MORE South African businesses have been inquiring about and purchasing cybercrime insurance, according to independent insurance and risk specialist Risk Benefit Solutions.
Internationally there have been a handful of high-profile instances of cybercrime, most notably the recent hacking of Ashley Madison and Sony Pictures that put millions of users’ confidential details and sensitive information in jeopardy.
Estimates are that SA loses about R6bn annually because of cybercrime.
The introduction of tough legislation that provides the legal framework within which to handle private information and sets stiff fines for non-compliance, may also have provided the impetus for the increased interest in cybercrime insurance.
Gillian Wolman, head of litigation at Risk Benefit Solutions, said more South African businesses were inquiring about and purchasing cybercrime insurance to protect themselves against law suits arising from data breaches.
“Business owners have started to realise how costly the effects of cyber hacks can be, and are therefore putting measures in place to protect themselves financially.
“In the event of a law suit, the business will be responsible for paying legal fees, judgments or settlements and other court-related costs, which can be (high) and (can) … bankrupt a business,” Ms Wolman said.
A cyber liability policy would protect businesses against a “network security breach” or a “data privacy breach”. Insurers would cover first party and third party claims, loss of business income, notification expenses, crisis management expenses, associated regulatory fines and penalties to the extent insurable by law, as well as direct financial and consequential loss, she said.
Each underwriter may, however, have different terms and conditions.
The Protection of Personal Information Act would revolutionise how organisations manage personal information and data, said Ms Wolman.
In 2013 President Jacob Zuma signed the act into law.
The law sets the conditions of how any individual who processes personal information must handle, keep and secure it.
It requires widespread reforms that the private and public sectors must introduce to ensure personal information and data they collect are protected. It has strict guidelines on what data can be obtained, how it can be used, and kept up to date.
Businesses that fail to comply with the act face stiff penalties, including a R10m fine, or prison terms.
KPMG’s Global CEO Outlook 2015 report shows that although cyber security is one of the five top risks that executives are most concerned about, only 50% of bosses are prepared for a cyber attack.
The report explains that cybercrime is an unpredictable risk.
Greg Bell, KPMG’s US cyber leader, said until recently there had been too much attention focused on prevention, and not enough on protection and response.
Last week a report by specialist insurer Allianz Global Corporate & Specialty suggested cybercrime cost the SA economy nearly R6bn annually, while $445bn was lost to this activity globally.