Cyber and computer crime are among the leading risks facing businesses globally, with smaller businesses being particularly vulnerable. In Kenya alone, cybercrime costs the economy up to KES 20 Billion annually.

When cybercriminals infiltrate a network, hold data hostage, or acquire sensitive data, the company they steal from can be exposed to huge losses. It takes just one successful cyber-attack to cause significant financial and reputational damage to your business. It is therefore imperative for businesses to put cyber security on their agenda by not letting their core online systems to be compromised. Secondly by safeguarding their digital assets and the private information of their clients and employees with the right insurance. There are two types of insurance available and it is important to understand the difference between cyber and crime insurance policies.

CRIME VS CYBER COVERAGE

As cyber insurance becomes the norm for many companies, there is growing confusion concerning the differences between crime and cyber coverages. In Short: Crime policies cover the direct loss of your funds, whether through maleficence, employee dishonesty or social engineering whereas cyber policies cover economic damages arising through a failure of network security or privacy controls which may cause indirect losses. Even as cyber criminals and their tactics become more complex, majority of cyber and cyber-crime attacks are executed via social engineering

Employees remain the greatest area of concern, whether via wilful acts or negligence. About 90% of all cyber-attacks arise specifically from employees who are the target of social engineering scam.

EXAMPLES OF CLAIMS

Crime

An unknown party impersonates the insured’s bank, contacts the insured’s fund transfer administrator, and convinces them to activate a computer link back to the fraudulent bank. This then allows the impersonator to contact the insured’s real bank, pretend to be the insured, and does wire transfers that ultimately end up in a foreign bank resulting in loss of KES 3,000,000

Cyber

Several employees of a hospitality company discover when filing taxes that their taxes had already been filed. The company engages a forensic expert for technical analysis. The investigation determines a HR executive inadvertently downloaded malware that extracted information impacting over 10,000 past and present employees. The company provides written notification to all effected parties and engages a PR firm to assist with talking points and management of social media.

 MAKING A BUSINESS CASE FOR CYBER INSURANCE

Any organization that stores and maintains customer information or collects online payment information, or uses the cloud, should consider adding cyber insurance to its budget. Also consider the proliferation of devices that now connect to business networks – there are simply more opportunities for malicious folks to access an organization’s assets. Cyber Insurance therefore provides an important fall-back plan for the business.

Regarding costs, cyber insurance coverage and premiums are based on an organization’s industry, type of services provided, data risks and exposures, security posture, policies and annual gross revenue.

 GETTING STARTED

A good first step is to create a cyber-risk profile for your company, and to create a list of expenses you want to have covered in the event of an incident. Then, you can determine an estimate for third-party costs. We have the expertise to assist you assess the full spectrum of your cyber risks and develop an insurance program to address them in a cost-effective manner. Contact our office on (020)2400035 or write an email to insure@assurein.co.ke for more details.