Don’t let your client become a statistic in a cyber-risk world
If you were asked five years ago what the biggest risk in the world was, fraud and corruption would most probably be at the top of that list. While fraud and corruption are still pertinent and ever present risks, cyber risk is one of the fastest growing concerns in the world.
What are the true effects of cyber-crime on society? Reports show that there are an estimated five malware events taking place in the world every minute. In addition, cyber-crime costs South Africa in the region of R5.8 billion annually.
Under siege
In a research report undertaken by Aon Risk Solutions and The Ponemon Institute, more than a third of risk professionals throughout Africa, Europe and the Middle East have experienced a material or significantly disruptive loss relating to a data breach or security exploit in the past two years. The average financial impact of these incidents is in the region of $2.1 million.
“Within the next five years, Cisco estimates there to be 50 billion internet-connected devices in the world. The transformation of the world’s economies from historical tangible products and manual labour services to reliance on technology and information assets is rapid and severe. Cloud computing, mobile devices, social media, big data analytics and the explosion of the Internet of Things has driven this digital transformation, and at the same time the inherent and very real risks,” says Kerry Curtin, Manager: Financial Institutions & Professional Risks at Aon South Africa.
Assess your cover
Despite the comparability of the average potential loss to information assets, which stands at $617 million, and Property, Plant & Equipment (PPE), which stands at $648 million, the percentages of insurance coverage between respondents differs dramatically.
The report shows that information assets are either not insured or underinsured against theft or destruction based on the value, Probable Maximum Loss and likelihood of an incident occurring, even though Probable Maximum Loss could exceed $200 million.
The disclosure or reporting of a material loss of PP&E and information assets also differs between respondents. Only 50% of respondents say their company would disclose the loss of PP&E in its financial statements as a footnote disclosure. However, 34% of respondents say a material loss of information assets does not require disclosure.
Despite the serious risk, companies are still reluctant to purchase cyber insurance coverage. Fifty-two percent of respondents believe their companies’ exposure to cyber risk will increase over the next two years. However, only 19% of respondents say their company has cyber insurance coverage in the first place, even though 37% of companies in this study experienced a material or significantly disruptive security exploit or data breach one or more times during the past two years and the average economic impact was $2.1 million.
What are you covered for?
Because cyber risk in itself is never static, it becomes hard to pinpoint the exact cover that is needed in order to make sure that your client will not suffer a significant loss. Catherine Berry, Director of Commercial & Cyber Crime at Camargue, points out some of the key areas that definitely need to be covered.
Areas such as professional liability which includes errors and omissions, multimedia liability, network security and privacy liability, business interruption, supply chain disruption and reputational damage are some of the key areas that need to be covered as a matter of urgency.
To make the effects of a cyber-breach more personal, we only have to think back to the Sony Entertainment hack last year which could cost the company in the region of $100 million. In August last year, American retail giant Target reported that the company expects to lose $148 million from the data breach the company faced in 2013. However, this is a conservative estimate as legal proceedings are still ongoing.
Be vigilant
There are increased calls for companies to be aware of the threat that cyber risks pose and to prepare themselves for a data breach. Even the simplest thing can spark a major investigation. Danny Myburgh, MD of Cyanre, points to the fact that 100% of the companies involved in the investigations that his company carries out had virus protection on their systems.
A scarier figure is that attackers are constantly active and are active in the environment for an estimated 205 days before they are caught. Eighty percent of cyber breaches are carried out with the help from an inside person.
Editor’s Thoughts:
One does not want to become a statistic. And in a world where almost every aspect of your client’s life will be run by technology, can they afford to foot a bill similar to that faced by Sony and Target? Perhaps the breach will not be on the scale of these two giants, but any breach will have a lasting effect that no company will be able to overcome without liability cover. Please comment below, interact with us on Twitter at @fanews_online or email me your thoughts jonathan@fanews.co.za.
