The advent of cyber risk insurance can no longer remain the preserve of specialist insurance companies, it has to be something that every forward looking member of the industry is taking seriously. This is because the exponential use of technology in business has meant that we are now reliant on the systems we use and the communication networks that connect us to each other. While this has made doing business easier in many ways, it has also meant that we have opened up another channel through which our organisations are exposed to risk.
In its report entitled “Net Losses: Estimating the Global Cost of Cybercrime” the Centre for Strategic and International Studies estimated that the global cost of cybercrime could be up to $575 billion, including both the gains to criminals and the costs to companies for recovery and defence. There is also a significant increase in hacking and data losses globally and these have been a real wake up call, highlighting to many the value and importance of the insurance needed to cover the gamut of cyber risks that businesses – of all sizes – face.
What can those risks look like?
The risks associated with cybercrime are numerous but all have one thing in common, they cost a business in money, time and often also, reputation. Typical cyber risks are assessed in terms of the following parameters:
Loss of intellectual property
Theft of financial assets and sensitive business information
Additional costs for securing networks
If e-commerce related there may be potential fines from failing to maintain payment system obligations
The cost of recovering from cyber attacks
The reputational damage to the hacked company
Small business does not equal small risk
The cost of cybercrime will continue to increase as more business functions move online and as more companies and consumers around the world connect to the internet. This is not just relegated to big business, increasingly, small businesses are at risk too. According to the South African 2014 SME Survey, the proportion of SMEs using the cloud to run their businesses is 27% overall, substantially up from 9% in 2012. The onset of the ‘bring your own device’ (BYOD) – and now the ‘bring your own software’ (BYOS) – trend means that employees are increasingly keeping private company data on a range of devices that are not protected or that can be accessed by outside parties. An employee leaving a personal iPad containing confidential figures at a coffee shop could be detrimental for an organisation. With SMEs trying to cut down on costs, employees utilising their own software is welcomed but equally as dangerous. Even though SMEs are using the online environment to run their companies, they typically are not including cyber risk as part of their business governance assessments.
In a large corporation, specialists are employed to assess and mitigate against cybercrime. SMEs do not have the luxury of big budgets and departments of people to investigate the probability of a cyber-attack. In fact, most owners of small businesses are so stretched that they don’t see their internet connection as anything other than a way to access documents, send emails and facilitate payment. This makes them sitting targets for unethical hackers looking for ways to make easy money.
It’s all insurable…
The good news is that cyber risk doesn’t have to be a disaster. By working with a reputable broker who has expertise in this sector, businesses of all sizes will benefit from insurance products that not only provide cover for cyber risk, but that often also deliver an expert assessment that makes recommendations to ensure proactive cyber risk mitigation procedures are in place.
Partnering with a reliable insurance company that has adequate depth of capability to provide suitable vendor services, as well as breadth of cover in the event of a claim, can mean the difference between a customer being able to recover from a cyber event or not. Insurers with a global network, such as Zurich, are able to utilise experience from other regions where cybercrime is viewed as a more established and recognised risk (such as the US) and deliver modular policies that cater for varying exposures that customers from different industries may face.
Nick Shutte, Head of Financial Lines, Zurich South Africa