While no-one would wish for the high profile breaches that fill the news on a weekly basis, they do present a real opportunity for insurance brokers to educate their customers on what is becoming a crucial area to cover – cyber attacks.
“The recent breach that saw the details of tens of millions of South Africans exposed, has highlighted how unprepared SA is when it comes to such attacks. Moreover, too many attacks go unnoticed for months, while the malicious software snoops around the network, looking for, and exfiltrating specific targets,” says Simon Campbell-Young, CEO of MyCyberCare.
Moreover, too many businesses do not train their staff on how to avoid a breach, and what to do in the event of one. “Businesses are underestimating the cyber threat. They are hugely vulnerable, particularly given the increasing frequency and sophistication of threats we are seeing today.”
He says breaches are more than inconvenient. “Aside from business downtime, loss of data, regulatory fines, and damaged systems, the cost of a cyber event can run into the millions. This is without factoring in the damage to reputation, loss of customer confidence, and loss of future business.”
Thousands of new pieces of malware are written every day. Advanced persistent threats (APTs) get more and more cunning, widening the attack surface and finding new ways into the network. Ransomware has soared, becoming one of the most wide-spread tools used by cyber criminals to extort money from their victims, he adds.
Cyber attacks go way beyond data breaches, and so do the risks associated with them. “Businesses need to sit up and take notice. Those who aren’t covered for these eventualities run the risk of closing their doors.”
Campbell-Young says there is a very real opportunity for brokers here. “I think SA businesses are waking up to the magnitude of the security problem. Not only can brokers add a new type of coverage to their offerings, they can help to educate their customers on the various threats, as well as offer advice on how to best avoid them.”
He says this goes for customers of all types and sizes. “The perception may be that only the largest corporates are at risk, but this has been shown to be far from the truth. Individuals and small businesses are in equal danger. Perhaps even more so, as they don’t have the massive budgets to throw at cyber security, and criminals often view them as the ‘low hanging fruit’.”
Brokers shouldn’t just try and push a cyber insurance product at their clients, they should offer a full service, offering advice as well as pure insurance. “There are several ways they could help their clients avoid falling victim to attack. For example, how to train their staff on ways to prevent attacks from happening, which would include keeping systems and software updated and current, and basic ‘cyber hygiene’, including how not to fall prey to phishing and similar attacks by clicking on suspicious links and attachments.”
Brokers also have the opportunity to educate clients on what steps to follow in the unfortunate event of a breach, and act as not only a provider of cover, but as a trusted advisor too.