Thanks to the nature of the internet, the origins of cybercrime can’t be pinned down to any one location and nor can perpetrators be readily identified or prosecuted. In simple terms, this means companies in South Africa are potential targets for attacks by almost any cybercriminal from anywhere in the world – and those attacks are increasingly focused on gaining a financial advantage. As a result of the pervasive nature of cybercrime, particularly those companies which hold sensitive customer information should insure they have appropriate cover.
Cyber criminals are becoming more sophisticated and they will predominantly look for the weakest links, regardless of where companies may be situated. While information security measures are a must, just as important is a risk mitigation strategy, which should include insurance cover, to deal with the fallout if your company become a victim.
For those with criminal tendencies, cybercrime is attractive as it provides the possibility of making an easy buck ‘at arm’s length’ and, typically, out of the reach of all but the most determined law enforcement agencies. In as much as crime is concerned, misusing the internet such as through cyber extortion – a tactic which is increasingly prevalent – is becoming an easier way for criminals to make money.
But cyber risk is more than determined hackers looking for a payoff; companies today also have to contend with the risk of rogue employees with a possible agenda, ill prepared service providers or simple human error, any one of which can be the vector for an information breach. A breach can happen in many ways and when it does, it can affect the company’s ability to trade and that should be covered by your insurance policy,.
High profile incidences such as the hack that made public the details of confidential whistle-blowers and the recent attack on a prominent local newspaper serve to drive up an awareness of the risk of cybercrime. However, often companies aren’t yet aware of the range and scale of insurance solutions available to them. Though Cybercrime is an issue that directors are taking seriously it is still a relatively new concept.
Given the nature of the consequences of a security breach, she says insurance solutions have to provide a coordinated response. Typically, it isn’t just the breach that causes the damage, but also the way in which the victim company handles it. Cyber insurance solutions, therefore, shouldn’t just cover immediate financial losses, but must also include a holistic response which ties into the company disaster recovery plan. That includes communication and reputation management, legal support and forensic intervention to identify the source and, where possible, perpetrators of the breach.
With this kind of response, the company is able to resume trading as soon as possible, while ensuring it navigates the effects of cybercrime with the least possible lasting impact.
Roxanne Moodley, AIG Africa’s Professional Liability and Cyber Zonal Lead