Advertise Here
Icon

Directory

IconActuaries
IconAdministration Outsourcing
IconAsset Managers
IconAssociations & Institutes
IconAuditors
IconBanking
IconBBBEE Consulting and Verification Agencies
IconBusiness Chambers
IconBusiness Process Management
IconBusiness Process Outsourcing
IconCompliance
IconConsumer Protection
IconCorporate Governance
IconCredit Bureaus
IconCurrencies
IconDebit Order Collection Facilities
IconEducation and Training
IconFAIS
IconHuman Resources
IconInformation Technology and Software Partners
IconInvestment Consulting
IconInvestment Fund Managers
IconLegal
IconLISPs
IconListed Equities
IconOmbud
IconParticipation Bond Managers
IconPolicy Administration
IconPolicy Trading
IconProperty Unit Trusts (PUTS)
IconPublications
IconRegulatory Authorities
IconStock Exchange
IconSurveys and Research
IconTraining Courses & Workshops
IconUnit Trust Fund Managers
IconWellness Programs
Image
  Subscribe To »

Cyber attackers’ home in on South African businesses

Published

2020

Mon

27

Jan

Ransomware industry flourishes in SA while business are largely unprepared for the business interruption and financial fallout of a breach

 

In a recent Carte Blanche episode, the investigative news programme revealed that South Africa had faced a number of major cyberattacks during 2019 – one of the affected organisations included the Civil Aviation Authority which was hit in July 2019.  City Power was hit with Ransomware twice in a matter of months, with both incidents occurring at the end of the month when most South Africans receive their salaries and do payments, highlighting the fact that ransomware attackers will exploit flaws in IT infrastructure at critical times to gain optimum leverage. 

 

In July 2019, South Africa also experienced the longest running cyber-attack campaign among all the regions monitored by email and data security company Mimecast according to its quarterly Threat Intelligence Report.  Four major cyber-attack campaigns were detected in South Africa between July and September and several local financial services companies suffered the brunt of these cyber-attacks.  According to Mimecast, it detected more than 116 000 attacks in SA over an eight-day period in July by an unknown actor or group, using various malware types. 

The increasing frequency and voracity of cyber concerns are mirrored in Aon's 2019 Global Risk Management Survey where participants ranked cyberattacks and data breaches as #6 in the top 10 risks facing organisations today. Startling figures are changing business and public perceptions of cyberattacks and South African organisations of all sizes and industries are not immune to this scourge, and the subsequent fallout:

  • Malware attacks in SA increased by 22% in the first quarter of 2019 compared to the first quarter of 2018, translating to around 13 842 attempted cyberattacks per day - Kaspersky Lab
  • A data breach in South Africa costs an average of R36.5 million, and the long tail costs of a data breach can be felt for years after the incident. SA ranked 7 out of 16 countries polled for the highest cost of a cyber breach.  - IBM security study conducted by the Ponemon Institute.
  • Alarmingly, in terms of the cost per record breached, SA ranks much higher at 11 on a scale of 16 polled countries, costing US$155 per record – the same as for the UK and not that far behind the US ($242 per record), which is alarming when you consider the size of the US economy compared to South Africa. - IBM security study conducted by the Ponemon Institute.
  • In 2019 in South Africa, the average time to identity a breach was 175 days and 56 days to contain it. IBM security study conducted by the Ponemon Institute.
  • Large businesses are not the only targets and hackers are indiscriminate.  In fact 43% of cyber-attacks target small businesses according to the Verizon 2019 Data Breach Investigations Report (DBIR).
  • Small businesses face disproportionately larger costs relative to larger organisations, which can hamper their ability to recover financially from the incident. IBM security study conducted by the Ponemon Institute.
  • Lost business was the biggest contributor to data breach costs.  The loss of customer trust had serious financial consequences for the companies studied, and lost business was the largest of four major cost categories that contributed to the total cost of a data breach. IBM security study conducted by the Ponemon Institute.

 

 

 

 

Why have cyberattacks and data breaches become so rampant?

Aon's 2019 Cyber Security Risk Report highlights some of the vulnerabilities:

  1. The rapid expansion of operational data from mobile and edge devices, along with growing reliance on third-party—and sometimes even fourth-party—vendors and service providers, are heightening cyber risks. 
  2. The combination of faster networks and vulnerable devices - Internet of Things (IoT) and the forthcoming transition to 5G - opens more doors to destructive threats.
  3. Employees remain one of the most common causes of breaches. In a 2018 Aon survey, 53% of respondents said their companies experienced an insider-related attack within the previous year. When an employee of a large healthcare company inadvertently opened a phishing email, nearly 80 million patient records on his system ended up in the hands of a foreign government.
  4. Organised crime is now using former intelligence members for more sophisticated attacks, while state actors are both broadening the nature of their attacks and increasing their frequency.
  5. Lastly, an ever-changing set of regulations from governments around the world compounds the difficulties of managing cyber risks.

