With companies around the world and in South Africa increasingly dependent on IT and telecoms systems for their operations, cyber-attacks are becoming an ever greater threat.
South Africa has unfortunately become a hotspot for cyber crime. It was ranked as one of the top three countries globally for targeted phishing scams[i]and it is estimated that cyber-attacks cost the country over R5.8 billion rand in 2014 alone[ii].
One of the sectors that have been the main target of cyber attacks is healthcare. According to the fourth annual NetDiligence Cyber Claims Study 2014, which focusses on cyber liability insurance reported claims in the US, healthcare companies were at the top of the list of those most frequently attacked, followed closely by the financial services sector. The UK’s Information Commissioner’s office reports that data breaches in the healthcare industry far outweighs any other industry, says Elsa Jordaan, a partner at the South African office of global law firm Clyde & Co, who is following the developments in cyber breaches and liability in South Africa closely. According to Jordaan, South Africa is likely to follow the same pattern as in the US and the UK. The healthcare industry is becoming more reliant upon technology and digitising patient information and records, says Jordaan, thus increasing the risk for cyber breaches and losses occurring in a variety of manners.
Every industry, including healthcare, is facing first-party cyber risk: the risk of system failure, and the cost of restoring the system as well as the resulting lost revenues while the company is not able to operate. What sets healthcare companies apart is that they collect, store and share not only financial and general personal information but also highly sensitive patient information relating to health records. Privacy of patient information is of utmost importance and any leak can have severe implications; if lost, hacked or stolen, it has the potential to cause liability claims and grave reputational damage.
At the same time, healthcare practitioners need to be aware of the costs involved in crisis management if a cyber breach or systems failure does occur – especially for such a sensitive sector. A breach in data does not always occur directly as the result of a hacking attack; it can happen as a result of something as simple as a misplaced memory stick. If such an incident occurs it is important for healthcare companies to react as quickly as possible to protect their brand, minimise adverse publicity and reassure clients that the company is doing everything possible to resolve the issue – and take the necessary steps to prevent from happening again.
Cyber risks are not going to go away. If anything, they are set to grow as our reliance on technology and automated services increases. Ultimately, to confront the challenges – external or internal – posed by cyber risk, health care companies should opt to have truly comprehensive cyber cover, for all potential threats: from the financial damages suffered by a company to loss of profits as well as costs for recovery of data, expert assistance, and also for analysis of the attack that can lead to improved security. Also, policies can include cover for third party liability as a result of e.g. a data breach.
Comprehensive insurance cover is now clearly a necessary part of a company’s defence plan in world of increasing IT and cyber threats and errors. In a technology driven world, having proper and comprehensive cyber cover is indispensable.
Quinton Kotze, Head of Financial Lines, ACE Insurance South Africa