Monday, 30 November 2020

Consider business cyber risks this #BlackFriday

Written by
Consider business cyber risks this #BlackFriday

South Africans are hoping to save on their shopping this Black Friday as many households navigate a tight economic environment.  The benefit of online shopping has been significantly amplified since the onset of the Covid-19 Pandemic, with more consumers avoiding throngs of people and the Black Friday shopping madness to do their shopping from the comfort and safety of their home.

According to the recent Mimecast State of Email Security 2020 report, 53% of South African organisations reported increased phishing attacks and 46% reported increased incidences of impersonation fraud, while nearly all (94%) cyberattacks leverage email. Following a ransomware attack, a company can experience an average of three days of downtime, which could be catastrophic to any organisation, especially those that rely on an online sales platform.

“It’s usually only after an incident of cybercrime occurs that executive teams take a granular look into IT infrastructure, systems and processes and realise the redundancy of reactive approaches to cyber security.  By conducting proactive and regular scenario testing that is combined with a solid strategy to manage their cybersecurity environment, businesses can avoid panic and reactive decision making to identify and effect remedial action required,” says Zamani Ngidi, Client Manager: Cyber Solutions at Aon South Africa.

It’s impossible to completely eradicate cyber risk or the potential consequential damage to reputation resulting from a cyber incident. The risk is pervasive. But resilience is possible for organisations that contemplate a circular approach, which Aon terms The Cyber Loop.

Any if not all organisations will enter the cyber data ecosystem at any of the four stages set out in the process, namely assessment, quantification, insurance or Incident Response (IR) stages. Once in the Cyber Loop, the organisation becomes an active participant in managing its risk within a greater cyber security ecosystem, engaged in continuous review, improvement and investment in cyber risk management. With each revolution around the Cyber Loop, more data is extracted that strengthens the organisation’s ability to rapidly detect, respond to and recover from a cyber-attack. The ability to make informed decisions gets sharper and the company’s cyber resilience improves.

 

“It is generally advisable for an organisation to commence its risk journey in the cyber loop at an assessment stage, in order to give the leadership and executive teams a clear understanding of the organisation’s pertinent risks and assist decision-making around information security spend.  It will also greatly underpin the structuring of a cyber insurance portfolio that is built for purpose to manage the potential financial, liability, business interruption and reputational implications of a targeted cyberattack,” Zamani explains.

By implementing a proactive risk management approach, organisations increase their cyber risk maturity level.  “It builds an organisation’s ability to retain more of its cyber risk that ultimately translates into insurance premium reductions. The Cyber Loop pushes the fundamental purpose of insurance into a space where it is no longer a grudge purchase but rather an investment decision around a company’s risk profile and its ability to recover and continue business operations as quickly as possible. However, the overall benefit comes to the fore once a cyber breach occurs, as the organisation is prepared, this leads to the ability to speedily and adequately mitigate the effects of any attack inclusive of the resultant business interruption,” says Zamani.

“With a qualified risk advisor versed in the cyber risks facing South African businesses of all sizes, your organisation will be able to take the business through a comprehensive cyber risk assessment that will help quantify the risks your organisation is exposed to, as well as the potential fallout or quantum of such an incident. Having a built-for-purpose cyber insurance regime in place that is supported by an airtight incident response process will go a long way in achieving a cyber resilient operation,” concludes Zamani.