By: Warwick Goldie, head of specialist and general liabilities at ITOO Special Risks
The average organisational cost of a network security breach in South Africa in 2016 was more than R32 million, according to Ponemon Institute’s latest Cost of a Data Breach survey.
South Africa is one of only 13 geographies with its own specific report in the study, highlighting the seriousness of cyber crime in our country.
In a separate study, the latest PwC Global Economic Crime Survey found that only 35% of South African companies have a cyber incident response plan in place, and that a mere 48% of board members have requested information about their organisations’ state of readiness.
Most South African businesses are ill-equipped for the very real threat of cyber crime.
The number of cyber events has increased exponentially over the past few years, a trend that is set to continue for the foreseeable future – especially as technology integrates more deeply into our personal and professional lives. For organisations in the know, data security is now no longer an IT risk but a business risk that requires everyone to be vigilant.
Suffering a network security breach can have major repercussions, including first party financial costs involved in professionals investigating and responding to an incident, reputational damage, operational disruptions, lost business, crisis communications and potential liability lawsuits.
Goldie recommends a threepronged approach for optimal risk management, incorporating robust protection, detection and response strategies.
PROTECTION As cyber criminals become increasingly sophisticated, securing your network grows evermore tricky. Of course, having traditional network security systems in place is vital for any organisation. However, these systems need to be backed up by well thought out detection and an early incident response plan in case of a hack.
DETECTION The faster an incident can be identified and contained, the lower the costs. The Ponemon study found that companies took on average 155 days to detect and a further 44 days to contain an incident. Where the mean time to identify an incident was less than 100 days, the average breach cost was R29.8 million. When it was more than 100 days, the cost rose to R34.95.
Where a breach could be contained within 30 days the average breach cost was R28.44 million, as opposed to R36.28 million where containment took more than 30 days.
This creates a strong business case for proactive monitoring and detection tools and strategies. The argument also exists for insurers to incentivise use of detection and warning technologies to drive down ultimate claims costs.
RESPONSE The Ponemon study found that having a defined incident response plan in place is the biggest factor in reducing the impact of a breach. You need to understand what caused the incident and how to contain it quickly and effectively. The average cost to detect and escalate a data breach – including forensic investigation and triage activities, crisis team management and internal communications – is R11.6 million per incident, according to the research.
You should also be sure to have an internal plan in place. Here are some key items to consider:
- Establish an internal incident response team with a defined team leader and media spokesperson
- Put together contact sheets and keep these updated. It’s also worth having a hard copy for easy access. You don’t want to be looking to access an encrypted contact sheet in the wake of a ransomware attack!
- Understand the environment. Where possible, keep a list of key systems and data flows
- Determine what constitutes an incident, when to escalate and to whom
- If you will be using external resources and/or cyber insurance, consider integrating these resources and mechanisms into your incident response process
Of course, it’s not just data breaches that can have an impact on your ability to do business. From a company’s perspective, ransomware attacks are becoming more and more prevalent and should have their own set of protocols in place.
With the number of cyber attacks increasing each year, companies must build capacity – if they haven’t already done so – to identify and contain incidents as quickly as possible,” concludes Goldie. “It is here that cyber insurance has an important role to play, not as a replacement for security but as a risk transfer component of a security strategy. Cyber insurance provides for containment costs and assistance with damage limitation after an incident has taken place.
We may not be able to prevent criminals from getting in, but we are able to considerably reduce the financial risks associated with an attack – which could literally be the difference between keeping your doors open or having to close up shop.