/ 21 June 2011

Local business ‘underinsured against hacking’

An estimated 60% of South African businesses are not insured against cyberattacks and most are not aware insurance against these attacks exists, according to Jonathan Healy, account manager for professional risks at Aon Risk Solutions.

In the wake of recent cyberattacks against large organisations such as Sony, Citibank, Lockheed Martin, the United Kingdom’s National Health Service and the International Monetary Fund, Healy said on Tuesday that worldwide cybercrime costs about $100-billion a year.

“These attacks, coupled with the liability claims that they might encounter, can leave local businesses in ruins if they are not properly insured against cybercrime,” he said.

Furthermore, phishing volumes have increased in South Africa, making the country one of the leading targets of cybercriminals in 2011, while recent statistics revealed that SA is the third most attacked country globally, with 7.5% of attack volumes.

Healy said that there were insurance products available to protect businesses exposed to viruses or hacking attacks and that while liability policies generally only responded to third party claims, certain cyber liability policies would also provide first party cover.

“If a company database containing personal information is compromised by a virus or hacking attack, the extent of the damage can be far-reaching and if a client can verify that they have suffered a loss due to the data breach, they may hold the company responsible for the loss,” he added.

It is mandatory for companies situated in the US to notify an entire database of a security breach, which can be very costly and this will very soon become mandatory for South African businesses who encounter cyberattacks.

Healy advised that companies needed to consider the security implications that their businesses were exposed to.

“Those that are most at risk are those who provide technology services, and those who are heavily reliant on technological systems to provide a service.

“Over and above investigating insurance options, local businesses should ensure that firewalls, IT security and virus protection measures are properly in place and regular tests are run to gauge effectiveness,” he said. — I-Net Bridge