SUB CATEGORIES Featured Story |  Straight Talk |  The Stage | 

Cyber protection becomes vital for company survival

05 August 2013 Jonathan Faurie

The world is defined by inventions which have shaped the way that the world is today. The introduction of the Model T Ford in 1908 changed the face of transportation as we know it, as did the concept of flight and the first official flight in a mechanical

These events have also changed the world of insurance. Without the invention of the Model T, we would not have motor insurance. And if the Wright brothers listened to the naysayers, we would not have travel insurance.

It is therefore not a far stretch of the imagination that there needs to be a major global drive towards insuring your online presence and information shared over the internet. Although the internet was developed by the US Military in the 1980s, it wasn’t until the 1990s that it became a global phenomenon.

Unlike the Model T, the growth of the internet has been unprecedented. According to Wikipedia, out of the 6.5-billion people in the world in 2005, 51% of the world’s population was using the internet on a regular basis. This increased to 39% in 2013 where the population also increased to 7.1-billion people.

Steps in the right direction

Although South Africa is technically classified as a developing nation, we need to move out of that mind set and start seeing ourselves as an emerging developed nation which has access to cutting edge technology and legislation which measures up against the best that the world has to offer.

If there is anything that the developed world taught their emerging counterparts in 2013 is that the internet is being used as the new battlefront where a new type of war is being waged. This means that protection of information is important and the short term insurance industry has a role to play in assisting this.

Camargue is taking these important steps by offering a cyber-liability product which will cover the industry. At announcement of this product development of these products in July, the company reported that successfully managing information technology in a business also means understanding and mitigating the risks associated with it, including increased regulatory compliance and the critical dependence of many business processes on information technology.

Speaking to the FAnews, Catherine Berry (Senior Underwriter: Financial and Professional Lines at Camargue) explained that IT Governance falls under the mandate of a business’ executives and its board of directors. “The King Code on Corporate Governance states that IT risk should form an integral part of an organisation’s risk management plan.”

Proper legislative backing

The role of information technology in the economic and social prosperity of the country is protected by the Electronic Communications and Transactions Act No. 25 of 2002. The Act strives to ensure that electronic transactions in South Africa conform to the highest international standards; and that a safe, secure and effective environment for the consumer, business and government is developed wherein electronic transactions can be conducted and utilised.

To achieve this, the Act seeks to ensure compliance with accepted international technical standards in the provision and development of electronic communications and transactions.

“To this end, the long awaited Protection of Personal Information (POPI) Bill aims to bring South Africa in line with international data protection laws. The impact of this legislation will be far reaching, with a significant impact on the manner in which companies collect, store, use and disseminate personal information,” says Berry. In addition, King III recommends that formal disaster recovery and contingency planning should form a vital part of good corporate governance practices.

Understanding your risks

Berry adds that that as the online environment becomes ever more complex, it has become almost impossible for businesses to address all the risks inherent in operating a computer network.

“Moreover, as technology evolves, so the crimes associated with it become increasingly complex. As such, the importance of prioritising risk management procedures specific to a business’ information technology structures cannot be more highly emphasised,” Berry insists, adding that these procedures are an integral part of combating and mitigating the effects of cybercrimes.

“There is a wealth of information that is freely available and easy to obtain that can be used to assist a business to conduct a risk assessment and prepare an information technology risk management framework,” Berry points out. For example, the Information Systems Audit and Control Association (ISACA) has compiled a Control Objectives for Information and Related Technology (COBIT) framework which specifically addresses information technology management and IT governance. Furthermore, the PCI Security Standards Council incorporates and cites a number of methodologies that are available to assist organisations in developing their risk assessment process: International Organisation of Standardisation (IS), The National Institute of Standards and Technology (NIST) and Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE).

“In this climate, business managers who have not implemented sufficiently detailed disaster recovery and business continuity plans are not only in contravention of good corporate governance, but are also placing the business in a precarious position that responsible management would not risk,” she concludes.

Editor’s Thoughts:
If you are one of the many who sit back and think that the chances of being directly affected by cybercrime are minimal, you need to reassess your position. This was probably the thought of a number of US media companies (which included the Washington Post and the New York Times) before a well organised attack from a supposed Chinese source compromised vital information that they had in their possession.

We are living in a world where criminals are using the internet for more than just research and recreational purposes. It is then surprising that there are not enough products which would adequately cover the industry. If the industry is moving towards becoming an information rich industry with the introduction of solvency assessment and management (SAM), then surely products which offer cyber liability will prove to be popular? Do you feel there should be more focus in this area? Please comment below, interact with us on Twitter at @fanews_online or email me your

Comment on this post

Email Address*
Security Check *
Quick Polls


How confident are you that insurers treat policyholders fairly, according to the Treating Customers Fairly (TCF) principles?


Very confident, insurers prioritise fair treatment
Somewhat confident, but improvements are needed
Not confident, there are significant issues with fair treatment
fanews magazine
FAnews June 2024 Get the latest issue of FAnews

This month's headlines

Understanding prescription in claims for professional negligence
Climate change… the single biggest risk facing insurers
Insuring the unpredictable: 2024 global election risks
Financial advice crucial as clients’ Life policy premiums rise sharply
Guiding clients through the Two-Pot Retirement System
There is diversification, and true diversification – choose wisely
Decoding the shift in investment patterns
Subscribe now