RSS Feeds RSS | Views on ITInews | contact | terms of use | privacy 

Editorial Categories:


Forthcoming Events:

No Upcoming Events

Available Recruitment:

No Vacancies Listed...

Save by getting insurance quotes

Your Editor, Brent WilsonInforming Consumers and Financial Advisors since 1988 | Click Here to Advertise
Car, household, life and business insurance quotes
Press Offices > Financial Services Group

Aon South Africa
Press Office Feature : South African businesses unprepared for the growing risk of cyber attacks

Company: Aon South Africa
Author:Deidre Beylis
Email:[email protected]
Posted:19 Jun 2013

 Email this article Comment on this Article  Print this article

Recent statistics have revealed that South Africa is the third most attacked country globally

As the frequency and voracity of cyber-attacks increases worldwide, it is estimated that over 70% of South African businesses are significantly unprepared for cyber liability risks, and in turn, woefully underinsured when it comes to managing the financial and legal implications that follow a major cyber breach.

South Africa's own Star Newspaper was the victim of a cyber-attack when an organisation took down Independent Newspaper's Internet and e-mail service with a distributed denial of service (DDOS) attack.

Fortunately none of their servers were breached so no internal information was compromised according to editor, Makhudu Sefara.

According to Kerry Curtin, Principal Broker: Financial Institutions & Professional Risks at Aon South Africa, this should serve as a very serious wake-up call to business leaders to put every resource and effort into managing their cyber breach risks and it must be a priority in boardrooms, rather than left to IT departments to deal with in isolation. 

"South Africa is not immune to this type of attack, in fact a lack of preparedness could make local businesses much easier targets and hence we could see an increase in the frequency and voracity of attacks taking place on local business."

"We are by no means immune to the type of spectacular cyber-attacks against large organisations such as Sony, Citibank, Lockheed Martin, the UK's National Health Service (NHS), the National International Monetary Fund (IMF), and the Hong Kong gold and silver investment and securities trading companies. 

"It's essential that business leaders understand the level of network security threats, the consequences of those risks, and the availability of cyber insurance policies." 

"Legislatively, the Protection of Private Information Bill (POPI), which has just been passed by parliament and will be signed into South African law within months, will also make onerous demands on how a client's personal data is managed, stored and used by a business," warns Kerry.

In fact cyber risk was identified as a seriously underrated risk by organisations surveyed in Aon's 2013 Global Risk Management Survey released little more than a month ago. 

Looking at the overall risk ranking, there are several on the list that Aon believes might have been underrated, but could emerge as key risk concerns for organisations if not managed properly.

For example, computer crimes, hacking, viruses and malicious code are recognised as the number eight risk by respondents in North America, where hardly a week goes by without hearing news reports about data security breaches.

The barrage of media reports have heightened people's awareness and influenced companies' perception.

"However, this same risk is ranked lower by respondents in other regions - Asia Pacific (37), Europe (19), Latin America (35), and Middle East and Africa (19)."

"With the recent high-profile network breaches in South Korea and the cyber-attacks on the European Commission, the ranking of this risk is very likely to be re-evaluated."

"The legal exposure, reputational harm and business interruptions from cyber-attacks could wreak havoc on a company's bottom line.  Social media, which is currently ranked number 40, is another underrated risk."

"Social media can serve as a valuable marketing and communication tool in this digitally connected world but can also turn into a nightmare, rather quickly,  damaging a company's reputation in as fast as a tweet," warns Kerry.

"The growing use of cloud computing also brings with it its own set of security challenges.  The reality is that most companies have no idea where their information is stored."

"They know that they outsource to a company but where that company sends information, they have no idea."

"Organisations need to remember that while they may be depositing their data in a public cloud, they do not transfer their risk."

"If any information is compromised the liability remains with the organisation and while they may have some recourse against the cloud provider, it's cold comfort if their reputation gets blown.  

"If a company database containing personal information is compromised by a virus or hacking attack, the extent of the damage can be massive." 

"If a client can verify that they have suffered a loss due to the data breach, they may hold the company responsible for the loss." 

"In this regard class action is also very likely - Sony for example faced 58 class actions after breaching millions of customer accounts," says Kerry. 

Sony is by far the most publicised and recent security attack. After its PlayStation network was shut down by LulzSec, Sony reportedly lost almost $171 million.

The hack affected 77 million accounts and is still considered the worst gaming community data breach ever.

Attackers stole valuable personal client information - names, logins, passwords, e-mails, home addresses, purchase history and credit card numbers. 

Now for the really bad news - Sony's losses were not insured.

"Cybercrime costs global economies an estimated $100 billion a year." 

"These attacks, coupled with the liability claims that they might encounter, can leave local businesses in ruins if they are not properly insured against cybercrime," warns Kerry. 

