It’s estimated that over 70% of South African businesses are significantly unprepared for cyber liability risks. They are also woefully underinsured when it comes to managing the financial and legal implications that follow a major cyber breach.
This is according to Jenny Jooste, account executive for professional risks at Aon South Africa. In the wake of cyber attacks against large organisations around the world, it’s essential that business leaders understand:
- the level of network security threats,
- the consequences of those risks, and
- the availability of cyber insurance policies.
Protect your customers’ information
The Protection of Private Information Bill (POPI), which will be signed into South African law within months, will make onerous demands on how a client’s personal data is managed, stored and used by a business.
Is the cloud a threat?
The growing use of cloud computing also brings with it its own set of security challenges. According to Deloitte, people refer to cloud computing without a clear knowledge of what it actually is. Cloud computing is really just accessing a server somewhere in the world, often outside of South Africa.
Where is your data?
The reality is that most companies have no idea where their information is stored. They know that they outsource to a company but where that company sends information, they have no idea.
You are accountable
Organisations need to remember that while they may be depositing their data in a public cloud, they do not transfer their risk. If any information is compromised, the liability remains with the organisation. While they may have some recourse against the cloud provider, its cold comfort if their reputation gets blown.
“If a company database containing personal information is compromised by a virus or hacking attack, the extent of the damage can be massive. If a client can verify that they have suffered a loss due to the data breach, they may hold the company responsible for the loss,” says Jooste.
Insurance against cybercrime advised
“Cybercrime costs global economies an estimated $100 billion a year. These attacks, coupled with the liability claims that they might encounter, can leave local businesses in ruins if they are not properly insured against cybercrime,” warns Jooste.
Reports show that hackers earned $12.5 billion in 2011, mainly by spamming, phishing, and online fraud. Hackers target major companies and governmental websites, but also smaller firms.
SA business equally at risk
The South African risks are no different. However it seems that businesses are more laissez-faire in their handling of their cyber and data breach risks, despite the fact that South Africa is fast becoming a leading target for cyber criminals.
“Phishing volumes have increased in South Africa, making the country one of the leading targets of cyber criminals in 2011. Recent statistics have revealed that South Africa is the third most attacked country globally, with 7.5% of attack volumes.”
Who is most at risk?
Those that are most at risk are those who provide technology services, and those who are heavily reliant on technological systems to provide a service.
Protect your data
- Companies who outsource protection and who are reliant on technology should ensure that they use reputable IT security providers who are indemnified.
- Businesses should ask themselves what kind of service they offer and what the business entails. For example, if they provide IT services to companies that rely on technology, and inadvertently their systems infect the client’s systems, the costs to both companies could be devastating. The biggest concern here is the client who depends on a network to run their business.
- Over and above investigating insurance options, ensure that firewalls, IT security and virus protection measures are properly in place and regular tests are run.