Advertise Here
Icon

Directory

IconAccounting & Tax
IconAccreditation Bodies
IconActuaries
IconAssociations and Institutes
IconAuditors
IconBBBEE Consulting and Verification Agencies
IconBusiness Process Management
IconBusiness Process Outsourcing
IconCompany Secretarial Services
IconCompare Medical Scheme Benefits
IconCompliance
IconConsumer Protection
IconCorporate Governance
IconCredit Bureaus
IconDebit Order Collection Facilities
IconEducation and Training
IconEmergency Medical Rescue
IconExpatriate Cover
IconFAIS
IconHealthcare Consultants
IconHuman Resources
IconInformation Technology and Software Partners
IconLegal
IconManaged Healthcare Service Providers
IconMedical Aid Administrators
IconMedical Aid Schemes
IconMedical Schemes Trustees Liability Insurance
IconMedical Service Providers
IconOmbud
IconPolicy Administration
IconPublications
IconRegulatory Authorities
IconSurveys & Research
IconTraining Courses & Workshops
IconWellness Programs
Image
  Subscribe To »

Cyberattacks targeting South Africa: Expensive lessons to be learnt

Published

2018

Mon

09

Apr

 

 

 

 

 

 

Catherine Berry, Camargue Underwriting Managers

 

 

 

 

On a daily basis, headlines across all media platforms report on the rampant increase of cybercrime. Discussions regarding cyber security in respect of national resources and assets abound, with fears of nuclear plants and power grids being targeted by cyber criminals. Television crime series’ plots see the hacking of personal devices such as pace makers and GPS devices. Sci-fi movies are filled with artificial intelligence, not only threatening everyday jobs, but turning on humanity. But that’s obviously all just scare tactics and Hollywood scripts. South Africa is removed from these headline horrors of data theft, of cyber warfare and all things AI. Aren’t we?

One of the largest contributing factors to this idealism, is that the Protection of Personal Information Act is not fully effective yet. The impact of this is that South African breaches or denial of service attacks do not have to be reported, nor made public. It is only natural that the custodians of compromised data would be loath to voluntarily publicize their failure at protecting their clients’ personal information. Such a publication would attract media and public scrutiny, tarnishing the organisation’s reputation for an indeterminable period, if not forever. This shroud of shame would be accompanied with a devaluation of the company’s value, and that is not even considering a potential class action suit levied against the organisation. The [self-funding] regulator would most certainly seek to impute its powers in imposing a fine [of up to R10m]. This cost would be over and above the costs incurred with having to advise the organisation’s database of the data breach. The company would surely be expected to assist with implementing risk management measures to avoid identity theft of their customers, caused by the breach. Thus, there are very few cyberattacks [on South African companies] which are publicized.

A September 2017 article featured on www.techfinancials.co.za advises that, in 2016, South Africa was ranked at 58 on the list of 117 countries suffering the most cyberattacks. South Africa now holds the 31st position on this list, with an estimated R50 billion been lost due to these attacks.

WannaCry was considered the largest virus attack of 2017, infecting between 400,000 to 1 million devices worldwide. Cyber security firm Check Point (Massive cyberattacks slated for 2018 will make Petya WannaCry) anticipate 2018 seeing new better-coordinated attacks, dwarfing Petya and WannaCry, which cost South African and global companies millions. Distributed Denial of Service attacks such as that against domain directory service DynDNS which caused an internet outage in 2016, affecting users of large web businesses such as Netflix and Amazon, are indicative of the impact which attacks on critical infrastructure can cause.

As reported in the Ponemon Institute’s 2017 Cost of Data Breach Study: Global Overview, organisations in South Africa have a 41% probability of experiencing a material data breach (involving 10,000 records or more) over the next 24 months. 40% of South African breaches studied over the two-year period were due to malicious attacks, with the average number of records compromised being 19,800.

