Cybercrime and Cyber Liability

According to a 2013 Norton Report on Cybercrime and cyber-liability, South Africans rank the third highest in individuals who have fallen victim to unwanted Cybercrimes. Not surprisingly, as the infrastructure has seen a growth spurt over the last decade; with more international investors recognising South Africa’s potential for financial gain. Thus, an increase in exposed-identities and victims annually.

However, the legal definition of Cybercrime is described as any form of illegal scheme or means that incorporates one or more components on the Internet such as chat rooms, emails, message boards, and auctions for financial gain – targeting the end user which is the easiest access point into any organisation. Cybercrime can also be defined as creating spam in the form of viruses, spyware, emails, child pornography, the solicitation of prostitution, and online harassment. Identity theft is another form of hacking that’s most common; allowing hackers to infiltrate client information and steal identities without their knowledge.

Although there are various forms of hacking and many motives behind the act, hacker groups such as Anonymous have made their intentions extremely clear during each cyber-attack; targeting corrupt and unethical organisations and corporations in order to expose what’s hidden.

Although a crime, their intentions have been for the greater good of the nation. On the contrary, other hacker groups have not been so kind, pocketing R2.2bn annually through phishing attacks and internet fraud – according to the South African Banking Risk Information Centre (SABRIC).

These losses have crippled corporations and individuals alike and will continue to do so unless proper measures in the form of increased cyber security and Cyber Liability Insurance are implemented.

The business risks of being uninsured are monumental, taking into consideration that cyber claims are not covered under traditional business insurance policies. They are as follows:

• Financial loss in order to respond to a data breach
• Excessive loss of data and revenue
• Priceless reputational damage
• High industry fines and penalties
• System unavailability and downtime
• Loss of client confidence in your organisation
• Unnecessary litigation from compromised systems
• Unwanted and dangerous ransomware
• Dangerous online/social media exposure

The question remains: why hack corporations in the first place? As it may seem like an easy question to answer, there’s often more to Cybercrimes than meets the eye.

• Information system security/White Hat Hackers
These hackers are classified as the ‘good guys’; penetrating company’s information systems to ensure they’re secure enough to protect against the bad guys. These online security experts specialise in penetration testing to ensure protection for all involved.

• Financial gain/Black Hat Hackers
Another commonly-used term for Black Hat Hackers is ‘crackers’; as they typically ‘crack’ into networks or computers. Their main objective is financial gain – being solely responsible for the R2.2bn loss in online attacks.

• Fame/ Script Kiddies
As the offspring of Black Hat Hackers, Script Kiddies use borrowed programs to attack networks or computers – also in the name of fame. Becoming famous for their work hold more value than any financial gain ever will. Compared to Black Hat Hackers, their fame is more ‘borrowed’ than earned.

• Politics or religion/Hacktivists
The well-known Anonymous hacker group would fall under this particular category; using politics and religion as their main objective for hacking corporations. Their goal is to expose corrupt institutions and correct the wrongdoings for their own entertainment. Most agree with their motives, others have very different views. At the end of the day, they see themselves as the ones who are to be feared by corrupt organisations, and rightfully so.

• Government objectives/State-Sponsored Hackers
Controlling cyberspace is one way to win the war, as governments realise the power of controlling the online realm to benefit their military. Having an unlimited amount of financial resources, these hackers may be the most dangerous of them all – targeting civilians, governments, and large corporations.

• Steal trade secrets/Spy Hackers
Although money is still involved, Spy Hackers are hired by corporations to infiltrate the competition; gaining access to important trade secrets and documentation. Their main mission is to satisfy the client by doing what most aren’t capable of and they take great pride in achieving that goal.

• Disrupt critical infrastructures/Cyber Terrorists
In the case of committing serious human crimes, Cyber Terrorists are one of the most sophisticated and dangerous hackers online; spreading fear and committing murders. Their main goal is to create chaos that’s driven by politics and religion without any remorse for those involved – willingly or by chance.
As a responsible business owner, it’s not only critical to protect important client information, but to ensure your business’ infrastructure is intact at all times. Although implementing tight security measures in the form of identity protection and an anti-virus are a few ways of going about it, there’s always the risk of hackers infiltrating even the most secure systems. In which case you need to consider investing in RBS Insurance Brokers’ Cyber Liability to protect you in times of need. Although different insurers have different terms and conditions the basis of the cover extends to cover:
• First party expenses
When being infiltrated, you’re going to have to do plenty of damage control. This particular benefit includes actual costs to restore, recollect, or replace data, incurred costs from specialists, investigators, forensic auditors, and loss adjusters. As you can imagine, this process can become quite costly and is often the reason for the liquidation of a business. Don’t let this be the reason why you close the doors for good.

• Loss of business income
When your website and organisation experiences downtime, so does your income. It’s critical to keep the business going even during a cyber-attack, thus, our Cyber Liability insurance service protects you against loss of income during those downtimes to ensure your business keeps going while your infrastructure has been crippled by a breach. Getting back up as soon as possible is what’s going to get you through it.

• Notification expenses
Expenses which have incurred due to privacy legislation; including communication expenses via email, call centres, website, and client support. Being there for your clients will costs you money that you may not have at the time, so it’s best to prepare for the worse than not be prepared at all.

• Crisis management expenses
Managing the current crisis will be your top priority in the case of a cyber breach, which is where the Crisis Management Expenses option comes in handy. This includes the highly skilled services of a public relations consultant to guide you in the right direction to success, related advertising options, as well as communication expenses. Successful communication with your clients will assist with any reputational damage that may have occurred.

• Associated regulatory fines and penalties
Of course, there are always fines and penalties involved in such situations. At RBS Insurance Brokers, we’ll never leave you hanging to deal with the consequences on your own. Our Cybercrime insurance services associated with regulatory fines and penalties are put in place to extent insurable by law.

Protecting your reputation is a priceless entity, which, once it’s damaged can never easily be restored. Although large corporations are at risk, smaller businesses are becoming ever more increasing targets; making them easy to infiltrate due to weak online protection and the belief that hackers have nothing to gain by causing a breach. With a staggering 60% of cyber-attacks consisting of small to medium enterprises, it’s no wonder that the middle man suffers the most in these cases.

According to a 2014 NetDiligence Claims Study, 32% of these cyber-attacks were caused by company insiders who have easy access to important documentation and client information – with 59% of ex-employing admitting to stealing important data when leaving their positions within the company. Whether you’re a large corporation, small business, or end-user, we’re all in the position of being hacked at some point in time.

One of the most active Cybercrime activities currently trending is DDoS in the form of extortion; meaning your network or your Bitcoins. According to Arbour Networks’ 11th Worldwide Infrastructure Security Report, “Extortion was the motivation behind 35% of DDoS attacks.” The well-renowned hacker group DD4BC (‘DDoS for Bitcoin’) made themselves known in 2014 and has since attacked countless organisations worldwide; finding a simple formula for extorting money in the form of Bitcoins.

Simply stated, an organisation would receive an email from DD4BC informing them of a prominent attack in exchange for Bitcoins. So, if you want back the possession of sensitive and important data, you need to ensure you have enough Bitcoins in order for the hackers to disappear.

So, before falling victim to another Anonymous group scheme hack, or unwillingly find yourself involved in a distributed denial of service (DDoS) attack such as the recent event on 21 October, when dozens of websites were down due to a massive DDoS attack, you or your organisation may want to take Cybercrime and cyber-liability more seriously.
Contact RBS Insurance Brokers and find out more about our Cyber Liability insurance product, and find out how we can help you during a Cyber Attack.