Johannesburg - Taking out an insurance policy to protect a business from cyber breaches is an increasing trend in South Africa, according to an expert.
In the aftermath of a cyber breach, a business can be left hanging with costs such as restoring data, conducting forensic auditing, setting up external call centres, dealing with the loss of business income, employing a public relations consultancy as well as any notification expenses.
Fines associated with cyber breaches can also be astronomical. According to South Africa’s Protection of Personal Information (Popi) Act, custodians of breached data face a R10m fine or up to ten years in prison.
And policies exist in SA to cover these mishaps, says Candice Sutherland - a Business Development Consultant (Corporate Solutions) at SHA, Santam Specialist Underwriting Manager Agents (UMA).
"In 2014 we saw an increase of over 3000%, in just quote requests,” Sutherland told Fin24.
"So a lot of people are just doing an exploratory kind of look into how much this is going to cost to me, because they assume that the cost is going to be really, really high.
"And the reality is it's not,” said Sutherland.
Listen to Fin24 technology editor Gareth van Zyl interview Candice Sutherland:
SA's surging cyber crime
Cyber crime is a growing problem in South Africa as it cost local companies R5.8bn in 2014, according to anti-virus software firm McAfee.
Furthermore, on average it takes 200 days for a South African organisation to identify an online security breach while 84% of South African adults have been victims of cyber crime, according to insurance firm Santam.
Sutherland told Fin24 that cyber criminals are steps ahead of their victims.
These fraudsters can, for example, install software that lies dormant on a work computer and then it learns to bypass anti-virus measures on that device.
"And then when it launches itself, the antivirus doesn't pick it up, and there have been cases of people who have been breached for six years and still not even know about it,” Sutherland said.
Motivations for cyber breaches are numerous, but Sutherland said they fall into four broad categories.
"The number one cause of a breach is a disgruntled employee, number two is negligence, number three is competitors and only number four is hacking,” Sutherland said.
Sutherland said she knows of three companies offering cyber policies in SA and she advises businesses to start small in terms of cover.
"The best idea is to start off with a small limit now and at least you have something, so that if a breach happens,” Sutherland said.