The advancement of connectivity in light of the digital revolution has radically transformed our lives and brought unprecedented benefits to companies in the way they operate and do business.
However, digitalisation is a double-edged sword and comes with risks as well, among them cyber exposures.
Companies are facing a number of challenges, such as the prospect of more disruptive and expensive business interruptions, the increase in the frequency and cost of ransomware incidents, the consequences from larger data breaches and more robust regulation – both at home and overseas – as well as the prospect of litigation if something does go wrong. In 2021, cyber incidents ranked among top business risks – in South Africa, Africa and globally – in the Allianz Risk Barometer Report 2021.
The AGCS’s Managing The Impact Of Increasing Interconnectivity – Trends in Cyber Risk global survey conducted by Allianz Global Corporate & Specialty (AGCS) shows that there has been a significant increase in cyber claims in recent years. If we measure losses by number of claims, 57% are due to technical and IT failures or incidents due to human error, 40% to external manipulation of systems and 3% to malicious internal actions, e.g. malfeasance by an employee.
The acceleration towards greater digitalisation and remote working driven by the pandemic is also further intensifying IT vulnerabilities. A survey by McKinsey found that companies may have accelerated the digitalisation of supply chains and operations by three to four years, while the importance of digital products has accelerated by seven years.
At the peak of the first wave of lockdowns in April 2020, the FBI reported a 300% increase in incidents alone, while cybercrime is now estimated to cost the global economy more than $1trn, up 50% from two years ago.
Security around access and authentication has become a critical issue. Employee awareness and training can significantly reduce the consequences of a cyber event, especially when it comes to identifying phishing schemes and malware in business emails. Companies should also continuously invest in technical IT security and have access to incident response services in case of an incident. Having a good business continuity plan in place, including the scenario of cyber incidents, is also key to minimising the financial impact.
Cyber incidents can lead to severe consequences
Companies with online business models and a large share of proprietary customer data are particularly exposed targets. Supporting companies in case of a cyber incident is the premise of cyber insurance, as it transfers some of the financial risks to insurers and reinsurers. It can provide a holistic approach to help prevent and minimise first- and third-party losses, through preventive risk consulting as well as response services and forensics in case of an incident through a network of partner companies.
In this environment, companies increasingly consider cyber insurance as a key element of a comprehensive cyber resilience strategy. These companies know what their precious data and assets are and are committed to established IT security standards – and they continue upgrading – and very aware of the most important aspects of a possible cyber incident.
On one hand, there is the concern for mitigating a potential business interruption resulting from a system outage or encryption, and, on the other hand, in the event of a data breach, compliance with a series of obligations imposed by regulations, including informing affected customers as well as reporting obligations to the local data protection agency.
Cyber incidents are also increasingly likely to spark litigation, including shareholder and consumer class actions. It is therefore essential for companies to be aware of the obligations above all the costs of data recovery, communication and sometimes loss of profit that an unauthorised attack on their digital systems can cause.
Risk awareness and increasing demand
According to market research, the global cyber market is expected to reach €20bn to €25bn by 2025. Today, the market volume is estimated at €7bn. AGCS South Africa has been offering cyber insurance since 2015 and has followed this growth trend.
While the market needed education about this new product in the first years after the launch, cyber policy issuance has grown strongly. Globally, AGCS generates more than €100m in gross written premium with cyber insurance.
Cyber insurance is no replacement for weak defence mechanisms – rather the opposite. We therefore welcome that the growth of cyber insurance in South Africa goes hand in hand with significant upgrading of cybersecurity as well as management awareness.
A global IT company conducted a survey among its customers, indicating that 77% of them had started to invest in cybersecurity projects and 91% stated that their senior executives supported cybersecurity investments. As a result, it is estimated that these investments will increase by at least 10% worldwide by the end of this year.