The need for businesses to ensure that they are adequately protected from cybercrime has been highlighted once again, as a Gemalto Breach Level Index reveals that 2014 saw 974-million records lost or stolen – or 31 records lost or stolen every second.

Candice Sutherland, business development consultant at SHA Specialist Underwriters, explored the topic at the recent Insurance Law Conference 2015, pointing out that the total monetary loss as a result of cybercrime in South Africa is estimated at over R5,8-billion, with global statistics increasing at a similarly alarming rate.

She adds that the four most common causes of breaches are: disgruntled employees; negligence on the part of the organisation or individual; competitors; and – lastly – hackers.

“Cybercrime is defined as any criminal activity involving computers or networks. It is the unauthorised access to, interference with, fraud or forgery of data and cyber syndicates are targeting identity theft as their top priority,” she explains.

Sutherland adds: “The Protection of Personal Information Act (POPI), gives effect to a constitutional right to privacy and the unauthorised access to information regarding the educational, medical, financial, criminal or employment history of an individual as well as their personal details such as ID numbers, contact details and physical addresses is restricted by the Act.

“In addition, all personal details that were shared with the organisation in confidence, be it race, gender, marital status, religion, culture, sexual orientation and even language, is protected under POPI legislation and a breach of the Act can result in a fine of R10 million or 10 years in prison.

“The 2013 Norton Cybercrime Report also found that personal/executive assistants and media employees are among the most popular targets for corporate hacks.”

She says that the recent increase in cybercrime attacks further proves that South African companies are a target, regardless of size or incorporation.

A cyber insurance policy could protect an organisation from first party and third party expenses, such as the actual costs to restore, re-collect or replace data, loss of business income, notification expenses for communication to injured parties, crisis management expenses as well as associated regulatory fines and penalties to the extent insured by law, Sutherland adds.

“It is imperative that all organisations consult with a reputable insurance provider to ensure that all possible vulnerabilities and threats relating to the business and the industry have been taken into account to avoid the financial and reputational risks of cybercrime.”