Reports show that hackers earned $12.5 billion in 2011, mainly by spamming, phishing, and online fraud.

Hackers targeted major companies including Sony, RSA Security, and Citigroup, but also governmental websites and smaller firms.

Many of these attacks could have been prevented, and the business in question did not just lose money, but their clients, reputation and market shares went down the tubes with their data. 

Millions of people are affected by security breaches worldwide, and litigation in this regard is stepping into high gear.

The South African risks are no different, however it seems that businesses are more laissez-faire in their handling of their cyber and data breach risks, despite the fact that South Africa is fast becoming a leading target for cyber criminals. 

There is a tendency within the South African environment to leave regulatory and security compliance until late in the game.

"Phishing volumes have increased in South Africa, making the country one of the leading targets of cyber criminals in 2011."

"Recent statistics have revealed that South Africa is the third most attacked country globally, with 7.5% of attack volumes."

Local companies could soon also be forced to comply with US Security and Exchange Commission requirements too. 

"It is mandatory for companies situated in the United States to notify an entire database of a security breach, which can be very costly."

"This could very soon become mandatory for South African businesses who encounter a cyber-attack." 

"This in turn is expected to drive demand for insurance products to protect businesses exposed to a virus or hacking attacks as cyber and IT risks become more aggressive, and very public knowledge."  

She also says that while liability policies generally only respond to third party claims, certain cyber liability policies will also provide first party cover - in other words cover for the costs incurred by the policy holder to rectify and recover from the breach.

Companies need to consider the security implications that their businesses are exposed to.

Those that are most at risk are those who provide technology services, and those who are heavily reliant on technological systems to provide a service.

"Companies who outsource protection and who are reliant on technology should ensure that they use reputable IT security providers who are indemnified."

"Businesses should ask themselves what kind of service they offer and what the business entails."

"For example, if they provide IT services to companies that rely on technology, and inadvertently their systems infect the client's systems, the costs to both companies could have devastating effects."

"The biggest concern here, however, is the client who depends on a network to run their business."

Over and above investigating insurance options, local businesses should ensure that firewalls, IT security and virus protection measures are properly in place and regular tests are run to gauge effectiveness.

"There is no one size fits all approach to cyber insurance.  It all depends on the size of the company, nature of its business and its unique levels of exposure." 

"In this regard, consulting with a professional risk advisor is an invaluable exercise in protecting your reputation, data, clients and income," concludes Kerry.

There are no comments at this stage. Be the first to comment!
Please Login To Comment On an Article - Click here To Login

ITInews invites comments at the foot of each of its articles in which readers can respond freely - anonymously if they wish - to various topical issues and industry debates. However, comments submitted by readers that are defamatory or deemed, by the editors, to be racist or obscene will be deleted from the database. Furthermore, ITInews's editor would like to caution potential posters on its websites that while it welcomes robust debate, it will not hesitate to make the IP addresses of the authors of such defamatory statements available to the authorities, in the event of a court order compelling them to do so.

Get car, home, life and business insurance quotes in 3 easy steps

Aon South Africa

Join us today

More from Aon South Africa
Falling rand wreaks havoc on sums insured - check your insurance values
Under-insurance may be your greatest risk right now
Is Your Insurance Cover Geared for Extreme Weather Conditions?
Consumers advised to review insurance covers amid El Nino’s freak weather conditions
Are you adequately covered for fire damage?
Adequate insurance cover in the event of a worst case scenario is vitally important
The Year Ahead: 2015
Risk Managing Your Insurance Portfolio
Implications of power outages over the holiday season
Make sure you are prepared
Outlook for 2015
Can you evolve faster than the mounting array of risks?
Managing your risk of exposure to burglaries
There has been a marked increase in residential robberies in the last year
Engineering professionals face growing complexity of risks and liability
Collection of case studies on professional liability claims against consulting engineers
Is your home adequately insured against an earthquake?
SA insurance industry does not have a great deal of experience in dealing with earthquake damage
Cargo insurance vital as maritime losses grow
Over 190 maritime incidents in 6 months, with many declaring general average

Archived Articles featuring this company ...

Insurance Quotes

Car Insurance Quotes
Household Insurance Quotes
Business Insurance Quotes
Funeral Insurance Quotes
Life Insurance Quotes

Read the InsuranceQuotes Blog
ITM Website Design Cape Town
Copyright © 2005 - 2015 ITInews Online Publications (Pty) Ltd. All rights reserved Insurance Times & Investments Online and ITInews. ..::ISSN 1995-1256::.. No part of the materials including graphics or logos, available in this Web site may be copied, photocopied, reproduced, translated or reduced to any electronic medium or machine-readable form, in whole or in part, without specific permission from ITInews Online Publications (Pty) Ltd. Distribution for commercial purposes is prohibited.