2017 - The year of the Cyber Attack

The year 2017 was a horrendous one in terms of the number and scale of widely publicised data breaches
The year 2017 was a horrendous one in terms of the number and scale of widely publicised data breaches; the ramifications of which will be felt by the affected companies and persons for years to come. A magnitude of attacks rocked the world over the last twelve months, including an array of new ones which have become infamous due to the extent of their destruction.  A few of these include, but are not limited to, the following: WannaCry, Petya, Not-Petya, the Equifax breach, Verizon and NSA breaches. Even brands which have always been synonymous with ‘unbreakable security’ such as Apple, have been sorely tested.

In 2017 thousands of Apple Mac users had a 50% chance of being infected by a Trojan (a type of computer virus) which had infiltrated Mac’s standard video encoder, HandBrake, allowing hackers to steal passwords from their keychain. To add insult to injury, 2018 did not get off to a prosperous start, either, as a new exploit was discovered which allows a skilled hacker to read the encrypted information on any device with an Intel Processor (including all Apple products).

Apple is not the only targeted enterprise. The international transport and freight giant, Maersk, suffered a USD $300m loss revenue following the Petya epidemic, according to their CEO, Søren Skou.

Whilst international companies tend to make news headlines, South Africa has not escaped the hit-list in terms of cyber-criminals looking to expand their revenue stream. Recently, the personal information of thirty-three million South Africans was found on the Dark Web. Considering the delay in the announcement of the implementation date of the Protection of Personal Information Act (“POPIA”), which will require juristic and natural persons to disclose breaches, insurers are currently well-positioned to observe the growing number of incidents within the economy (as a direct result of an adverse claims experience).

As seen in recent years, the number of records stolen in a breach and the type of companies affected becomes a blur. Gone are the days of attacks being confined to large retailers, healthcare provider’s and financial institutions. The connectivity between businesses and people is ever growing and evolving. With this, and the rapid pace of innovation within the technology sector, people and businesses are exposed to risks which traditionally did not pose considerable threat; and that historical risk-transfer mechanisms are ill-equipped to address.

Understanding the wide array of technological risk faced on a daily basis requires in-depth expertise and knowledge, which is not viable for the average business owner. Understanding what the key exposures are to one’s specific business and industry, as well as knowledge of solutions available, is an effective approach to managing and mitigating cyber risk and exposure.

For the most part, companies effected by cyber-attacks in 2017 experienced the following:

1. Loss of revenue due to a failure of the IT system and network. Think of a large online retailer whereby the payment portal on their website is compromised for just one day and the financial ramifications thereof. Large-scale manufacturers have been similarly affected when their factories are compromised.

2. When confidential information is accessed and exploited, this results in notification costs to contact the subjects whom are effected by the breach (via post, email or telephone); costly legal actions and defence costs, as well as potential regulatory fines and penalties for non-compliance with data protection laws specific to the territory in question.

As the majority of business owners are not cyber security experts, it is reassuring that there are risk management professionals whom are able to assist in identifying cyber risk and tailoring specific solutions to address these exposures. A comprehensive cyber insurance policy is one way in which a business can transfer cyber risk off its balance sheet, thereby protecting the bottom line and reputation of the organisation in the event of a cyber related incident.

More News Stories

August 24, 2020
Labour disputes in the age of COVID-19

The coronavirus (COVID-19) pandemic has brought about many changes in the workplace and its effect on the economy has been widespread and detrimental.

Read story
August 18, 2020
POPIA and the insurance industry

The main substance of the Protection of Personal Information Act 4 of 2013 (POPIA) came into effect on 1 July 2020.

Read story
July 23, 2020
Kidnap and Ransom Insurance

Kidnap and Ransom (K&R) Insurance is not a new concept and evidence exists of this type of policy as far back as the 16th century.

Read story