Companies are increasingly interested in acquiring cyber insurance cover, as SA gears up for the implementation of the Protection of Personal Information Act.
CyGeist MD Natalie van de Coolwijk says her firm has been receiving more requests for quotes from companies investigating having cyber insurance. She notes this service, which takes the sting out of data breaches, should be mandatory for organisations that hold sensitive information.
Addressing delegates at ITWeb's Security Summit yesterday, Van de Coolwijk said the consequences of a security breach that impacts customers includes a loss of business, flooded call centres, legal threats and reputational damage.
Although entities are not obliged to inform end-users and the public when their information has been compromised, this will change once the Act comes into effect and the information regulator's office is set up. President Jacob Zuma has yet to announce an implementation date, after which companies will have between one and three years to comply.
Once the regulator is established, companies could also be faced with a fine for the breach, says Van de Coolwijk. She notes cyber insurance mitigates the fallout from a breach as it provides access to services such as forensic specialists, lawyers, public relations, a dedicated call centre, and also prepares paperwork for the regulator, which could trim the fine.
Growing sector
Van de Coolwijk says cyber insurance provides cover for information and network breaches, effectively transferring the breach response function to the insurer. It also provides cover in the event a company is sued, she adds.
Other services the policy covers includes data and services recovery, as well as crisis management, notifications to affected parties, and ongoing training, awareness and assessment tools.
Van de Coolwijk says CyGeist has only been in operation since last July, and is still busy with policy activation and quotes. She adds cyber insurance is an emerging line of business. However, US data gives an indication of where the sector could be going.
Cyber insurance is one of the fastest growing lines of insurance in the US, with 20% of businesses buying coverage, a number that increased 33% in 2012, says Van de Coolwijk. Some $1.25 billion was collected in premiums in 2012, while the average payout was $195 000, she adds, citing a NetDiligence study.
There have recently been several large breaches, including one affecting Sony PlayStation customers, and another in which hackers stole data from up to 40 million credit and debit cards of shoppers who visited Target stores during the first three weeks of the holiday season.
Share