Understanding your Cyber Risk Exposure and the Insurance options available

Posted on Thursday, 16 March 2017
Reading time:
4 minutes

The cyber risk facing the world today has never been greater. As more and more homes and businesses make the transition into the cyber realm, we find that cyber risk no longer only sits with the giant multinational corporations and financial institutions, but all the way down the list through the SME’s, and even to individuals in their personal capacity. In order to protect themselves sufficiently, businesses need to determine where their exposure lies and understand the cover available in the market.

Hackers are now targeting businesses of all sizes - looking for data to exploit, holding businesses to ransom and performing financial transactions into their own bank accounts. The number of attacks continue to grow in South Africa, as both international and “local-is-not-so-lekker” hacking syndicates make their presence felt. Without legislation to compel public disclosure when a company is hacked it is difficult to grasp the full impact and extent of the hacking community in our country. However, Norton estimates that in 2015 almost 8.8 million South Africans fell victim to cyber crime, making South Africa the most hacked country on the continent. Furthermore, South Africans lose an estimated R2.2bn to internet fraud and phishing attacks each year according to the South African Banking Risk Information Centre (SABRIC).

As insurance brokers and business owners alike, it is important to identify the particular risk exposures faced by a company. Is the main concern that a hacker finds a way to steal money from you, draining your bank accounts and making bogus payments on your behalf? Or do you worry about the ramifications of a network breach – whether it be unscrupulous ransom demands for your servers to be decrypted, shareholder and client lawsuits for your failure to protect their information, or perhaps the fast-approaching Protection of Personal Information Act (POPIA), as well as the fines the Information Regulator may impose?

Determining which exposure, either theft of money or liability arising out of a network breach, is key to understanding which insurance to purchase.

Fortunately, Camargue offers two products which respond in the event of a cyber attack – each responding to a specific exposure.

Commercial Crime – Theft of Funds or Property

Our Commercial Crime policy is traditionally geared towards providing the Fidelity Guarantee cover found in most Multimark FG products on the market in the case of employee dishonesty and theft. There is, however, a section of the wording which responds specifically to Third Party Computer Fraud. This triggers should the Insured suffer a financial loss due to theft via hacking, a virus infiltrating their systems or by falling prey to a phishing attack.

The important thing to note is that no employee involvement is necessary. Thus, should a business fall prey to a phishing attack which allows an intruder access to their bank accounts for example, there is cover in place for the monies stolen.

Cyber Risks –  Liability arising out of failing to prevent a Network Breach

The second scenario holds a wide arrange of risk exposures – accordingly, the wording is divided into seven sections, each designed to cater for a specific scenario. In terms of being hacked, the policy responds should there be any legal action brought against the Insured for failing to prevent the network breach. Hand-in-hand with this, the cover will also pay for any fines levelled by the Information Regulator as well as the communication costs (where disclosure of a breach is now compulsory under the POPIA). There is also cover for any ransom monies which are paid in circumstances of data extortion, such as the increasingly popular ransomware/cryptolocker viruses which so many businesses fall victim to. 

As well as your standard network breach, there are sections which provide Professional Indemnity cover for technology service providers, business interruption and loss of income due to system downtime as well as multimedia and defamation risk.

The final trump card of the Cyber Risks policy is our “buffet style” approach, where a client may select which of the seven sections of cover they require for their unique exposure – making the policy a very affordable option for all business sizes.

In summary, it is imperative for businesses to plan ahead and understand where their greatest risk exposures lie in terms of a cyber attack. Unfortunately, it is not so much a question of “IF” anymore  but a question of “WHEN”! For theft of funds and property, the Commercial Crime wording would be most applicable. Regarding the liabilities arising out of failing to prevent a breach, our Cyber Risks policy succinctly covers a wide range of exposures. Of course, both the policies pair nicely together for a comprehensive insurance solution to cyber risks faced in the business world of today.

Ethan
Pitts
Trainee Underwriter
+27 (0)11 778 9140