African companies warned over WannaCry attack, as South Africa hit hardest

South Africa is chief among the countries affected by the WannaCry ransomware attack in Africa, with approximately 83 websites infected, followed by Ivory Coast and Nigeria. Egypt, Algeria and Morocco complete the six countries most affected, while only a small number of attacks were located in the rest of the continent. The most attacked sector in the region was healthcare, while in terms of size, large companies were most targeted, according to data compiled by Fortinet, a security company. “The stoppage of the outbreak was rather fortuitous. This ‘flaw’ in the malware has been ‘fixed’ – so we can expect a new and improved attack. ‘Smart’ malware such as this will become the norm and organisations must do all they can to protect themselves,” said Danny Myburgh, managing director of Cyanre, Allianz Global Corporate & Specialty’s (AGCS) Africa IT partner for cyber insurance. The incident again highlighted how vulnerable companies are to cyber risks – be it a technical glitch, a human error or a cyber attack – and the business interruption that usually follows, warned Allianz. Reuters has already reported that the total cost of resuming operations could run into billions of dollars for companies. As such attacks become more frequent, companies are becoming aware of the need to protect themselves – not just from such attacks but also from the losses that they could bring. This is why the cyber insurance market promises to be the next blockbuster in the insurance space, according to Hartmut Mai, chief underwriting officer for corporate lines at AGCS. While cyber insurance is already a mature market in the US with an estimated premium volume of $3bn, it is still an emerging segment in Africa. “Cyber incidents ranked as a top risk in South Africa for the second year in a row and fifth in Africa in this year’s Allianz Risk Barometer. Clearly, businesses are concerned about the proliferation and impact of cyber incidents,” said Nobuhle Nkosi, AGCS Africa head of financial lines. “Legislative developments in African countries and the African Union on Cyber Security, and personal data protection and increasing levels of liability, will see growth accelerate on the continent,” she added. Technology is a double-edged sword. On the one hand, it makes processes easier and less time consuming; on the other, it opens companies up to new risks. “The more the industry integrates supply chains and processes, and digitalises production into ‘smart factories’, the more vulnerable the long-established industrial companies become as well. For them, the risk of business interruption tends to be paramount,” said Mr Mai. The threat does not always come from hackers. Many times, it is just a technical failure or an employee deliberately or accidentally introducing viruses or paralysing computer systems. When a crisis unfolds, compensation for financial loss is important, but the support services that often accompany cyber insurance are invaluable. Computer forensics, data and systems recovery as well as professional crisis communication can help a policyholder get back on its feet quickly. “Assistance services, which we provide ourselves or through our partners, are therefore becoming increasingly important,” said Mr Mai. Of course, developing solutions for new risks come with challenges. Given that cyber crime is a relatively new threat, the insurance industry needs to tread with caution in developing such products, according to AGCS. “We lack historical claims data because it involves an insurance product that is still relatively new in our portfolio. Also, companies shun publicity when they have been victims of a hacking attack because they are worried about their reputation,” Mr Mai explained. For insurers, the portfolio management of cyber risks is also challenging and the accumulation risks are enormous. Through the digital networking of companies and supply chains, an incident at an individual company can quickly spread like wildfire, immobilising entire industries. “At the moment, the accumulation risk is still manageable because not many companies in Europe, Asia and Africa have cyber insurance yet,” Mr Mai pointed out. However, just like directors and officers liability coverage, cyber insurance is expected to become the standard for companies over the medium term. “Cyber insurance will be a blockbuster – and we must prepare ourselves for it. When the much stricter data protection regulations take effect in Europe in 2018, not just big corporations but also mid-market and smaller companies will want to buy cyber coverage,” Mr Mai said. According to Mr Mai, insurers have to consider evaluating the technical standards and the information technology maturity of a company differently. “Individual risk dialogues and detailed IT and process audits that we usually do for large companies would be too complex for smaller and mid-sized companies,” he said. “Going forward, we aim to increase our automated cyber risk analytic capability by cooperating with data analytics companies. They use IP address-based screening, linguistic algorithms and other comparable methods to evaluate the level of IT security of a company. Such cyber resilience ratings could especially help us in offering cyber coverage to small and medium-sized businesses and retail clients through digital distribution platforms,” Mr Mai added.

African companies warned over WannaCry attack, as South Africa hit hardest

Want to read this article?

Read Next

Munich Re reorganises P&C underwriting in Asia Pacific, Middle East & Africa

Claims likely to increase as vessels remain stranded in Baltimore

Climate change to cause ‘massive economic damage’

Two-paced upstream energy market falls in favour of buyers

Energy insurer Paratus launches brokerage division

Munich Re reorganises P&C underwriting in Asia Pacific, Middle East & Africa

Claims likely to increase as vessels remain stranded in Baltimore

Climate change to cause ‘massive economic damage’

Two-paced upstream energy market falls in favour of buyers

Energy insurer Paratus launches brokerage division

Want to read this article?

Read Next

Munich Re reorganises P&C underwriting in Asia Pacific, Middle East & Africa

Claims likely to increase as vessels remain stranded in Baltimore

Climate change to cause ‘massive economic damage’

Two-paced upstream energy market falls in favour of buyers

Energy insurer Paratus launches brokerage division

Related Articles