According to the global Cyber Exposure Index, South Africa currently has the sixth highest average exposure to cybercrime, with businesses in the industrial and financial sectors being the most commonly targeted by cybercrime attacks. In fact, a global report by the Ponemon Institute has revealed that around 61% of small businesses experienced a cyber-attack in 2017.
Santho Mohapeloa, Digital Distribution Specialist at SHA Specialist Underwritersnotes, cybercrime has become the top risk for small and medium-sized enterprises (SMEs). “The SHA Cyber Security survey found that 42.5% of businesses do not have adequate anti-cyber-attack procedures in place. It found that around 60% of SMEs impacted suffered a financial loss of between R50 000 and R1million. It’s also been reported that up to 60% of SMEs never recover after a significant cyber breach.”
Mohapeloa further notes that many SMEs still don’t realise the importance of proactively managing their cyber risks. “The SHA Cyber Security survey shows that around 52% of brokers are still finding it difficult to sell cyber insurance policies to their clients. This indicates that more than half of business owners are still not taking adequate steps to protect their organisations.”
Cyber-criminals target SMEs that hold valuable business data, such as personal customer or financial information. These small businesses often do not implement the stringent online security measures that large corporates have in place.
Beyond the risk of downtime and loss of income, SMEs that do not properly manage their cyber risks through insurance and precautionary measures could also face crippling liability claims from clients and company stakeholders that suffer damages as a result of a cyber-breach. Other risks include substantial damage to networks and IT infrastructure as well as significant reputational damage that could severely hamper the future growth of the business.
Noting the risks, Mohapeloa stresses the importance for SMEs to have adequate cover in place to help their business recover swiftly from cyber-attacks. “Having insurance that covers an SMEs cyber, privacy and reputational risks and liabilities, has now become just as vital as insuring against fire or theft. Business owners need to start viewing these types of policies as standard requirements for any venture Cyber-attacks are after all just another form of theft.”
He explains that, at the bare minimum, business owners should look for policies that cover their liabilities and legal costs following a breach. The cost of restoring data and expenses related to hiring specialists and investigators, loss of business income and crisis management should also be covered. “This is where a broker becomes indispensable, a good broker will be able to put together a policy that covers all the potential risks that a SME is exposed to, while keeping premiums as affordable as possible.
In addition to insurance, Mohapeloa states that SME owners need to ensure that they make every reasonable effort to reduce their risk of falling victim to a cyber-attack. “One of the first things that business owners need to do, is to educate themselves on the cyber-risks that they face as these are constantly evolving. Business owners should regularly read up about cyber-crime to ensure they are informed about the latest tactics being used by criminals. The more you know, the more likely you are to spot a scam or a security threat right away.”
It is vital to raise cyber risk awareness among staff members, implement proper password management policies, consult security specialists, limit access to sensitive information and invest in adequate safety tools, he says.
“Lastly, small business owners need a very clear strategy for how to react if a cyber-attack is in fact successful, the strategy should include a Disaster Recovery or Business Continuity plan. Being unprepared for cyber-related incidents has quickly become one of the biggest business risks, and SME owners need to take note of this if they are to survive in the years to come,” Mohapeloa concludes.