Clyde Troup: Head of Underwriting – Discovery Business Insurance
Cyber theft and cyber attacks constitute the fastest growing crimes globally and cost the economy greatly. In 2013, SA lost over R2.2 billion to internet fraud and phishing attacks. Fast forward to 2020, ransomware hit record highs. Fast forward to 2021, and the effects of the global COVID-19 pandemic, combined with the increase in the value of cryptocurrency, drove ransomware to a staggering 62% of all cybercrimes.
Cybercriminals have always been opportunists, and the COVID-19 pandemic offered more evidence of this than ever. Malware attacks, encrypted threats, intrusion attempts, crypto-jacking attacks, ransomware attacks, and IoT attacks are modern realities that businesses face every day, particularly in a work-from-home environment. Individuals and organisations operating on the web live in fear of potential phishing attacks, hacking scenarios and data breaches. Phishing attacks are now highly localised, geo-targeted, and more personalised—about 32% of data breaches involved phishing activities. Aside from financial losses, such forms of cyber-attacks can lead to reputational damages as well. Consumer data, when compromised, can subject businesses to sanction under regulations such as POPIA, and can result in costly settlements.
Half of these cyber attacks target small businesses that usually don’t have sufficient cybersecurity measures to protect themselves from such threats. Phishing attacks are currently the most pervasive security threat to the IT sector, with many still falling victim to phishing emails. One in every eight employees shares information on a phishing site (Security Boulevard, 2020). This being the case, businesses are starting to adopt and invest in comprehensive security awareness programs.
Cyber Insurance – help your business to survive cyber incidents by managing and insuring cyber risk
From a risk point of view, it needs to be noted that the exposures and related solutions, protections and products are continuously evolving. Knowledge of the insurance products available in the market can be confusing and it’s thus important to engage with specialists to get the correct and most appropriate advice.
To understand the unique risks that each client is facing as well as their specific cyber insurance requirements, Discovery Business Insurance engages via the intermediary to gather client-specific information pertaining to Cyber risks and put the appropriate risk mitigation in place. Some of the underwriting requirements that would be considered include IT Security protections, the number of staff who have access to systems, password policies, server protection, access to Virtual Private Network (VPN) and security patch policies. These factors would be taken into consideration to determine the terms and conditions that should apply, as well as the premium rate to be charged for the risk.
Discovery Business insurance has also partnered with AVeS Cyber Security to assist with the provision of the most innovative cyber risk management on the market, tailored to 21st-century businesses. CEO of AVeS, Charl Ueckermann, says risk mitigation is about having an integrated approach by looking at people, business processes, technology and culture, with cyber insurance being a risk management tool. People should view their cyber insurance policies as part of their broader risk management strategy.
We now provide access to numerous cyber solutions which will simplify and improve the client’s cyber journey. At Discovery Business insurance we understand that “every second counts” and clients get access to protection packages at discounted rates. This will help them manage their cyber risks and enable fast and effective recovery following a cyber incident.
In the unfortunate event of a cyber-attack, we protect the client’s business against losses they suffer (first-party losses) as well as losses suffered due to the client being legally liable to a third party (third-party losses). First-party cover includes cover for loss of data, data recovery, business interruption (optional), reputational risks (optional), ransom costs, and other legal costs. Third-party cover includes legal liability costs and legal defence costs.
AVeS Cyber Security also offers a self-assessment where companies can assess their business against POPIA’s requirements at their own pace and time. Companies will get a POPIA readiness score with a detailed findings report. (Visit https://aves.co.za/it-governance/popia-readiness/)
Cyber insurance will reduce the overall cost of managing business risks. It also reduces the likelihood and size of business disruptions and POPIA fines. It will improve the business’s ability to recover from cyber incidents faster.