We live in a world dominated by machines – machines, including those in the “cloud”, which can compute and store vast amounts of data. Our dependence on these machines for data and tasks has reached staggering levels, to the point that it is safe to say that a security breach in terms of data being compromised or computers being hacked, are potentially business threatening risks. Aside from this, acts like the Protection of Personal Information (POPI) and General Data Protection Regulation (GDPR) place onerous legal obligations on businesses, should third party data be compromised in a breach.
All businesses are exposed. It can be argued that small business are even more vulnerable than large ones, since they often do not have access to sophisticated and costly IT resources to manage and mitigate their risk. Every business is likely to suffer a data breach at some point, even those who have taken extreme measures to avoid breaches – so, what is the solution? Is there an insurance mechanism to transfer these risks?
The answer is yes, there is. Enter Cyber Insurance.
There are quite few cyber insurance offerings in the South African insurance market currently, but as with most things, not all polices are equal. A cyber policy worth its weight, looks to cover your (The Insured) First Party and Third Party risk, essentially arising from a loss of data or a breach of network security.
First Party, generally includes:
• Data restoration costs;
• Brand management;
• Notification costs to all affected data subjects;
• Data extortion or Ransomware (an email virus that encrypts your entire system or network);
• Business Interruption resulting from a network breach.
Third Party, generally includes defence costs (and damages if awarded) emanating from legal liability to others (customers, clients etc.) data in your care, should:
• Third Party data be compromised following a breach;
• You be negligent in preventing a computer security breach;
• You not complying with laws (POPI etc.) relating to data privacy.
Cyber insurance also usually provides access to suitably qualified professionals in your time of need, usually within hours of the notification of a breach. These are resources that few businesses have in-house, due to the cost factor.
Of course, prevention is always better than cure.
Some Risk Management tips on preventing an incident, may include:
1. Establishing what data you have (your own and Third Party data)
2. Identifying the critical data that needs protection (caveat, all third party data is critical)
3. Establishing who has access to the data and putting strict security controls in place to protect access. This would include Fire Walls, installing Anti-Virus software, ensuring users update their computers regularly, introducing stronger password controls and frequent change of passwords, blocking staff access to certain websites, email links etc.
4. Backing up all your data, using a robust and secure storage platform. Ideally, backup your data on two different platforms, at least one offsite.
5. Appointing professional IT specialists to advise and design points 1-4 and then vigorously test your security measures on a frequent basis
6. Testing your IT professionals solutions on a frequent basis
If you currently do not have Cyber Insurance cover in place, AIB Cape strongly recommends that you insure this risk.
Please contact us should you require a quote or if you have any questions.
admin May 28, 2019
Posted In: Newsletters