Munich Re urges local firms to assess their cyber risk readiness

By: Munich Re

Cyber risk management is an imperative to protect companies and their customers from ever increasing cyber incidents especially cybercrime. According to a recent report, there are more than 13,000 cyber-attacks daily in South Africa [1]. Munich Re of Africa is encouraging local firms to review their cyber risk exposures in the wake of a series of cyber-attacks directed at the City of Johannesburg (CoJ) and South African banks last week.

On Friday, CoJ executives were locked in meeting rooms to deal with a cyber-attack that led to the shutting down of the city’s website, e-services and billing systems the night before. They were not alone. According to the South African Banking Risk Information Centre (SABRIC), local banks were hit by a wave of cyber-attacks starting Wednesday of the same week. The banks were facing so-called Distributed Denial of Service (DDoS) attacks which involve cyber criminals attempting to crash websites by flooding them with unwanted or malicious digital requests. Before such attacks, ransom notes are sent requesting payments in cryptocurrencies like f.i. bitcoin.

“The cyber-attacks directed at the CoJ and various South African banks highlight the need for cyber risk management with a focus on both pro-active and re-active measures,” says Nico Conradie, Chief Executive at Munich Re of Africa, a leading reinsurer in the cyber class of business. This warning comes amid growing concerns about the ability of insurers and various institutions conducting business in the digital world to ward off cyber-attacks that are becoming more frequent and more aggressive in nature. The number of ransomware attacks, which encrypts business sensitive data and threatens to delete them if a ransom is not paid, have been increasing exponentially since 2013 [1].

Consequent to the spike in cybercrime, cyber risk is becoming an integral part of corporate risk management processes. Risk managers must work closely with their insurance brokers and insurers to ensure that the necessary risk mitigation strategies and appropriate risk transfer solutions are put in place. Here, it is strongly recommended to fulfil minimum cyber risk management measures like f.i. anti-virus software, appropriately configured firewalls but also complex and regularly updated passwords.

The final component of a holistic cyber risk management programme is then the transfer of the residual risks associated with cyber incidents by way of insurance. “Cyber insurance coverages are available in the South African market; but businesses have not yet realised the benefit of this coverage in terms of assisting the business to respond and to recover following a cyber-attack,” says Conradie. The most obvious financial damage following a cyber incident stems from business interruption as systems and processes are restored to normalcy. Firms must also bear the costs associated with restoring systems; communicating with customers about possible data breaches; reputation management; and the potential fines that may arise from contravening data protection regulations such as the Protection of Personal Information (POPI) Act  once it is in force.

But not only companies and institutions have to deal with cyber incidents. Also consumers are not immune to the global cybercrime trend. Not only are they adversely affected when a bank or other digital account is hacked and taken offline; but their personal data is often exposed and then used to commit other types of fraud. “The global trend towards digitalisation has encouraged individuals to conduct transactions online using personal laptops, smartphones and tablets,” says Conradie. “We encourage individual consumers to take whatever measures they can to protect their devices from theft and to keep their various digital account passwords safe.” The new research reveals that South Africa has second most smartphone banking malware attacks and 22% rise in malware attacks in first quarter of 2019 [1],[2]. Insurance covers are also available to consumers and their families in the South African market. These covers can help them cover the costs resulting from a cyber incident that may involve, identity theft, theft of funds, extortion and cyber bullying.

Munich Re of Africa is closely involved with the development of the cyber market in South Africa and enjoys a strategic advantage, thanks to its primary insurance  and reinsurance set-up globally. “We are well positioned to support the insurance industry in providing affirmative cyber solutions that address the risks posed by cybercrime to local businesses and the broader South African economy,” says Conradie. The reinsurer can guide firms on product design, original policy development, underwriting training and grant the access to a network of service providers ranging from incident response and forensics – to crisis management and legal support – and ongoing support on single risk assessments.

[1] Digital Dangerscape: Kaspersky Lab Spotlights Cybersecurity Trends in the Middle East, Turkey and Africa (https://me-en.kaspersky.com/about/press-releases/2019_digital-dangerscape-kaspersky-lab-spotlights-cybersecurity-trends-in-the-middle-east-turkey-and-africa)

[2] Kaspersky: The dark side of apps (https://kaspersky.africa-newsroom.com/press/kaspersky-the-dark-side-of-apps?lang=en