For businesses across the public and private sector, a breach can mean enormous financial losses, catastrophic damage to reputation and customer confidence, as well as embarrassment and legal and regulatory fines.
Simon Campbell-Young, CEO of MyCyberCare, says high profile breaches such as Target, the NHS, and more recently, the breach that exposed the ID numbers and other details of tens of millions of South Africans, are highlighting the need for protection against cyber threats. “Luckily, savvy insurers are stepping in and starting to offer coverage for events of this nature.”
He says brokers and insurers alike are starting to view coverage against breaches as one of their most promising markets, and believe that premiums will get more costly over the next four years. “The time to take out cyber insurance is now.”
According to him, cyber risk has become a boardroom issue over the past several years, following high profile hacker attacks against organisations that were assumed to be ‘bulletproof’ against attacks of this nature. “Giants like Sony, Google, RSA – all have the best security measure in place, and have the budget to spend on the latest and greatest tools. It just goes to show, if these businesses are vulnerable, all businesses are – irrespective of size or industry.”
Moreover, he says attacks utilising ransomware – in which threat actors use malicious software to encrypt a user’s information or systems, and then demand a ransom in order to unencrypt them – have increased dramatically over the last two years. “Cyber crooks are increasingly going after bigger targets, and organisations across retail, financial services, and healthcare: Businesses that house confidential customer information that they cannot afford to have compromised.”
He adds that, although businesses are covered for a multitude of losses, including natural disasters, they are still uninsured against the most common threat – a cyber attack. “However, cyber crime is relatively speaking, a recent scourge, and the threats are growing in both frequency and sophistication, seeing damages rising with each attack. This makes it tricky for insurers to set the appropriate limits and pricing to their policies.”
In addition, there are also many elements to cyber risk. “Some losses, such as financial losses or costs of data recovery, are quantifiable. Others such as damage to reputation, and legal fallout, are much harder to put a figure on. However, any insurer wishing to stay relevant in an increasingly online and digital business environment has to embrace the cyber insurance opportunity, while learning to appropriately manage the risks.”
One thing is certain, he says. With the frequency of breaches increasing daily, businesses need to accept that it’s only a matter of time before they are breached, and they need to be adequately prepared. “Most cyber insurance policies offer a range of coverage options, protecting against losses incurred directly by the business in response to a breach, such as fraud and theft, as well as costs incurred in the investigation stage, data loss and restoration, as well as costs of business interruption.”