The case for cyber insurance
South Africa has not come through recent cyber-attacks unscathed. When cyber criminals breach a network, it's done with the malicious intent of gathering data: medical records, personal information, ID numbers and account details. The propensity and magnitude of attacks most certainly have been making the case for cyber risk insurance.
In the 21st century, information has become currency, and cyber criminals are intent on doing what they can to procure and sell this information for various reasons. It goes without saying that data breaches can have a considerable and adverse effect on all sectors of business, not mention the reputation of the affected business.
"Taking active measures against a potential attack is vital. Updating policies and procedures, getting the right cyber security in place and employee education are all part and parcel of business best practice. However, breaches still occur, and that's where we begin to see the importance of having cyber insurance," says Anvee Alderton, Channel Manager at Trend Micro Southern Africa.
Cyber insurance forms part of a holistic approach to mitigating security risk. Of course, there are financial costs involved, particularly as premiums are rising due to the number of organisations taking out cyber insurance and an increase in the amount of coverage needed.
What exactly does cyber insurance cover? A good cyber insurer will cover the costs of notifications, PR and other services like forensic investigations, consultations and identity monitoring for victims. It should also cover you for loss of income and extortion, in the event that your organization has been targeted by ransomware. The cover should also provide for any third party claims that might arise from the breach.
"In the event of a security breach, a business will need to get the right kind of experts in to do the investigation, handle risk management and data recovery. There are also the considerations of rebuilding the business reputation and legal costs. Cyber insurance should cover these expenses as well," Alderton advises.
If you'd like to get the best premiums for your business when it comes to choosing your insurance, the first thing to consider is acquiring an excellent information security programme. This reduces the possibility of exposure to a cyber attack and the insurance premium at the same time.
"Make sure that your systems are actively monitored, that logs are analysed and you have all the elements in place for early detection. A disaster recovery plan is essential, and so is having data that's backed up regularly, especially in the case of a ransomware attack. Cyber insurance augments any existing security a company has in place. A multi-layered approach to cyber security is a powerful tool in preventing and dealing with any cyber attack," concludes Alderton.