What's Happening?

Facebook Twitter Youtube Linkedin

NEED HELP? QUESTIONS@FIA.ORG.ZA

become A FIA member TODAY
member login

The post-Covid evolution of the cybersecurity risk landscape

ARTICLE BY

  • Junior Maphalala and Alicia Narainsamy

SHARE THIS POST

We live in a world that is evolving at breakneck speed. The outbreak of the Covid-19 pandemic acted as an accelerant that fueled rapid digitisation. This jarring shift saw a dramatic upsurge in remote working, e-commerce, internet banking and technological innovation. This has fast-tracked the world to the doorstep of Web 3.0. While this has unlocked immeasurable opportunities for societal advancement, it is not without its pitfalls.

The Pitfalls Of The Online World

The most recent Annual Risk Review conducted by SHA Risk Specialists revealed that in 2021, almost one quarter of businesses suffered a virus/malware attack and 21% fell victim to phishing. Of the 20% who suffered a ransomware attack, over half paid a ransom of up to R50 000.

Unfortunately, while digitisation has several obvious advantages for business, it has cultivated an environment that is ‘ripe for the picking’ – one in which cybercriminals are becoming increasingly more sophisticated in their efforts to exploit vulnerabilities.

Some of the biggest threats to cybersecurity include the emergence of Ransomware-as-a-Service (RaaS), a business model that allows affiliates to subscribe to software that can be used to launch cyber-attacks on vulnerable online targets. This insidious technology has placed the ability to hack online websites and databases in the hands of even the most novel cybercriminals.

Single-point-of-failure (SPoF) attacks that exploit a single point of weakness upon which multiple components rely are also on the rise. When these attacks are successful, the failure of one piece of technology can trigger the collapse of the entire system. Some of the most high-profile attacks include Colonial Pipeline, the Kaseya VA attack and the GoDaddy data breach. The collective damage of these attacks amounted to billions of rands and dealt a devastating blow to the reputation and long-term growth of the affected institutions.

No business is immune to an attack because hackers are indiscriminate. Each industry therefore comes with its own risks and levels of exposure. One would assume that sectors like manufacturing or agriculture face lower levels of risk, but our experience has shown this perspective to be false.

Factories that rely heavily on cloud storage technology automatically create more access points for cybercriminals, putting proprietary and sensitive information at risk, including intellectual property and industrial control systems. In the automobile manufacturing industry, for example, falsified data could slow down the approval process of goods or lead to misrepresentation in terms of the dangers that a particular product could pose. Ultimately, the effect of this kind of hack could snowball into mass recalls that can cost manufacturers millions, put consumer safety at risk and increase the risk of impending lawsuits.

The mushrooming of a more complex and sophisticated cybercrime environment presents an unprecedented challenge for cybersecurity product developers and specialist risk insurers.

Brokers’ Roles In Digital Safety

There is a global sense of urgency for cyber insurance brokers to develop their advisory capacity and expertise in a way that helps their clients to stay one step ahead of opportunistic cybercriminals. Contemporary brokerage in this specialist risk area must go beyond the traditional, with brokers playing an active role in educating clients to understand their individual vulnerabilities and how to mitigate them.

Brokers now have an unmatched opportunity to add meaningful and lasting value to their services. By means of compelling case studies, brokers can create the necessary sense of urgency that will allow clients to take proactive measures in mitigating cyber-attacks, rather than resorting to damage control after great losses have been incurred.

The Solutions Toolkit

At SHA, we have internalised this philosophy. Our Pocket Underwriter platform equips brokers with a broad range of knowledge-based tools that break down the available levels and terms of cover in plain language. These tools give brokers a deep understanding of SHA’s suite of products and services and assists them in choosing an offering that meets the specific needs of each of their clients. Through the Pocket Underwriter, brokers gain access to cyber quotes amongst other lines, real-time pricing and in-depth explanations that unpack the complexities of different types of cover.

In an effort to drive awareness around the necessity for brokers to bolster their services, in order to meet the demands of the expanding cyber insurance environment, SHA hosts monthly cyber training sessions designed for intermediaries. These efforts are supported by client discussions and online workshops.

As a specialist risk insurer, we dedicate a large amount of time and resources to encouraging companies across all sectors to implement cyber hygiene processes and practices as a foundational line of defense. This includes employing a high-quality antivirus protection system, a strong password protection policy, regular patching and firewalls. These measures need to be supported by an overarching cybersecurity awareness policy that employees can understand and implement, leaving little room for cybercriminals to circumvent security measures.

Companies cannot afford to become complacent – business continuity and crisis plans need to become just as sophisticated and adaptive as cybercrime, if not more so. This requires an ‘always-on’ approach to digital security that evolves at the same pace as the market, rather than trying to play ‘catch-up’ to new and emerging forms of digital risk.

