From a corporate perspective, the problem is also quantifiable. In 2011, AIG dealt with 855 reported data breaches worldwide accounting for over 174 million records being affected. Nearly three quarters (71%) of data breaches affected companies with 1 – 100 employees, a category into which the great majority of South African businesses fall. With just 10% of the businesses affected being in the financial services industry, cybercriminals are not focusing on this seemingly likely target, but are broad in their approach; accommodation and food services comprised 54% of breaches, retail trade 20%, with Healthcare / Technology and ‘other’ making up the balance.
In this period, AIG in the US handled over 100 Network Security Claims totally some US$25-million; since 2009 AIG globally has paid out over US$85-million in cyber-related claims.
Directors have long appreciated the necessity to insure the companies under their stewardship against operational, credit and business risks – and rightly so. But a recent risk assessment published by the World Economic Forum ranks IT higher than nearly every other type of threat.
The challenge: Extending risk protection to a complex threat
Good, sustained and appropriate relationships are fundamental to business success. People who love people are most often comfortable around this concept,
whereas introverts are somewhat wary of ‘using’ people and relationships to achieve a personal, selfish end. In truth, networking is about reciprocity in relationships. A successful networker believes that they have something of value to share with other people. Successful leaders network up to 45% of their time. Women, especially, need to differentiate between the need to be someone’s new best friend, versus simply being able to help one another out with access to information, resources and opportunities.
Arguably, the risks which are created simply by deploying and using essential technology systems are greater than any others that your company faces. The likelihood is, for example, very good, your premises and stock are insured against fire. Likely, too, is that your cover extends to the possibility of accidental loss or theft in transit or on the shelf.
Indeed, while the necessity for insurances to protect against cyber risks is growing in popularity in more developed nations, including Europe and the United States, to date the inevitable exposure related to IT systems hasn’t enjoyed any significant focus from South African companies or the providers of insurance solutions.
That is not necessarily because the problem isn’t identified. Instead, it is at least partially the result of the complexity of gauging the level of risk and then providing a solution which is affordable, yet at the same time flexible enough to cover the multi-faceted impacts which can flow from a cybercrime event.
Cyber risk: An uninsured exposure?
Most executives have a pretty sound notion of just how dependent their business is on information technology systems. For most, computers and connectivity are every bit as essential as electricity is. Take the two out of the equation, and work stops. But together with that dependency comes considerable risk, a good deal of which is entirely out of the hands of the CTO, IT specialist or any other members of the executive committee. That’s because the nature of the internet means computer systems are potentially open to compromise even if the best efforts are taken to protect them. Shouldn’t your risk mitigation strategy therefore extend to insuring against the potential losses which can result from a cyber-breach?
Norton 2012 Cybercrime Report
The magnitude of the problem is perhaps best demonstrated by the findings of the recently released Norton 2012 Cybercrime report. While the report is consumer focused, it should be borne in mind that consumers all come to work, many of them bringing their own devices (and the potential exposures that come with that) and, perhaps more tellingly, their personal online habits, to the workplace.
With 556 million victims of a cyber-attack in the past year, that means 1.5 million people per day, 18 per second, fell victim to hacking, phishing, malware, viruses, and ‘computer-borne’ fraud and theft. Fully two thirds of adults online, and 46% in the past year, were compromised and suffered a loss to what is a $104-billion per annum global industry. South Africa, too, had the third highest percentage of cybercrime victims of any country in the world, with 80% of those online experiencing a loss.
SA More Averse to Cyber Crime - Quinton Kotze, Financial Lines Manager, AIG South Africa