Cybercrime is a daily occurrence in South Africa – it is not just an IT issue!
Cyber incidents are ranked as the second most dangerous risk in South Africa, according to the Allianz Risk Barometer 2023 report, which ranks the severity of business risks on a yearly basis.*
Cybersecurity has become a highly sophisticated and dynamic field that necessitates businesses to rapidly adjust and improve their cybersecurity parameters to detect and prevent cybercriminals from compromising their organisations.
As a business owner, it is difficult to accurately assess the true cost of cybercrime. However, it is important to note that Cybercrime could cost the world $10,5 trillion annually by 2025, according to Cybercrime Magazine by Cybersecurity Ventures, one of the world’s leading researchers on the global cyber economy.*
Cybercrime costs include damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.
In South Africa, cybercrime is a daily occurrence and not merely an IT issue. Therefore, any entity that makes use of an IT system – which simply means making use of a computer or laptop and/or storing either client or employee information – has a cybercrime or breach exposure.
By having a cyber policy in place, this risk is mitigated as the insurance provider will cover the cost of a hack attack or privacy breach, which, ordinarily could very well cripple a business. According to the Ponemon Institute’s Cost of a Data Breach Report 2022, the average total cost of a data breach costs R49.25 million. The report also highlighted that breach costs were the highest in organisations that have most of their employees working remotely.
“Failing to implement an appropriate cyber risk management strategy could constitute a breach of the Directors’ fiduciary duties. However, it is also imperative that all employees within an organization understand the potential cyber implications of their actions. Often, it is the employees of a business who are the biggest risk. 63% of network intrusions were the result of weak usernames and passwords and phishing attacks remain a highly effective form of attack accounting for 71% of interceptions,” explains iTOO, a specialist underwriting management agency focused on a range of special risk insurance.
If a business does not have a cyber policy in place and it experiences any sort of cyber-attack, the cost to “repair” the damage would need to come out of the company’s bottom-line revenue. In many instances, it is the small to medium-sized businesses that cannot afford this, and as a result, are forced to close their doors after being hacked.
So, whether you are a small business owner or the director of a large corporate, below are some factors you should be considering:
- What is your level of dependency on systems?
- What amount of sensitive data do you collect/store/process?
- How long would it take for you to recover operations?
- What are your business interruption expenses?
- The complexity of your specific environment and preparedness for a cyber incident
- Market presence of your company (public relations costs and crisis communication requirements, as well as legislative notifications)
A cyber policy provides cover for the following risks:
Business interruption losses and increased cost of working;
Costs to obtain professional (legal, public relations and IT forensic) advice, including assistance in managing the incident, co-ordinating response activities, making representation to regulatory bodies and coordination with law enforcement;
- The costs to perform incident triage and forensic investigations, including IT experts to confirm and determine the cause of the incident, the extent of the damage including the nature and volume of data compromised, how to contain, mitigate and repair the damage, and guidance on measures to prevent reoccurrence;
- Costs to restore, recollect or replace data that has been lost, stolen or corrupted;
- Crisis communications and public relations costs to manage the reputational damage, including spokesperson training and social media monitoring;
- Communication costs to notify affected parties as well as remediation services such as credit and identity theft monitoring to protect affected parties from suffering further damages;
- Cyber extortion costs to investigate and mitigate a cyber-extortion threat and where required pay the ransom demand; and
- Fines and penalties to the extent insurable by law.
Can you afford to NOT have a cyber policy in place?
Speak to one of our risk advisors and enquire about how you can effectively protect your business against the risks posed by cybercriminals. Enquire now.
Sources: