We live in a world that is evolving at breakneck speed. The outbreak of the COVID-19 pandemic acted as an accelerant, fueling rapid digitisation. This jarring shift saw a dramatic upsurge in remote working, ecommerce, internet banking and technological innovation, which has fast-tracked the world to the doorstep of web 3.0. While this has unlocked immeasurable opportunities for societal advancement, it is not without its pitfalls.
The most recent Annual Risk Review conducted by SHA Risk Specialists revealed that in 2021, almost one quarter of businesses suffered a virus/malware attack and 21% fell victim to phishing. Of the 20% who suffered a ransomware attack, over half paid a ransom of up to R50 000.
Unfortunately, while digitisation has several obvious advantages for business, it has cultivated an environment that is ‘ripe for the picking’ – one in which cybercriminals are becoming increasingly more sophisticated in their efforts to exploit vulnerabilities.
Some of the biggest threats to cybersecurity include the emergence of Ransomware-as-a-Service (RaaS), a business model that allows affiliates to subscribe to software that can be used to launch cyber-attacks on vulnerable online targets. This insidious technology has placed the ability to hack online websites and databases in the hands of even the most novel cybercriminals.
Single-point-of-failure (SPoF) attacks, that exploit a single point of weakness upon which multiple components rely, are also on the rise. When these attacks are successful, the failure of one piece of technology can trigger the collapse of the entire system. Some of the most high-profile attacks include Colonial Pipeline, the Kaseya VA attack and the GoDaddy data breach. The collective damage of these attacks amounted to billions of rands and dealt a devastating blow to the reputation and long-term growth of the affected institutions.
No business is immune to an attack because hackers are indiscriminate. Each industry therefore comes with its own risks and levels of exposure. One would assume that sectors like manufacturing or agriculture face lower levels of risk, but our experience has shown this perspective to be false.
Factories that rely heavily on cloud storage technology automatically create more access points for cybercriminals, putting proprietary and sensitive information at risk, including intellectual property and industrial control systems. In the automobile manufacturing industry, for example, falsified data could slow down the approval process of goods or lead to misrepresentation in terms of the dangers that a particular product could pose. Ultimately, the effect of this kind of hack could snowball into mass recalls that can cost manufacturers millions, put consumer safety at risk and increase the risk of impending lawsuits.
The mushrooming of a more complex and sophisticated cybercrime environment presents an unprecedented challenge for cybersecurity product developers and specialist risk insurers.
There is a global sense of urgency for cyber insurance brokers to develop their advisory capacity and expertise in a way that helps their clients to stay one step ahead of opportunistic cybercriminals. Contemporary brokerage in this specialist risk area must go beyond the traditional, with brokers playing an active role in educating clients to understand their individual vulnerabilities and how to mitigate them.
Brokers now have an unmatched opportunity to add meaningful and lasting value to their services. By means of compelling case studies, brokers can create the necessary sense of urgency that will allow clients to take proactive measures in mitigating cyber-attacks, rather than resorting to damage control after great losses have been incurred.
At SHA, we have internalised this philosophy our Pocket Underwriter platform equips brokers with a broad range of knowledge-based tools that break down the available levels and terms of cover in plain language. These tools give brokers a deep understanding of SHA’s suite of products and services and assists them in choosing an offering that meets the specific needs of each of their clients. Through the Pocket Underwriter, brokers gain access to cyber quotes amongst other lines, real-time pricing and in-depth explanations that unpack the complexities of different types of cover.
In an effort to drive awareness around the necessity for brokers to bolster their services, in order to meet the demands of the expanding cyber insurance environment, SHA hosts monthly cyber training sessions, designed for intermediaries. These efforts are supported by client discussions and online workshops.
As a specialist risk insurer, we dedicate a large amount of time and resources to encouraging companies across all sectors to implement cyber hygiene processes and practices as a foundational line of defense. This includes employing a high-quality antivirus protection system, a strong password protection policy, regular patching and firewalls. These measures need to be supported by an over-arching cybersecurity awareness policy that employees can understand and implement, leaving little room for cybercriminals to circumvent security measures.
Companies cannot afford to become complacent – business continuity and crisis plans need to become just as sophisticated and adaptive (if not more so), than cybercrime. This requires an ‘always-on’ approach to digital security that evolves at the same pace as the market, rather than trying to play ‘catch-up’ to new and emerging forms of digital risk.
By Junior Maphalala and Alicia Narainsamy