Subscriber Terms and Conditions

  1. APPLICATION OF TERMS
    • These terms and conditions (“Subscriber Terms”) apply to the subscription by any qualifying member of the South African Underwriting Managers Association NPC (“SAUMA”) to the services and benefits offered by FIA Services (Pty) Ltd (“FIA Services”) under the SAUMA affiliation arrangement (“Subscription”).

  2. NATURE OF SUBSCRIPTION
    • A Subscription under this arrangement:
      • does not constitute membership of FIA NPC;
      • does not confer any voting rights or governance participation in FIA NPC; and
      • is governed solely by the contractual relationship between the Subscriber and FIA Services.

  1. ELIGIBILITY
    • To qualify for the Subscription, the applicant must, at the time of application, be a current paid-up member of SAUMA.
    • FIA Services will verify the applicant’s SAUMA membership status with SAUMA prior to activation, and may re-verify such status periodically.
    • If a Subscriber ceases to be a paid-up member of SAUMA, the Subscription will correspondingly be terminated.
    • Applicants are required to authorise FIA Services to confirm their SAUMA membership status with SAUMA as part of the application process.

  1. SERVICES
    • The Subscription entitles the Subscriber to the following benefits:
      • Complimentary access to the FIA CPD Platform;
      • Complimentary access to the FIA Insight Magazine (digital edition);
      • Advertising opportunities on FIA platforms at a discounted rate of 15% (fifteen percent) off the prevailing published rates; and
      • Invitations to attend FIA Technical Webinars annually.
    • FIA Services reserves the right to update, vary or substitute the Services from time to time, provided that the overall value and nature of the benefits remain materially the same.

  1. FEES AND PAYMENT
    • The monthly subscription fee is R260.00 (two hundred and sixty rand) for up to seven registered individuals (Key Individuals and Representatives), and R36.00 (thirty-six rand) per additional registered individual thereafter, excluding VAT.
    • The Subscriber shall provide FIA Services with the required details of each individual to be registered under the Subscription for the purposes of activation and billing.
    • All fees are exclusive of VAT, which shall be charged at the prevailing statutory rate.
    • Subscription fees are reviewed annually in March and may be adjusted with effect from 1 April.
    • Any changes to the Subscription, including but not limited to the number of Representatives and Key Individuals registered under the Subscription, may only be effected once annually during the annual review period in March of each year, with such changes taking effect from 1 April.
    • Subscription fees shall be billed monthly in arrears, unless the Subscriber elects an annual billing cycle at the time of application.
    • The Subscriber shall ensure that all billing information (including contact details, authorised signatories and bank account details) is kept accurate and up to date.
    • Non-payment of subscription fees may result in suspension of access to the Services until such fees are brought up to date.
    • The Subscriber acknowledges and agrees that all subscription fees payable under these Subscriber Terms may be collected by way of debit order, which shall be processed by the holding company, FIA NPC (The Financial Intermediary Association of South Africa), on behalf of FIA Services. Payment to FIA NPC shall be deemed to constitute valid and sufficient discharge of the Subscriber’s payment obligations to FIA Services under these Subscriber Terms.

  1. ONBOARDING
    • Onboarding will be conducted as a Subscription with FIA Services under the SAUMA affiliation arrangement.
    • Onboarding will not confer FIA NPC membership status or any associated rights.
    • Onboarding is conditional on confirmation of the Subscriber’s current SAUMA membership at the time of application

  1. DATA PROTECTION
    • FIA Services will process all personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) as set out in our POPIA policies.
    • By subscribing, the Subscriber authorises FIA Services to confirm their SAUMA membership status with SAUMA and to process personal information for the purposes of fulfilling the Subscription.

  1. TERMINATION
    • The Subscriber may terminate the Subscription by giving FIA Services one calendar month’s written notice.
    • FIA Services may terminate the Subscription on one calendar month’s written notice, or immediately if the Subscriber breaches these Subscriber Terms and fails to remedy such breach within 14 (fourteen) days of receiving written notice.
    • Termination of the SAUMA–FIA Services affiliation agreement shall not automatically terminate these Subscriber Terms.
    • Termination by the Subscriber shall not relieve the Subscriber of liability for any subscription fees accrued up to the effective date of termination.
    • FIA Services may suspend or terminate the Subscription with immediate effect in the event of non-payment of fees by the Subscriber.

  1. GENERAL
    • These Subscriber Terms are governed by the laws of the Republic of South Africa.
    • Any disputes arising under these Subscriber Terms shall be dealt with in accordance with the dispute resolution provisions contained in the FIA NPC membership terms and conditions, as modified to reflect that the contractual relationship is with FIA Services.
    • Any notices required under these Subscriber Terms may be validly delivered by email to the addresses provided in the Subscriber’s application form, and such notices shall be deemed received on the day of transmission if sent during business hours.
    • The Subscriber may not assign, cede or transfer any of its rights or obligations under these Subscriber Terms without the prior written consent of FIA Services.
    • No variation of these Subscriber Terms shall be of any force or effect unless reduced to writing and signed by both FIA Services and the Subscriber.