The recent global ransomware attack (aptly named ‘WannaCry’) has to date affected over 200,000 computers in at least 150 countries. Regarded as the world’s biggest ever ransomware attack, it’s safe to say that no-one is safe these days. IT systems robust enough to withstand an attack are a must, as well as cyber insurance against business reputation and financial damage. With the rise of the ‘internet of things’, more and more items in business and private lives have become digitised, which will translate into to more and more areas of our world becoming vulnerable to cybercriminals. We highlight the size of the threat and look at ways in which your clients can bolster their cyber protection.
The vast size of the threat
The spate of recent attacks show that cybercrime is rife and growing. According to a Security Intelligence article, if cybercrime continues to compound at its current rate, it could be worth R26 trillion by 2019, a threefold increase from 2015. There is often a perception that cybercriminals only target really big organisations where there is the potential to extort millions.
But in reality, ransomware is indiscriminate so long as there is a vulnerability in your computer. Smaller businesses are probably more likely to pay the ransom because they are less likely to have backed up their data as regularly as a larger company with a full time IT staff complement. This makes them an attractive target, and also explains why the average ransom amount has increased from around R4500 to over R13 000 (according to the latest report from Symantec).
How to outsmart cybercriminals
Cybercrime is such a complicated issue because cybercriminals are constantly inventing new and creative ways to bypass firewalls, anti-virus protection and outdated software in their attempts to outwit IT professionals. All clients should familiarise themselves with the most common techniques used, such as ransomware, phishing and hacking:
- Ransomware attacks involve encrypting all the data on a company’s hard drives and servers, and demanding a ransom in exchange for returning the data.
- Phishinguses fake email messages to get personal information which is then exploited.
- Hacking involves shutting down or misusing websites or networks.
Ransomware attacks are more prevalent in SA than you think
In the US and Europe, victims are legally obligated to report an attack, whereas in South Africa businesses are not yet compelled to report when there is a data breach or a cyber-attack. Even though a 2016 Norton Cybersecurity Insights Report showed that over 8.8 million South Africans were the target of online or cybercrime, the statistics are likely to be grossly under reported. When the Protection of Personal Information Act comes into effect and the Regulator finalises regulations and processes by the end of 2017, statistics are expected to rise.
According to SHA Specialist Underwriters, a wholly owned subsidiary of Santam, 38.5% of businesses surveyed over the past 12 months have been struck by cybercrime, yet most of the businesses surveyed still seem to feel relatively impervious to the looming threats. 66% of their sample of 200 believe that they are not at risk of such an attack.
Did you know: a South African business is now far more likely to fall victim to cybercrime than to a more ‘conventional’ crime like robbery or theft.
How clients can protect themselves from a cyber-attack:
- A robust back-up strategy that backs up your data daily
- Don’t skimp on IT support
- Get adequate insurance cover
- Update anti-virus software regularly
- Don’t open suspicious e-mails or attachments
- Block unnecessary ports
- Keep operating systems current
- Don’t only back up data, check how to restore this data too
- Ideally keep three copies of data, two locally (such as an external storage device) and one offsite
SHA: niche cyber insurance
Santam’s cyber insurance cover has been designed to cover the ‘lifespan’ of an attack. It will help negate the losses to a business in terms of:
- reputation by covering fees for a public relations service,
- getting a network up and running by offering access to highly skilled IT professionals, and
- covering the financial losses that the business has experienced.
As a stand-alone policy or top-up on an existing policy, cyber cover is a strong pre-emptive strike to ensure a business is less vulnerable in this area. Encourage your clients to learn more about cybercrime, to boost their security tools and to seek insurance proactively, not retrospectively, before the damage is done.
Get in touch with your relationship manager or contact us if you have any queries about specialist liability insurance products such as cyber insurance.
For more advice tailored to intermediaries, visit our blog for useful product-related articles – such as legal liability insurance.