Businesses need protection from cyber-attacks


ZIMBABWEAN businesses are facing multiple cyber-attacks due to cash crisis and heightened use of digital and mobile banking platforms, Allianz Cyber Insurance expert, Nobuhle Nkosi, has said.


Presenting at the Insurance Institute of Zimbabwe annual conference in Victoria Falls last week, Nkosi said the October 2017 real time analysis of cyber threats indicated that businesses in the country were open to over 10 different types of infections — a testimony of monumental cyber risk.

“With the cash crisis that Zimbabwe is grappling with, there has been a heightened use of digital and mobile banking platforms. This increasing interconnectivity of everyday devices and growing reliance on technology and real-time data at consumer and business levels is convenient but also increases risks for businesses,” Nkosi said.

“Cyber risks are not only limited to purchasing and transacting. Larger corporations that use technologically advanced machines are also susceptible to business interruptions, as an attack on Industrial Control Systems can lead to monetary losses from production downtime. This amplifies the need for businesses to ensure they are adequately protected against cyber-attacks.”

She said cyber-crime, information technology failure, data breaches and unauthorised access to business network systems were on the rise and no business was immune to cyber-attacks.

Nkosi said cyber incidents were expected to grow by 30% of the global business risks because they were still a widely unknown risk.
“In addition to this, stern regulatory controls in data protection could translate to onerous risks for businesses — from statutory fines, loss of critical data, reputational damage and business interruptions,” she said.

“Globally, a data breach costs $4 million on average. There is a trend towards tougher data protection regimes, backed with the threat of significant fines in the event of a breach.”

She said in the event of a cyber-security incident, a business could mitigate its losses through the availability of a speedy response.

Insurance can be part of the solution, she said.

However, a comprehensive risk management approach should be the foundation for cyber defence, Nkosi said.

She said having cyber insurance does not mean that a company could ignore its IT security. The technological, operational and insurance aspects of risk management go hand in hand.

Nkosi said while purchasing cyber insurance does not guarantee a zero IT risk, it was one of many proactive acts that give business owners a corporate advantage and the ability to enjoy comprehensive protection against cyber-crime and other cyber-related incidents be they internal or external, malicious or accidental.

Overall, a “think-tank” approach to tackling risk is required, she said.

She said different stakeholders from across business should collaborate to share their knowledge. In this way, different perspectives could be challenged and alternative scenarios considered. In addition, cross-company involvement is essential to identify key assets at risk and, most importantly, to develop and test the robustness of a company’s crisis response plan, she said.