The Presentation was opened by IIG President, Tshepiso Chocho who welcomed delegates and introduced today’s speaker. Sizwe Cakwebe hails from SHA where is the Cyber Business Manager with financial lines and has oversight of the SHA cyber product. Prior to SHA, he was with Deloitte’s where he played a pivotal role in their Risk Advisory/Cyber and Technology risk team.
Sizwe started off his presentation with a Cyber stats annual risk review. The stats presented are courtesy of SHA and the majority of respondents were from the SME market. According to the data sample, one-third of respondents reported that they had experienced some form of a cyber breach during the lockdown. Most of these attacks emanate from personal devices trying to connect to a company network. The question was posed to the audience – “who of us installs proper firewalls and encrypts data on our personal devices?” – Unsafe devices pose a major threat to a company’s infrastructure. Sizwe gave a brief overview of the different firewalls and anti-virus software as an example of applications that provide a measure of safety. According to the stats, there are about 4000 ransomware attacks daily. This makes it an absolute necessity for companies to upgrade their security. Here are some of the stats that were shared in the presentation:
- 37% reported an incident in the past 12 months
- 84% have anti-virus software
- 70% have firewalls in place
- More than 50% have regular back-ups
- 18% have some form of cyber cover
Some of the biggest cyber threats currently are unauthorised access to personal bank accounts, unauthorised access to internal mail, customers data being stolen, systems being locked due to a ransomware threat and POPIA fines and penalties.
The negative effects of a cyber incident can result in financial losses, reputational damage and the legal consequences of liability to third parties.
A video clip was presented of a simple ransomware attack to highlight some of the pitfalls.
The next section of the presentation dealt with what Cyber Insurance offers cover for. In terms of a first-party arrangement, the cover indemnifies for Data breach response, Restoration, Business Interruptions, cybercrime, PCI-DSS – this cover is related to payment facilitated websites and cyber extortion this is however specific to a ransomware attack. Sizwe had this advice to offer; clients should not pay ransoms but speak to their Insurer first!
In terms of third party cover, cyber insurance offers cover for confidentiality and privacy liability (specific to a data breach), Network security liability – this cover is specific to companies with integrated systems, where a third party’s data is vulnerable. Media liability is also covered by cyber insurance.
Here are some of the exclusions that will be found on cyber policies: using unlicensed software, design faults in systems and Professional indemnity losses, scheduled downtime or planned outages of computer systems, outage of the infrastructure of a third party or service provider, Human error of service providers, Liability by agreement and in-game currencies, cryptocurrencies and rewards points.
Next Sizwe took us through the proposal forms and gave some context to why they ask the questions they do. The proposal form asks for information regarding a company’s data security and cryptography, is the data encrypted? How easy is it to gain write access to a USB are some of the questions? Compliance/ access control/ Security software and network protection/ the software used and infrastructure/ Who are your third party providers/ What is your incident management process. These are but some of the questions. A pertinent aspect in our current environment is remote access – it has become more important in the way we work.
From the presentation, it is evident that systems and infrastructure must be rather robust and IT security is an absolute necessity but companies need the involvement of cyber experts and the proper controls in place before insurance comes into play.
Presented by Sizwe Cakwebe, Cyber Risk Manager, SHA Risk Specialists
This Insight session was proudly sponsored by: