Contact

The growing need for cybercrime insurance in South Africa

Back to top

The growing need for cybercrime insurance in South Africa

Organisations are increasingly dependent on technology to run their businesses. With this reliance however comes a potential threat serious enough to cause an organisation severe reputational and financial harm. Known as cybercrime, this threat involves illegal activities using computer systems, networks and the internet.

10 Aug 2016 3 min read Dispute Resolution Alert Article

The global surge of cybercrime and the risks involved

In 2014 Sony Pictures Entertainment was hacked causing the release of confidential data into the public sphere. As a result of the leak, Sony had to cancel the release of its film “The Interview”. Sony also set aside USD$15 million to deal with ongoing damages from the breach. While such an occurrence may seem far removed from us, South Africa is in fact one of the foremost countries targeted for cybercrimes. According to PWC’s Global Economic Crime Survey of 2016 cybercrime was ranked as the second most reported crime internationally and ranked in fourth place in South Africa. In 2014 the Centre for Strategic and International Studies estimated that South Africa loses 0.14% of its GDP to cybercrime activities, amounting to around R5.7 billion annually.

When an organisation falls victim to cybercrime it’s exposed to a multitude of risks which Santam Limited identified as including loss of revenue, loss of data, loss of competitive advantage, industry and regulatory fines and penalties and fraud.

A standard property policy may not provide cover for these risks and in order to protect an organisation from cybercrime a comprehensive cybercrime insurance policy is required.

Inadequate cover by standard insurance policies

Aon South Africa (Pty) Ltd has identified the following gaps in standard insurance policies that could prevent organisations from claiming under their insurance policies:

  • General liability and property policies cover risks that damage physical assets. Since cybercrime is a relatively new risk, the loss covered under conventional property policies do not extend to incorporeal assets nor losses caused by non-physical perils such as viruses or hackers.
  • Professional indemnity policies cover damage resulting from a failure of the defined professional services and may not extend to losses resulting from data and privacy breaches.
  • Crime policies generally cover money, securities and tangible property with no coverage for third party property such as customer data.

The challenges of providing cybercrime insurance

Taking out cybercrime insurance is an increasing trend in South Africa. In 2014, Santam reported an increase of over 3000% in quote requests. Specialised cybercrime insurance typically provides for first party insurance and third party insurance. First party insurance provides cover for the insurance holder and third party insurance provides cover for losses suffered by another organisation or individual due to a security breach.

Relative to other established risks, providing cover for cybercrime can be challenging for the insurer and Jain and Kalyaman of the management consulting company Capgemini identified the following challenges in providing cybercrime insurance:

  • When conducting risk assessments an insurer will be required to predict the probability of cybercrime occurring in an organisation to be insured and determine its business impact. Cyber-attacks can lead to an array of business consequences and it may be difficult to quantify the financial impact.
  • Since cybercrime is a relatively new concept in the insurance industry insurance firms still have to develop standard methodologies and financial models to determine the appropriate price to cover cybercrime risks.    
  • The lack of historical data poses a problem to insurance firms when deciding the rate of an insurance policy and whether to underwrite the risk in the first place.
  • The lack of standard legal definitions of cyber liability across the world also impacts the insurance of cyber risks. A country’s laws are restricted by its geographical limits. This limit can create difficulties when determining which country’s laws are applicable when a cross-border cyber-attack occurs.

Electronic data and information is one of the most important assets in an organisation. Despite its importance PWC notes that most organisations in South Africa are still not adequately prepared or understand the risks inherent in cybercrime, with only 35% of organisations having a cybercrime incident response plan. It is therefore imperative that organisations obtain specialised and comprehensive cybercrime insurance to protect them in the event of a cyber-attack. In this regard, as cybercrime is a relatively new concept in the insurance industry, insurers will need to combine their knowledge of insurance and technology to ensure that they provide adequate cover.    

The information and material published on this website is provided for general purposes only and does not constitute legal advice. We make every effort to ensure that the content is updated regularly and to offer the most current and accurate information. Please consult one of our lawyers on any specific legal problem or matter. We accept no responsibility for any loss or damage, whether direct or consequential, which may arise from reliance on the information contained in these pages. Please refer to our full terms and conditions. Copyright © 2024 Cliffe Dekker Hofmeyr. All rights reserved. For permission to reproduce an article or publication, please contact us cliffedekkerhofmeyr@cdhlegal.com.

You might also be interested in

9 Apr 2024

by Lydia Owuor

Note to lenders: Strengthen your securities by transitioning GLA titles

Consider a situation where a lender is processing a financial facility secured by two properties within the Government Lands Act (GLA) land regime. On one hand, they receive a converted GLA title, while on the other hand, they encounter a Form LRA 33 transfer instrument as the title document. The lender is suddenly faced with a dilemma: how do they reconcile the deferring formats and ensure that both titles are equally credible and secure? This underscores the important question about consistency, reliability and legal interpretation addressed in our previous article on transitioning GLAtitles. 

Real Estate Law

3 min read

15 Mar 2024

by Jerome Brink and Nicholas Carroll

Transfer pricing has finally washed up on South Africa’s shores

With increasing economic globalisation, revenue authorities around the world continue to shift their focus to issues of transfer pricing. Broadly, this fits in with the global move to combat so-called ‘profit shifting’, a practice where multinational groups attempt to concentrate their profits in low-tax countries in which they operate.

Tax & Exchange Control

10 min read

8 Nov 2023

Charlene Holder on Power 98.7

Corporate & Commercial Law

11:08 Minutes

4 Dec 2023

Four-day working week trial run in South Africa

We have written previously about the concept of the four-day work week and its relevance to the South African context (you can read our previous alerts here and here ).

Employment Law

3 min read

14 Jul 2023

by Louis Botha

Measuring Good Cause – A discussion on the case of Taxpayer N v The Commissioner for the South African Revenue Service

Adhering to court processes, no matter how trivial the compliance procedure may be, has always been paramount to one’s expression of respect to the court and the overall facilitation of smooth litigious proceedings. But the waters often get murky when an overstep of court procedure on the one side is countered by an argument of lack of merit on the other side.

Tax & Exchange Control

4 min read

29 Sep 2023

by Brigitta Mangale

The decriminalisation of cannabis use and/or possession for minors: A significant shift in South African drug law reform

In 2019, the Constitutional Court in Minister of Justice and Constitutional Development and Others v Prince and Others (1) SA 14 (CC), partially confirmed the judgment in Prince v Minister of Justice and Others (4) SA 299 (WCC), which declared provisions of the Drugs and Drug Trafficking Act 140 of 1992 (Drugs Act) and the Medicines and Related Substances Act 101 of 1965 unconstitutional. In doing so, the Constitutional Court decriminalised the use, possession and cultivation of cannabis by adults for their personal use in private.

Pro Bono & Human Rights

5 min read

This website uses cookies to enhance the browsing experience. For more information, please see our Cookie Policy.

Accept Decline