Cybercrime has become one of the biggest risks to business continuity in South Africa yet many businesses are operating without the necessary cyber insurance policies in place, exposing themselves and their clients to significant financial and reputational losses. The reason why some businesses opt not to add cyber insurance cover to their portfolios might however come as a surprise to many.
Obtaining cyber insurance can be a tedious and complex procedure for businesses, as it entails submission of a substantial volume of documentation necessary for insurers to assess and underwrite the associated risks.
“As a broker, in our experience, cyber cover is not the easiest cover to obtain for clients. Whilst we acknowledge and respect that insurers need to accurately underwrite risks, we also believe they should assist businesses in making this cover attainable,” says Hermanus van der Linde, the CEO of IntegriSure Brokers.
The type of insurance a company needs depends on the risk exposures relative to that particular business. The specifics of what is and is not covered by a policy will largely depend on the insurance provider, but across the board underwriters will review a company’s security protocols. This evaluation will encompass an assessment of preventative measures in place, such as email security, multi-factor authentication status, backup procedures, encryption, firewalls, and user training and awareness. It’s here where a broker plays a vital role in being the intermediary between the client and the insurer and especially assisting clients to provide all the required information to the insurers.
“Another trend that we have identified is that some businesses confuse cyber security and cyber insurance,” says van der Linde. Cyber security refers to the proactive technologies, processes and practices aimed at protecting a company’s network, encompassing tools such as firewalls, antispyware software and Virtual Private Networks (VPNs).
Cyber insurance helps cover the expenses and services a company needs after suffering a data breach or cyberattack. There are various cyber insurance cover options in the market including security and privacy liability, data recovery and loss of income, business interruption and loss of business income. Some cover options also include cover for legal expenses, a PR campaign to mitigate any reputational damage, credit monitoring services, forensic auditors, customer notification costs, crisis management expenses, and costs in negotiating with hackers or ransom demands.
One thing that can’t be denied is that every business needs a cyber insurance policy. According to Interpol’s 2022 Africa Cyberthreat Assessment report, South Africa leads the continent in the number of cybersecurity threats, with 230 million threat detections identified in 2022. South Africa saw a 100% increase in mobile banking application fraud and is estimated to suffer 577 malware attacks an hour.
The concerning rise in cybersecurity crimes serves as a clear indication of a shifting risk landscape and highlights the need for knowledgeable brokers to educate businesses about the necessity and importance of integrating cyber cover into their insurance portfolios.
“A skilled broker plays a crucial role in explaining the importance of cyber insurance to their clients. They bridge the gap between a business’s perception of their current cyber protection and the actual cover provided by a particular cyber policy, whilst also highlighting the comprehensive value such a policy offers. By forging strong relationships with a trusted broker, businesses can navigate the intricacies of risk management with confidence, knowing they have a dedicated partner who understands their unique needs and can offer tailored solutions for mitigating risks and ensuring uninterrupted business continuity,” concludes van der Linde.