Popi a tipping point for cyber insurance
• This a key growth area for short-term insurers in future
As more businesses digitalise operations to remain competitive in the information age, safeguarding against data breaches becomes a strategic imperative, and it will soon be a legal requirement.
While many organisations in SA are already bolstering their IT security to protect their data and systems from hackers or cyber attacks, no solution offers guaranteed protection. Yet few have adequate insurance cover protect the organisation in the event of a breach.
Cyber insurance is required to mitigate liability for risks associated with the digital environment. In general, policies cover liability for breaches of personal or company information and cover related expenses such as operational risk, loss of income, restoration costs, ransomware payments, credit monitoring, regulator claims, fines and penalties, legal fees, and public reputation management.
“Business executives comprehend the need for adequate IT security, but there is general lack of understanding by many organisations that hold personal information about their liability should a breach occur,” explains Catherine Berry, divisional director at Camargue Underwriting Managers.
“Despite the risks and an increase in queries, the adoption of cyber liability insurance remains low in SA. But, we believe once the commencement date for the Protection of Personal Information (Popi) Act, 2013 is proclaimed, adoption will accelerate.”
Once confirmed, compliance will be required one year from the commencement date. This will impact any organisation that collects, holds or processes personal information and will require that proper security and measures are in place to safeguard against the loss, damage, destruction and unauthorised or unlawful accessing, sharing or processing of that information. The consequences of noncompliance will be hefty, with fines of up to R10m and possible imprisonment of up to 10 years for a Popi infraction.
While cyber insurance is important, irrespective of Popi, the implications of compromised data under the act will make cyber liability insurance a key growth area for short-term insurers in future, believes John Nienaber, executive for speciality business at Old Mutual Insurance.
“The digital environment offers opportunities for insurers to create products that address these new risks, but a deep knowledge about cyber threats is needed to do so. While a number of specialist providers understand this space, it’s questionable whether the industry has a comprehensive understanding of the risks. Without the requisite intellectual property needed to understand the cyber space, simply copying policy wording to take advantage of this growth opportunity would be a disservice to an insurer’s clients.”
It would also compromise insurers, because those that don’t develop comprehensive cyber products are more likely to experience losses, he adds. “This creates the potential for industry price movements and withdrawals, all because of a lack of understanding about the dynamics at play. This would be detrimental to the industry.”
But, there are specialised providers already able to meet the expectant rise in demand with products that can futureproof a business’s cyber liability requirements, says Berry.
“These solutions have been tried and tested in mature global markets. We’re seeing innovation in this space, with comprehensive solutions available that cover damage to property caused by cyber attacks.”