Lurking dangers that are intangible

We spoke to Minnaar Fourie, MD, commercial insurance division at King Price

As King Price, what do you see as Cyber Risk, for an insurance cover perspective?

Historically, commercial short term insurers sold products that indemnify businesses, usually for loss or damage to tangible assets, following insured perils like storms, theft and accidents. However, cyber-related risks have forced the industry to offer broader solutions to protect their clients against lurking dangers that are intangible, intentional and often international. Cybercrime has evolved and, in recent years, we’ve seen these criminal enterprises scale and globalise faster than any legitimate business could ever hope to.

Cybercrime syndicates are run like businesses, and legitimate commercial enterprises often don’t acknowledge the tenacity and organisation of the criminals that target them. To be able to protect your business against these attacks, it’s important to acknowledge the scale of cybercrime operations.

It’s also important not to underestimate what a cyberattack could cost your business. Cybercrime has become one of the biggest risks to business survival for South Africa’s SMME sector – but while data from the IBM annual Cost of a Data Breach Report shows that breaches have cost local companies an average of R40.2 million each, many businesses ignore the threat.

King Price Insurance’s cybersure is the cybercure for businesses that rely on their computer systems, Cybersure insures a business against financial loss, business interruption and reputational damage that result from cyber incidents, software and data, it protects against liability arising from the misuse of, and third party attacks on, a client’s IT infrastructure. Cybersure also covers data breach expenses, extra costs, incident response, expert support and loss of income, as a result of insured incidents.

How do you see cyber risk from an insurance perspective?

We see a cyber incident as a malicious act, including a denial of service (DoS) attack or the theft of data, malware or human error that has an impact on a client’s computer systems or the computer systems of their service provider, or a reasonable suspicion of such act, malware or human error.

How do you identify the cyber risks that businesses face?

Cybersure has different sections of cover. Larger businesses can choose ‘modules’ of cover for different risks and this choice affects the premium they pay. We also have a comprehensive product for SMEs, which reduces the guesswork. The main choice we offer SMEs is the indemnity limit, and this is guided by the potential loss that the business would suffer if its IT system was non-operational for a period of time.

Can cyber risk be quantified?

Definitely. The financial loss of an IT system breach is determined by our incident response experts. This is quantified for the period that an IT system is crippled, and claims are settled according to this calculation. As a client, it’s important to look critically at your business’ cyber risks and make sure that you have enough cover.

How do business interruption cover and cyber risk cover interact?

Cybercrime cover protects businesses against malicious acts that target their computer systems. So, we cover financial loss and business interruption due to malicious acts that impact on our clients’ business IT systems. However, it’s highly unlikely that a pandemic could cause a malicious IT system breakdown, and so business interruption caused by a pandemic is specifically excluded from our cybersure cover.

How does the advice process work when selling cyber cover?

We mainly sell cybersure through our broker partners, who are qualified to provide financial services advice to our clients. The process entails a detailed questionnaire that gives us a clearer understanding of a particular client’s exposure and requirements. We provide a quote and premium based on this assessment.