South African businesses still view cyber incidents such as data breaches, network liability, hacker attacks and cyber business intelligence as a top threat.
This is according to the Allianz Risk Barometer 2018 report which reveals that cyber incidents remain a top treat, with 38% of responses surveyed agreeing for a third year in a row. The report, which is published annually by Allianz Global Corporate & Specialty (AGCS), is based on the insight of 1 911 risk experts from 80 countries, including SA.
According to the report, cyber incidents were also ranked as the most underestimated risk, "Cyber incidents through events such as WannaCry and Petya ransomware attacks brought significant financial losses to a large number of businesses including those in SA. The potential for so-called 'cyber hurricane' events to occur, where hackers disrupt larger numbers of companies by targeting common infrastructure dependencies, will continue to grow in 2018. SA is reported to have the third highest number of cybercrime victims worldwide, losing billions of Rands a year to cyber-attacks and experiencing more cyber-attacks than its African counterparts. Although, cyber awareness has significantly increased, particularly among small and medium sized businesses, it is more challenging for these enterprises to tackle this issue compared to larger corporations," explains Nobuhle Nkosi, cyber insurance expert at AGCS Africa.
AGCS Africa CEO Thusang Mahlangu adds that cyber risk and business interruption have been neck-and-neck in South Africa for the past three years increasingly demonstrating a strong interlink between the two. "Businesses in South Africa are deeply concerned about the impact of business interruption, which could result from new triggers stemming from digitalisation and interconnectedness that typically come without physical damage, but with high financial loss. Breakdown of core IT systems, terrorism or political violence events, product quality incidents or an unexpected regulatory change can bring businesses to a temporary or prolonged standstill with a devastating effect on revenues," he says.
Meanwhile, in a separate report from Aon in collaboration with the Ponemon Institute, it was found that 38% of EMEA businesses have suffered a cyber loss in last 24 months, averaging $3.3 million per loss. Despite this immense loss, the 2017 EMEA Cyber Risk Transfer Comparison Report further found that only 15% of the company's probable maximum loss was covered by insurance. "Companies recognise the growing value of technology and data assets relative to historical tangible assets - but they are spending four times more budget on insurance for property, plant and equipment risks. Only 23% of respondents reported having plans in place to adopting cyber insurance as a remedy and among those that didn't, 46% had no plans to purchase cyber insurance over the next two years, while 54% did," explained Vanessa Leemans, chief operating officer for global cyber insurance solutions at Aon.
Leemans noted that with 65% of EMEA organisations expecting their cyber risk exposure to increase over the next two years, cyber risk needs to be approached at an enterprise-wide level in order to achieve cyber resilience. "This should include enterprise-wide education, assessment and quantification, preventive risk management, incident response plan, as well as cyber insurance," she said.
Share