (SMMEs) which are the heartbeat of the South African economy.
“In terms of small companies, the costs incurred to get back up and running are significantly smaller than a large-scale manufacturer or financial institution. Should a factory be halted while their computer systems are locked down, industrials can look to lose millions of Rands in a single day. Companies should therefore look at the costs of them going down for a week, or even longer and calculate the lost business during this time,” says Pitts.
Cyber insurance policies are unique in terms of the market as they provide cover for a combination of first and third party costs and expenses. While insurance cannot be the only form of risk mitigation, it does provide an effective risk transfer mechanism, especially for the SME market and smaller commercial ventures who may not have the budget to invest heavily in cyber security.
An unfortunate reality
According to Pitts, a lack of cyber awareness and the prohibitive costs of effective cyber security means that it forms a low priority for most executives.
“On a global level, only 50% of board members consider cyber security as part of the top ten concerns for their business – and South Africa follows this trend. For brokers, it is important to advise all clients that due to our integration with technology, cyber exposure is now a risk which needs to be addressed in the same manner that one would purchase insurance for an office fire or generic theft,” said Pitts.
Explaining the losses and ways that a cyber incident could affect their client’s business, especially in terms of lost revenue, is often an effective way to make a client aware of the possible financial impact of an attack.
Additionally, as part of their fiduciary duties, directors are obligated to ensure that their companies are adequately protected from all risk exposures. Does this increase the urgency of regarding cyber liability as a top risk?
Editor’s Thoughts:
Cyber crime has recently been rated as the top risk that faces the South African market. Do we have the skills to address this? Please comment below, interact with us on Twitter at @fanews_online or email me your thoughts [email protected].
