Candice Sutherland
The need for businesses to ensure that they are adequately protected from cybercrime has been brought to light once again following the announcement that the notorious dating website Ashley Madison is the latest victim of hackers. It is estimated that more than 37 million of its global subscribers, of which 175 000  subscribers are South African, could now see their personal information – including bank details - compromised unless the website shuts down.

This is according to Candice Sutherland, Business Development Consultant at SHA Specialist Underwriters, who says that this incident is yet another example of how easily hackers can target businesses and breach all their security systems in order to access confidential and sensitive information. 

“The 2015 Security Report released by Check Point Security revealed that 106 unknown malware hit businesses every hour. 83% of the 1300 businesses studied in this report were infected with malware that allowed communication with the cyber criminals who intended to steal sensitive data during 2014.

The total monetary loss as a result of cybercrime in SA is estimated at over R5.8 billion, with global statistics increasing at a similarly alarming rate. “Shockingly, over 974–million records were lost or stolen in 2014 globally and if cybercrime were a nation it would be the 27th biggest in terms of Gross Domestic Product.”

She adds that the four most common causes of cybercrime include disgruntled employees, negligence on the part of the organisation or individual, competitors and lastly, hackers. “Cybercrime is defined as any criminal activity involving computers or computer networks that results in the unauthorised access to, interference with, fraud or forgery of data.”  

Sutherland explains that any one of aforementioned breaches might render the affected organisation in violation of the Protection of Personal Information Act (POPI). 

“POPI aims to give effect to the constitutional right to privacy and therefore restricts the unauthorised access to information regarding the educational, medical, financial, criminal or employment history of an individual as well as their personal details such as ID numbers, contact details and physical addresses. In addition, all personal details that are shared with an organisation in confidence, be it race, gender, marital status, religion, culture, sexual orientation and even language, are  protected under POPI legislation and a breach of the act can result in a fine of up to R10 million or 10 years in prison.”

She says that other recent cybercrime attacks on major uninsured corporations in SA include, amongst others, the Gautrain, Kentucky Fried Chicken (KFC), Vodacom, CellC and now Ashley Madison. “The 2013 Norton Cybercrime Report also found that personal/executive assistants and media employees are among the most popular targets for corporate hacks.”

Sutherland says that a Cyber Insurance policy will protect an organisation against liability for POPI breaches, as well as first party expenses such as the actual costs to restore, re-collect or replace data, loss of business income, notification expenses for communication to affected third parties, crisis management expenses and associated regulatory fines and penalties to the extent insurable by law. 

“It is imperative for an organisation to consult with a reputable insurance provider to ensure that all the possible vulnerabilities and threats relating to the business and the industry have been taken into account to avoid the financial and reputational risks of cybercrime,” concludes Sutherland.