Advertise Here
Icon

Directory

IconAccounting & Tax
IconAccreditation Bodies
IconActuaries
IconAssociations and Institutes
IconAuditors
IconBBBEE Consulting and Verification Agencies
IconBusiness Process Management
IconBusiness Process Outsourcing
IconCompany Secretarial Services
IconCompare Medical Scheme Benefits
IconCompliance
IconConsumer Protection
IconCorporate Governance
IconCredit Bureaus
IconDebit Order Collection Facilities
IconEducation and Training
IconEmergency Medical Rescue
IconExpatriate Cover
IconFAIS
IconHealthcare Consultants
IconHuman Resources
IconInformation Technology and Software Partners
IconLegal
IconManaged Healthcare Service Providers
IconMedical Aid Administrators
IconMedical Aid Schemes
IconMedical Schemes Trustees Liability Insurance
IconMedical Service Providers
IconOmbud
IconPolicy Administration
IconPublications
IconRegulatory Authorities
IconSurveys & Research
IconTraining Courses & Workshops
IconWellness Programs
Advertise Here
  Subscribe To »

Cyberattacks targeting South Africa: Expensive lessons to be learnt

Published

2018

Mon

09

Apr

 

 

 

 

 

 

Catherine Berry, Camargue Underwriting Managers

 

 

 

 

On a daily basis, headlines across all media platforms report on the rampant increase of cybercrime. Discussions regarding cyber security in respect of national resources and assets abound, with fears of nuclear plants and power grids being targeted by cyber criminals. Television crime series’ plots see the hacking of personal devices such as pace makers and GPS devices. Sci-fi movies are filled with artificial intelligence, not only threatening everyday jobs, but turning on humanity. But that’s obviously all just scare tactics and Hollywood scripts. South Africa is removed from these headline horrors of data theft, of cyber warfare and all things AI. Aren’t we?

One of the largest contributing factors to this idealism, is that the Protection of Personal Information Act is not fully effective yet. The impact of this is that South African breaches or denial of service attacks do not have to be reported, nor made public. It is only natural that the custodians of compromised data would be loath to voluntarily publicize their failure at protecting their clients’ personal information. Such a publication would attract media and public scrutiny, tarnishing the organisation’s reputation for an indeterminable period, if not forever. This shroud of shame would be accompanied with a devaluation of the company’s value, and that is not even considering a potential class action suit levied against the organisation. The [self-funding] regulator would most certainly seek to impute its powers in imposing a fine [of up to R10m]. This cost would be over and above the costs incurred with having to advise the organisation’s database of the data breach. The company would surely be expected to assist with implementing risk management measures to avoid identity theft of their customers, caused by the breach. Thus, there are very few cyberattacks [on South African companies] which are publicized.

A September 2017 article featured on www.techfinancials.co.za advises that, in 2016, South Africa was ranked at 58 on the list of 117 countries suffering the most cyberattacks. South Africa now holds the 31st position on this list, with an estimated R50 billion been lost due to these attacks.

WannaCry was considered the largest virus attack of 2017, infecting between 400,000 to 1 million devices worldwide. Cyber security firm Check Point (Massive cyberattacks slated for 2018 will make Petya WannaCry) anticipate 2018 seeing new better-coordinated attacks, dwarfing Petya and WannaCry, which cost South African and global companies millions. Distributed Denial of Service attacks such as that against domain directory service DynDNS which caused an internet outage in 2016, affecting users of large web businesses such as Netflix and Amazon, are indicative of the impact which attacks on critical infrastructure can cause.

As reported in the Ponemon Institute’s 2017 Cost of Data Breach Study: Global Overview, organisations in South Africa have a 41% probability of experiencing a material data breach (involving 10,000 records or more) over the next 24 months. 40% of South African breaches studied over the two-year period were due to malicious attacks, with the average number of records compromised being 19,800.

In the Ponemon Institute’s 2017 Cost of Data Breach Study: South Africa, the study revealed that the average cost of a data breach was R32m, equating to R1,632 per capita. R809 of the latter figure is in respect of direct costs expended in isolating and containing the breach. This is in stark contrast to the apathy of South Africans towards their vulnerability, as the costs cited in the survey are from actual data breaches.

The State of Endpoint Security Today, sponsored by Sophos, reports that, for South Africa, the median total cost of a ransomware attack was R1.6m (extending beyond ransom, includes downtime, manpower, device cost, network costs and lost opportunities).

The statistics detailed above all point to an evolving technological environment, where cybercriminals are continuously finding new exploit tactics which, when deployed, could cripple a company. The strong emphasis on good corporate governance worldwide dictates that strong risk management measures need to be implemented to protect organisations against cyberattacks. Given the significant costs associated with these attacks, it is imperative that cyber insurance be considered as a risk transfer mechanism, as a component of a comprehensive risk management programme which includes a cyber security framework.

Camargue Underwriting Managers (Pty) Limited (“Camargue”) has been underwriting cyber insurance since 2011. The Camargue cyber product provides comprehensive coverage, not only in respect of third party liability emanating from data breaches (whether it be from customers whose confidential information has been compromised, or from the regulator, as a result of the data breach), or viruses inadvertently transmitted by the Insured to a third party. In addition, the policy also provides crisis management and customer support, along with credit monitoring, in the event of a data breach. First party coverage includes data recovery and loss of business income coverage, because of a first party event emanating from a security breach, computer virus or malicious code, failure of a computer network, programming error of delivered programs, or damage to data. The policy offers errors & omissions coverage for companies rendering information technology services and advice.

The Camargue Cyber Attack Plus (CCAP) product was launched during 2017. This product not only covers the exposures detailed above, but further extends to cover property damage and bodily injury. Industries requiring this coverage include energy, oil and gas, critical infrastructure, utilities, mining, distribution, logistics, manufacturing, transportation and heavy industry.

Over and above the policy coverage, Camargue provides risk management services such as automated vulnerability assessments, private arbitration as well as contract vetting, to assist Insureds with a multi-pronged risk management approach. 

 
Source: Camargue Underwriting Managers
 
« Back to previous page Print this page » |
 

Breaking News »

What is the difference between Black Friday and Cyber Monday?

Cyber Monday originated in the US and is a marketing term used for the Monday after Thanksgiving. It was created by retailers to encourage people to shop online. The term was coined by Ellen ...
Read More »

  

Interview with Bright Rock CEO, Schalk Malan about their ground-breaking temporary disability cover

In October 2019 Needs-matched life insurance provider, BrightRock, announced enhancements to their temporary expenses cover. Read More More recently Insurancegateway® Interviewed Schalk Malan to not only ...
Read More »

  

The Importance of an effective online campaign

As we enter the age of the fourth industrial revolution, a technological transformation driven by the internet, it seems almost unthinkable that the web would not be the preferred platform chosen by businesses ...
Read More »

  

Genesis Medical Scheme announces the lowest contribution increase for 2020

Across the private healthcare industry in South Africa, members of medical schemes are bracing themselves for a 10% increase in their 2020 contributions, exceeding the general inflation rate by 4. With average ...
Read More »

 

More News »

Image

Investment »

Image

Life »

Image

Retirement »

Image

Short-term »

Image
Image
Image
Image
Advertise Here

From The Glossary »

Icon

Internal Linked Funds:

Specified assets by reference to which the value of policyholder benefits is determined.
More Definitions »

 

Advertise

 

eZine

 

Contact IG

 

Media Pack

 

RSS Feeds

By using this website you agree to the Terms of Use.
Copyright © Insurance Gateway (Pty) Ltd 2004 - 2019. All Rights Reserved.