Cybercrime set to become the biggest risk to corporate stability

By Belhassen Tonat, Head of Non-Life Munich Re of Africa


The most common theft in the 21st century is no longer cash in transit, diamonds, rhino horn or luxury vehicles. It’s data. Corporate data containing vital strategy plans and business secrets; personal data that lets hackers access your bank accounts; information tracking your movements; or data that hackers can encrypt and hold to ransom.

Cybercrime has become a prolific threat in this information-driven world, and so far, criminals hold the upper hand.

The need to protect corporate data and the personal data of customers has rightly escalated to top of mind for CEOs, no longer dismissed as an issue for only the chief information officer to worry about.

The threat is not only the theft of data: businesses are now utterly dependent on their IT systems, and an attack that shuts them down even momentarily can create global havoc and billions of dollars of losses. The financial and reputational fallout can kill a company completely.

Yet the scale of data theft is too big and the threats too diverse for any company to handle in isolation, and the financial and reputational damage caused by cybercrime has fuelled a niche in the insurance industry to protect this nebulous but vital asset. Again, however, the scale of the risk puts data insurance well beyond the capacity of a single insurance entity, making global reinsurers such as Munich Re essential. 

Insurance against cyber risks has become a key business focus for Munich Re, which has built up considerable resources for underwriting and assessing claim payments. Munich Re uses data itself, in the form of analytics and artificial intelligence, to manage these risks effectively, enabling us to insure previously uninsurable risks such as data breaches.

As the world’s leading reinsurer of cyber risks we offer cover with high limits for industrial clients, and employ cyber experts whose expertise can be made available to the market. 

Staggering Statistics

The scale of cybercrime damage is already staggering, hitting $450 billion in 2016 and predicted to top $6 trillion annually by 2021. That is despite companies spending $120 billion on cyber-security in 2017, a 35-fold increase in 13 years. More than 2.8 billion data records were breached in 2017, and damage caused by ransomware topped $5 billion.

In 2015, a Canadian biscuit factory ground to a halt after hackers took control of the factory’s IT network. Production stopped, the biscuit mixture solidified in the piping tubes, and the pipes had to be disconnected and replaced, causing severe business interruption. The protection of industrial control systems must be improved urgently, because next time the target may be a medicine factory or a city’s drinking water supply.

In 2017, a ransomware attack affected 200,000 computers in more than 150 countries. The malicious software sent the hijacked businesses a ransom note demanding payment to restore their systems. Ransomware attacks are one of the fastest-growing trends in cybercrime, multiplying at an alarming rate.

In 2014, the hacker group APT28 (Advanced Persistent Threat 28) infiltrated the defence ministries of Bulgaria, Poland, Hungary, Albania and Denmark, and in 2015, it infiltrated the IT systems of the German government and stole classified data. The group’s latest action was in 2017, when the campaign headquarters of French presidential candidate Emmanuel Macron were hacked. 

In the past few years, healthcare data has become the most valuable asset for hackers. Yet healthcare institutions remain poorly protected despite holding sensitive patient data. In 2016, 28 German hospitals were attacked by malicious software that encrypted all data. The attack was accompanied by a blackmail attempt, and hospitals had to shut down their IT networks to eradicate the viruses, threatening the lives of their patients.
Every day, companies are generating vast amounts of data as the raw material that influences vital business decisions. The loss or theft of that information is crippling, although for many companies, it still seems an inconceivable threat. But data attacks have become so prolific and the perpetrators so sophisticated that everyone is a potential victim.

Trusted Advisor

As a cyber insurer, Munich Re acts as a Trusted Advisor during an incident such as a hack or ransomware attack. Our cyber experts can give guidance to help avoid a breach, or step in post-breach to minimise the damage and recover from the damage. As a global insurer we have accumulated a vast experience in dealing with cybercrimes, and can guide clients through the appropriate responses and bring together the necessary legal, communications and security teams to respond.

Munich Re’s cyber solutions include, among others, insurance cover for data security breaches, cover for cyber ransom payments, business interruption cover and forensics cost cover. Depending on a client’s individual risk profile, we can add innovative concepts such as coverage for reputational damage, protection for personal and material damage, and contract penalties if triggered by a cyber event. In short, Munich Re can individually customise a risk protection package.

A solid cyber policy must incorporate more than just financial cover, because a data breach will affect the rights of third parties such as clients and business partners. 

Munich Re has therefore devised a toolkit that offers services including the development of terms and conditions; assistance in the design of coverage components; market studies and legal environment analyses; consultation on the sales concept; technical risk assessment; the development of customer-specific risk surveys; statistical and mathematical advice; pricing approaches; staff training; provision of services in the event of damage; and a customisable cyber App for policyholders.

As data piracy rises, governments are demanding stricter controls. The European Union has come out with the General Data Protection Regulation (GDPR), a comprehensive piece of personal data legislation. It significantly enhances the rights of people whose data is being held, increases the obligations of data controllers and processors, and imposes substantial sanctions in case of infringements.

Companies around the world, be they in Africa, Asia, America or anywhere else, are affected by the GDPR legislation if they process data belonging to EU citizens. The law demands notification of all personal data breaches, and infringements can be punished by fines of up to 20m EUR or up to 4% of the company’s worldwide annual turnover. That fine alone – let alone the financial and reputational damage caused by a breach – highlights the enormous scale of protection that companies require to safeguard themselves in this digitally connected world. 

comments powered by Disqus

This edition

Issue 414


Leadership_Mag JJ's View - The rise and fall of leadership in the 26 years of democracy. #JJsview #leadership #may2020 Read on pag… 11 days - reply - retweet - favorite

Leadership_Mag Leadership May 2020 Cover Story - The future of South Africa post the Global Pandemic. Read it in our new interacti… 11 days - reply - retweet - favorite

Leadership_Mag The interactive version of the May 2020 #Leadership magazine is available now. 15 days - reply - retweet - favorite