• Sharebar
Wednesday, October 14, 2015 - 02:16
Protective custody

Few businesses can operate without the use of computer technology these days. Our economic and social fabric is held together by it; companies use it to automate their systems, gather and mine huge databases for marketing; and deal with their customers through computerised call centres. The banking system is all about computers and network communications, nothing else; and from online shopping to mobile phone messaging, newsgathering and social networking, individuals are as locked into it as never before.
All of this is held together and run by digits, which, with the right technology can be collected, diverted, manipulated and re-used in as many ways as the criminal mind can imagine.
Information technology is so omnipresent that few businesses, even the smallest, can do without it. Indeed, the growth of the small and micro businesses thrive precisely because of it.
However, the rise in the sophistication and frequency of cyber-attacks has become a serious threat to the survival of any business that fails to invest in the necessary counter technologies, information and data protection and staff training. Indeed, a company suffering data theft not only exposes itself to losing a competitive edge, it will also face reputational damage and countless legal claims for breaking privacy laws.
Gillian Wolman, Head of Litigation at Risk Benefit Solutions (RBS) says cybercrime is not always associated with large companies: small and medium enterprises should also be concerned of the potential impact from a data or privacy breach, and even possible exposure to extortion. “The reality is that all businesses invariably rely on computer technology these days,” she points out.
KPMG’s Global CEO Outlook 2015 report revealed that although cyber security is one of the five top risks that CEOs are most concerned about, only 50% of them are fully prepared for a cyber-attack. The KPMG report explains that cybercrime is an unpredictable risk and, according to Greg Bell, KPMG’s US Cyber Leader, until recently, there has been too much attention focused on prevention and not enough on protection and response.
Wolman says that in South Africa, the Protection of Personal Information (POPI) Act requires local businesses to realise the importance of not only compliance to the Act, but also have financial cover in place should they fall victim to a cyber-attack.  “Non-compliance to the Act could have disastrous consequences for businesses. Harsh penalties of up to R10 million, as well as 10 years imprisonment, are a very real possibility for business owners and directors that fail to prevent network breaches.”
She explains that the Act provides for financial compensation to affected parties in the form of damages awarded, which could bankrupt a business faced with a class action lawsuit originating from a legal situation involving a large number of people.
The ‘A Guide to Cyber Risk: Managing the Impact of Increasing Interconnectivity’ report, released early September by specialist insurer Allianz Global Corporate & Specialty, revealed that cybercrime in South Africa cost the economy close to R6 billion annually, and approximately $445 billion a year globally.
Wolman says that RBS has witnessed an increase of local business’ enquiring and purchasing cybercrime insurance. “Business owners have started to realise how costly the effects of cyber hacks can be, and are putting measures in place to protect themselves financially. In the event of a lawsuit, the business will be responsible for paying legal fees, judgments or settlements and other court related costs, which can be extremely costly and potentially could bankrupt a business.
“A cyber liability policy will protect businesses against a network security breach or a data privacy breach, and insurers will cover first party and third party claims, loss of business income, notification expenses, crisis management expenses, associated regulatory fines and penalties to the extent insurable by law, as well as direct financial and consequential loss. Each underwriter may however have different terms and conditions.”
Wolman adds that apart from affecting a business’ operations, cybercrime can affect the reputation of a business. “If a company doesn’t manage the crisis effectively and fails to sufficiently inform its internal and external stakeholders, the backlash can result in the closure of a business - if the cybercrime and the fallout didn’t already do so. Cybercrime cover therefore also extends to the cost of public relations and marketing to ensure that the business can keep trading and meet its legal obligations to notify the public.”
The POPI Act is going to revolutionise how organisations manage personal information and data, says Wolman. “Although complying with the legislation is most certainly going to affect a business’s bottom line, these costs will be significantly less compared to the fines potentially placed on transgressors. Businesses need to be preparing more comprehensively for the POPI Act, especially in light in the rise of cybercrime in the country. Business owners should be seeking guidance from their brokers to ensure their business is complying with the Act and that it is protected from possible cybercrimes,” concludes Wolman.

Copyright © Insurance Times and Investments® Vol:28.10 1st October, 2015
1867 views, page last viewed on July 23, 2021