2017 - The year of the Cyber Attack

The year 2017 was a horrendous one in terms of the number and scale of widely publicised data breaches
The year 2017 was a horrendous one in terms of the number and scale of widely publicised data breaches; the ramifications of which will be felt by the affected companies and persons for years to come. A magnitude of attacks rocked the world over the last twelve months, including an array of new ones which have become infamous due to the extent of their destruction.  A few of these include, but are not limited to, the following: WannaCry, Petya, Not-Petya, the Equifax breach, Verizon and NSA breaches. Even brands which have always been synonymous with ‘unbreakable security’ such as Apple, have been sorely tested.

In 2017 thousands of Apple Mac users had a 50% chance of being infected by a Trojan (a type of computer virus) which had infiltrated Mac’s standard video encoder, HandBrake, allowing hackers to steal passwords from their keychain. To add insult to injury, 2018 did not get off to a prosperous start, either, as a new exploit was discovered which allows a skilled hacker to read the encrypted information on any device with an Intel Processor (including all Apple products).

Apple is not the only targeted enterprise. The international transport and freight giant, Maersk, suffered a USD $300m loss revenue following the Petya epidemic, according to their CEO, Søren Skou.

Whilst international companies tend to make news headlines, South Africa has not escaped the hit-list in terms of cyber-criminals looking to expand their revenue stream. Recently, the personal information of thirty-three million South Africans was found on the Dark Web. Considering the delay in the announcement of the implementation date of the Protection of Personal Information Act (“POPIA”), which will require juristic and natural persons to disclose breaches, insurers are currently well-positioned to observe the growing number of incidents within the economy (as a direct result of an adverse claims experience).

As seen in recent years, the number of records stolen in a breach and the type of companies affected becomes a blur. Gone are the days of attacks being confined to large retailers, healthcare provider’s and financial institutions. The connectivity between businesses and people is ever growing and evolving. With this, and the rapid pace of innovation within the technology sector, people and businesses are exposed to risks which traditionally did not pose considerable threat; and that historical risk-transfer mechanisms are ill-equipped to address.

Understanding the wide array of technological risk faced on a daily basis requires in-depth expertise and knowledge, which is not viable for the average business owner. Understanding what the key exposures are to one’s specific business and industry, as well as knowledge of solutions available, is an effective approach to managing and mitigating cyber risk and exposure.

For the most part, companies effected by cyber-attacks in 2017 experienced the following:

1. Loss of revenue due to a failure of the IT system and network. Think of a large online retailer whereby the payment portal on their website is compromised for just one day and the financial ramifications thereof. Large-scale manufacturers have been similarly affected when their factories are compromised.

2. When confidential information is accessed and exploited, this results in notification costs to contact the subjects whom are effected by the breach (via post, email or telephone); costly legal actions and defence costs, as well as potential regulatory fines and penalties for non-compliance with data protection laws specific to the territory in question.

As the majority of business owners are not cyber security experts, it is reassuring that there are risk management professionals whom are able to assist in identifying cyber risk and tailoring specific solutions to address these exposures. A comprehensive cyber insurance policy is one way in which a business can transfer cyber risk off its balance sheet, thereby protecting the bottom line and reputation of the organisation in the event of a cyber related incident.

More News Stories

December 22, 2020
Cyber Crime: Ensuring Your Clients are Appropriately Covered

As technology becomes one of the primary means for people to do business, connect with each other, do their shopping and sometimes even host a wedding, the prevalence of criminal attacks perpetrated by way of a computer is certainly on the rise.

Read story
December 17, 2020
Business interruption insurance cover hinges on policy wordings

Despite early court rulings in favour of policyholders, some businesses with COVID-19-related losses will not have business interruption cover

Read story
December 7, 2020
Mozambique spotlight: what you need to know and what precautions to take

On 9 November 2020, Islamist militants beheaded at least 50 civilians in a string of attacks on villages in northern Mozambique.

Read story