Notwithstanding the extraordinary surge in cyber crime, PoPIA provides the rationale for cyber liability insurance.

Chances are that you received more than one SMS, email or social media notification regarding South Africa’s new Protection of Personal Information Act (PoPIA) on 1 July 2021. If your company processes personal information, it probably issued a similar notification to your clients and customers. PoPIA compliance means exposure to penalties, fines and legal liability from third parties should the personal information you process be compromised – cyber liability insurance is specifically designed to respond and indemnify you should you suffer loss or damages as a result of a data or network breach.

Section 2 (1) of PoPIA states that the purpose of the Act is to “give effect to the constitutional right to privacy, by safeguarding personal information when processed by a responsible party”. In practical terms, the responsible person is the one who decides why and how personal information should be processed. If one of your clients, customers or even an employee (the data subject) suffers damage because the responsible party (you or one of your colleagues) failed to secure their information, the responsible party can be held liable for those damages.

Your business needs Cyber Liability insurance if:

• you store or process data of your employees or a third party; or
• if you have an internal or external IT system.

Sure, you’ve followed all protocols and your databases are safe so, why would you need Cyber Liability insurance? What happens if an employee’s work laptop or cell ‘phone containing private information is lost or stolen? Could a disgruntled employee maliciously publicise private information or sell it to a third party? Could a colleague accidently launch malware that disrupts operations? Could your network be breached by a hacker?

The answer to all of these questions is, unfortunately, yes. But there’s more. Besides a potential breach of confidentiality, infringement or violation of any right to privacy that results in harm to third parties or employees, you may be vulnerable to hacking. Hacking, or a cyber-attack, can cause the unauthorised access to, unauthorised use of, theft of data from, denial of service to or the transmission of malicious code to your network system. Have you considered the impact that the loss of digital corporate data such as intellectual property or proprietary information could have on your business? What if this information fell into the hands of your biggest competitor?

Your system could also be hijacked and used to attack another party’s network – a process known as a downstream attack. Ransomware is another form of a cyber-attack that your system may be vulnerable to. This is where all the information on a computer or network is encrypted or scrambled. A ransom is usually extorted from the victim before the information will be decrypted or unscrambled.

As part of an effective risk management plan, organisations must routinely decide which risks to avoid, accept, control or transfer. Transferring risk is where Cyber Liability insurance comes into play.  Most individuals and companies conduct business via technology, social media and transactions over the Internet. These channels, while convenient and effective, also provide opportunities for cyber-attacks and -crime. The unfortunate truth is that a cyber-attack is likely to be launched on any business, big or small. And, as mentioned, these may be perpetrated by petty hackers, criminals, insiders or even nation states. Cyber Liability insurance will provide you with the necessary protection against incidents that occur within the cyberspace.

Standard Cyber Liability insurance products are likely to cover: multimedia liability; data extortion; security and privacy liability; crisis management costs (including customer notification, support and credit monitoring); technology; legal consultation; identity monitoring for victims of a privacy breach; expert consultation including I.T. risk management; digital forensic investigation; theft of access codes from the premises, employees, or computer system; hardware theft; reimbursement for costs attached to repair of reputational risk; and insurable fines payable to a regulator or government authority regarding breach of data protection laws.

Different companies offer various forms of Cyber Liability insurance and there are a number of factors you need to consider when choosing the cover that suits your operations. We have done the research and are happy to offer an exceptional broker offering, professional advice and service. We’ll also procure as many Cyber Liability insurance quotations as possible from reputable insurers.

Contact us today for assistance in securing the ideal Cyber Liability insurance for your company.

What should you do in the interim? Reduce your cyber-attack security risks through regular penetration testing. Evaluate your system and data dependence and the impact its disappearance may have on business operations. What is the nature and volume of data stored, processed and that can be reasonably accessed? Who can access this data and how secure is it actually? Establish an incident response process, identify necessary service providers and calculate relevant costs.

The processing, storage and effective protection of data are critical to doing good business. While the use of technology is as important, it also creates an environment in which opportunistic cyber criminals operate. Even if your security measures have been breached or if an accident occurs, Cyber Liability insurance means that your business won’t have to bear the financial brunt of an unfortunate cyber-related incident.