In the Ponemon Institute’s 2017 Cost of Data Breach Study: South Africa, the study revealed that the average cost of a data breach was R32m, equating to R1,632 per capita. R809 of the latter figure is in respect of direct costs expended in isolating and containing the breach. This is in stark contrast to the apathy of South Africans towards their vulnerability, as the costs cited in the survey are from actual data breaches.

The State of Endpoint Security Today, sponsored by Sophos, reports that, for South Africa, the median total cost of a ransomware attack was R1.6m (extending beyond ransom, includes downtime, manpower, device cost, network costs and lost opportunities).

The statistics detailed above all point to an evolving technological environment, where cybercriminals are continuously finding new exploit tactics which, when deployed, could cripple a company. The strong emphasis on good corporate governance worldwide dictates that strong risk management measures need to be implemented to protect organisations against cyberattacks. Given the significant costs associated with these attacks, it is imperative that cyber insurance be considered as a risk transfer mechanism, as a component of a comprehensive risk management programme which includes a cyber security framework.

Camargue Underwriting Managers (Pty) Limited (“Camargue”) has been underwriting cyber insurance since 2011. The Camargue cyber product provides comprehensive coverage, not only in respect of third party liability emanating from data breaches (whether it be from customers whose confidential information has been compromised, or from the regulator, as a result of the data breach), or viruses inadvertently transmitted by the Insured to a third party. In addition, the policy also provides crisis management and customer support, along with credit monitoring, in the event of a data breach. First party coverage includes data recovery and loss of business income coverage, because of a first party event emanating from a security breach, computer virus or malicious code, failure of a computer network, programming error of delivered programs, or damage to data. The policy offers errors & omissions coverage for companies rendering information technology services and advice.

The Camargue Cyber Attack Plus (CCAP) product was launched during 2017. This product not only covers the exposures detailed above, but further extends to cover property damage and bodily injury. Industries requiring this coverage include energy, oil and gas, critical infrastructure, utilities, mining, distribution, logistics, manufacturing, transportation and heavy industry.

Over and above the policy coverage, Camargue provides risk management services such as automated vulnerability assessments, private arbitration as well as contract vetting, to assist Insureds with a multi-pronged risk management approach. 

 
Source: Camargue Underwriting Managers
 
« Back to previous page Print this page » |
 

Breaking News »

SANDWICH PANELS: A Burning Issue - Understanding the Risk

Sandwich Panel related fires have resulted in major property damage and business interruption losses over the years. What are Sandwich Panels? Sandwich Panels or Composite Panels are structures made ...
Read More »

  

Transformation Collection During COVID-19

While COVID-19 has created havoc on society, this change can contribute to positive opportunities in the way we do business within an enterprise moving forward. Rapid Collect can assist SME's and ...
Read More »

  

Covid-19 shines spotlight on gaping holes in personal risk planning and responding insurance solutions

The Covid-19 pandemic has pulled a critical thread, unravelling the fibre of every economic and social structure, across countries, continents and communities. In the wake of soaring infections, hospitalisations ...
Read More »

  

COVID-19 and guidance for the medical profession

The Health Professions Council of South Africa (HPCSA) has recognised the severity of the COVID-19 outbreak and provided special guidelines that will apply during the pandemic. The HPCSA will continue to operate, ...
Read More »

 

More News »

Image

Investment »

Image

Life »

Image

Retirement »

Image

Short-term »

Advertise Here
Image
Image
Advertise Here

From The Glossary »

Icon

Common Account:

A term used to describe the joint interests of a ceding company and its reinsurer(s). The term is commonly used in relation to the provision of joint reinsurance protection to both parties, for example excess of loss protection for ‘common account’ covering both parties’ interests.
More Definitions »

 

Advertise

 

eZine

 

Contact IG

 

Media Pack

 

RSS Feeds

By using this website you agree to the Terms of Use.
Copyright © Insurance Gateway (Pty) Ltd 2004 - 2020. All Rights Reserved.