 

According to Zamani Ngidi, Client Manager: Cyber Solutions at Aon South Africa, “South Africa will continue to see large-scale ransomware attacks that target admin credentials to gain access to, and infect, wider networks. The bottom line is that any organisation, regardless of size, ownership or sector, that is reliant on technology and a network to conduct any aspect of its business is at risk.”

 

Despite the fact that the breadth and scope of cyber coverage has increased substantially since 2017, only 27% of participants in Aon's 2019 Global Risk Management Survey from the Middle East and Africa region have purchased cyber insurance.

 

“The risk that cybercrime poses is here, and it is very real. A lack of reporting on the matter is leaving many in the dark as to the resultant costs that a business could suffer as a result of a cyber breach, not only from an incident response perspective but also the subsequent business costs associated with a breach of this nature that can include aspects such as business interruption, loss of business and client trust, liability of directors and officers through to reputational damage,” explains Zamani.

 

“Many companies simply do not have the luxury of a big balance sheet to absorb the risk and this is where the insurance and response programme become crucial.  It necessitates a major shift in business thinking to view cyber risk as both a strategic and critical risk that holds a very real threat to business and its operations.  Proactive steps need to be put in place in order to prevent a business from becoming a statistic as far as possible in addition to having a solid incident response plan and cyber insurance in place to manage a worst-case scenario,” he adds.

 

Cyber risk assessments

According to Aon's 2019 Global Risk Management Survey , the use of cyber risk assessments has risen 16% since 2015. However, only 59% apply any formal process to identify and evaluate their cyber risks.

The majority are also not using any financial metrics to communicate the materiality of cyber exposure. The general trend globally, specifically to cyber risks, is that organisations do not understand their biggest cyber risks and the implications they have for operations and the balance sheet.

 

“Whether you are a big or small operator, your company’s ability to protect against and recover from ransomware attacks rely on implementing proactive technical measures, business continuity plans and insurance to mitigate the financial and liability fallout.  With a qualified risk advisor versed in the cyber risks facing South African businesses of all sizes, your organisation will be able to take the business through a comprehensive cyber risk assessment that will help quantify the risks your organisation is exposed to, as well as the potential fallout or financial quantum of such an incident. Having a built-for-purpose cyber insurance regime in place that is supported by an airtight incident response process will go a long way in achieving a cyber resilient operation,” concludes Zamani.

 

Aon highlights four crucial steps to building a cyber resilient organisation:

 

  1. Take it from the top. Cyber risk management must be an enterprise-wide effort, but accountability needs to sit at the very top of the organisation, with the board understanding the costs and consequences of a cyberattack.
  2. Unite your business. Cyber risk is not just an IT security issue; it is a threat to the whole enterprise. It calls for a multi-discipline, multi-level response that involves every relevant stakeholder within the business.
  3. Get ahead of the game. Businesses can no longer rely on bringing in a response team after an attack. Incident-response training is critical in preparing organisations for a cyber-attack and scenario-planning helps to understand operational vulnerabilities and threats.
  4. Protect your balance sheet. Firms should look at how they are leveraging available risk transfer opportunities. Cyber insurance can help protect an organisation’s balance sheet by providing a financial pay-out after things have gone wrong and providing pre-loss prevention and post-loss services.
 
Source: THULI SIKHOSANA TS COMMUNICATIONS
 
« Back to previous page Print this page » |
 

Breaking News »

Coronavirus and its effects on international trade and insurance

The deadly novel coronavirus outbreak (2019-CoV) has resulted in passenger and cargo ships being quarantined around the world, partial and complete travel bans to parts of China and shipping and airlines being ...
Read More »

  

Political and environmental risks are the main threats facing businesses in 2020

As Coface launches the 2020 edition of its Country & Sector Risks Handbook, Chief Economist Julien Marcilly today presents the main threats for the global economy in 2020 at the Coface Country Risk Conference ...
Read More »

  

Euler Hermes Global Insolvency Index: Insolvencies expected to rise by 4% in South Africa

The upward trend in business insolvencies continued in 2019 for the third time in a row: +9% year on year, according to Euler Hermes Global Insolvency Index, which covers 44 countries that account for 87% of global ...
Read More »

  

COMPARING THE BENEFITS OF A TAX FREE SAVINGS ACCOUNT AND A RETIREMENT ANNUITY FUND

By Jaco Prinsloo, Certified Financial Planner at Alexander Forbes Financial Planning Consultants   The benefits of saving are well known, as are the tax benefits offered by tax-free savings accounts ...
Read More »

 

More News »

Image

Healthcare »

Image

Life »

Image

Retirement »

Image

Short-term »

Advertise Here
Image
Image
Image
Image
Advertise Here

From The Glossary »

Icon

Syndicate (Lloyd’s):

A group of individuals or companies at Lloyd’s who pool resources to underwrite risks.
More Definitions »

 

Advertise

 

eZine

 

Contact IG

 

Media Pack

 

RSS Feeds

By using this website you agree to the Terms of Use.
Copyright © Insurance Gateway (Pty) Ltd 2004 - 2020. All Rights Reserved.