In today’s competitive landscape, businesses of varying sizes and sectors invest significant resources toward information technologies and systems to gain a competitive edge. They recognise the operational efficiencies and benefits that Information Systems bring.
The ubiquity of information technology systems
The great world wide web (www), aka the Internet, and emerging technologies such as cloud computing, machine learning and Artificial Intelligence are indispensable in any modern business establishment. Since the 90s we’ve seen a trend of fast-paced technology adoption, which will likely continue unabated given its universality and constant evolution.
However, this trend is also true for governments and individuals. Regardless of their nature, institutions worldwide rely heavily on information systems and initiatives aimed at digitalisation, process automation and computerisation. These are processes that are currently strategic priorities for most organisations. In fact, some businesses rely solely on data as their primary asset and stock in trade. The dependence on information technologies is so deep that any disruption to information systems and any illegal exposures, corruption or destruction of data stored in these systems spells doom, resulting in substantial financial and reputational damage.
Cyber Risk Endangers Business Processes
Unfortunately, with most pros come their cons, so with the positives of the technological trend come challenges such as Cyber Risk. Cyber risk generally refers to the inability of a business to perform critical business processes, and the losses a company may experience due to information technology failure or data breaches. Besides financial and reputational damages, cyber risks could endanger customers and staff – and expose organisations to regulatory fines and legal fees. The preponderance of malware, such as ransomware, viruses, trojan horses, spyware etc. – backed by a global network of motivated cyber criminals – continues to push the boundaries of cyber risk.
Despite their cybersecurity investments, institutions are vulnerable to cyber threats and risks that can materialise anytime, leading to cybersecurity incidents. Given the above, it is crucial for companies, regardless of size, to think about transferring their cyber risks to capable and qualified insurance companies to reduce their burden in the event of an attack or breach. Insurance as a risk management tool provides a holistic approach to mitigating cyber risks.
Cyber Security Insurance to the Rescue
Although relatively new to the Ghanaian insurance industry, Cyber Insurance or Cyber Security Insurance is steadily assuming prominence as a priority due to the widespread use of information systems in business processes, which increases the risk of cyber-attacks. Cyber Insurance generally covers an insured organisation’s liability for damages arising from a cybersecurity attack or breach of sensitive and confidential information such as Personal Identifiable Information (PII) and health records.
What is insured under a cyber insurance policy differs among insurers depending on the type of scope; First-Party Cyber coverage indemnifies direct losses an organisation incurs following a cyber security breach, while Third-Party Cyber coverage takes care of liabilities the organisation incurs from vendors, partners, customers and other parties who are affected by the cybersecurity breach. Typically, cyber insurance policies from reputable companies like Hollard Insurance secure the following costs depending on the insurer’s offer and the type of scope.
- Cost of restoring damaged information systems
- Cost of restoring or recovering compromised data
- Cost of public relations, communications and notifications required to manage stakeholders in the event of an attack
- Cost of legitimate 3rd party liabilities arising from a cybersecurity incident and legal fees
- Cost of forensic investigations and expenses incurred to mitigate the extortion threat
- Income losses due to an interruption in your business arising from the cybersecurity incident
Stay tuned for the second part of this column, which will further expand on the topic.
He holds a CISA, CGEIT, CSRISC, ITIL4, and is the Group Head of IT at Hollard Insurance
