SHA has launched its new Cyber SME insurance product aimed specifically at small to medium sized (SME) businesses because the company felt that the SME sector is often overlooked by specialist insurers.
Many believe that the risks of a breach in a small business are higher than in a larger company because the security may not be as robust and are thus not willing to take on the risk. SHA has taken a view that the businesses that make up the backbone of our economy need protection as much, if not even more, than corporates.
It is important to remember that an SME may never recover from a cyber-attack. An SME may not be able to afford a messy legal battle following a breach or two weeks of down-time following a hack attack. Our policy and our cyber risk team work together to help mitigate that risk.
Most of the insurance policies that cover hacking and network security breaches are geared up for larger businesses, often with confusing and unnecessary covers. The new Cyber SME policy looks at exposures that the majority of businesses in South Africa actually face.
Traditional policies ignore the fact that actual funds are often stolen when hackers target a business. Most cyber policies actually exclude such financial losses, while our new policy covers this exposure. The policy also recognises that business use of social media platforms is on the rise. With this increased visibility in the social space, come the risks of defamation (often by employees) and even copyright infringement. The SHA policy provides multi-media liability cover to protect the business against these types of events.
There has also been a massive increase in ransomware attacks on small businesses so the policy provides protection against such incidents, even going so far as to cover the cost of the ransom if other remedial actions fail. Traditional cyber exposures are also covered such as liability following a network breach, the costs of reinstating a damaged database after an attack, public relations costs to protect the brand, credit monitoring for clients of the insured whose personal info has been compromised and loss of business income while the system is offline. We also included professional indemnity insurance for technology professionals who may be providing IT services to their clients so that they don’t need a separate policy.
Any small to medium sized business can access the policy as long as they approach us through their licensed insurance broker.
Any business involved in any of the following activities should be buying this new SME cyber insurance:
– that store data belonging to third parties (or employees)
– that provide professional IT services
– that interact with customers via social media and other electronic media
– that publish material on a website
– that have concerns about things like ransomware or network breaches
– that worry about POPI fines (up to R10m per incident)
– that sell or supply devices that are linked to the internet (Internet of Things)
– that cannot operate if their networks are offline
The Internet of Things really brings about wonderful benefits to consumers. Being able to manage and monitor devices remotely is very useful, until the wrong people get control. Machinery and equipment that can be shut down or manipulated by hackers can cause serious damage and even injury to users. Just imagine the braking systems on a car or the safety features in an elevator being controlled by some unknown cybercriminal. Our new policy provides liability cover for businesses whose products may cause harm following a cyber-attack.
The pricing of the new product is also tailored to fit the finances of an SME. Traditionally cyber cover has been out of reach of small businesses due to hefty premiums and massive excesses. We’ve changed all of that and a relatively small SME can get themselves insured for under R10,000 per annum.
Candice Sutherland, Business Development Consultant at SHA Specialist Underwriters